Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by marek (administrator) on MALY on 23-07-2015 00:14:53 Running from C:\Users\marek\Downloads Loaded Profiles: marek (Available Profiles: marek & Administrator) Platform: Windows 8 (X64) OS Language: Polski (Polska) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcmgr.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [65152 2012-08-07] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3963615497-4212273936-1433084501-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-27] (Electronic Arts) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQALL13/78 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQALL13/78 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQALL13/78 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQALL13/78 HKU\S-1-5-21-3963615497-4212273936-1433084501-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQALL13/78 HKU\S-1-5-21-3963615497-4212273936-1433084501-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQALL13/78 URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.137.1 Tcpip\..\Interfaces\{4365B304-D255-4F92-9E2D-E9C98D4559E4}: [NameServer] 89.108.195.21 89.108.202.21 Tcpip\..\Interfaces\{6B8636AD-F101-4232-BA98-7A8BA2B52474}: [DhcpNameServer] 192.168.56.4 192.168.56.2 Tcpip\..\Interfaces\{854E02A1-24B2-494F-BA2E-3F1D1187BE2F}: [DhcpNameServer] 192.168.137.1 FireFox: ======== FF ProfilePath: C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\802cy2mi.default FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-02-08] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.) FF Extension: AdBlock for Firefox - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\802cy2mi.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-03-01] FF Extension: AVG SafeGuard by Ask - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\802cy2mi.default\Extensions\toolbar_AVGSP2-SG@apn.ask.com.xpi [2015-06-11] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-06-02] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-07-23] Chrome: ======= CHR Profile: C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-10] CHR Extension: (Google Drive) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-10] CHR Extension: (Norton Security Toolbar) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-10] CHR Extension: (YouTube) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-10] CHR Extension: (Google Search) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-10] CHR Extension: (Norton Identity Safe) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-17] CHR Extension: (jnnkijcihjiopdcfliikldphgdjadekf) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf [2015-04-15] CHR Extension: (Google Wallet) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-10] CHR Extension: (Gmail) - C:\Users\marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-10] CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-14] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-14] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-07] (Qualcomm Atheros Commnucations) [File not signed] R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2015-01-15] () [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-22] (Electronic Arts) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2014-05-31] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-07] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [295400 2015-06-15] (AVG Technologies CZ, s.r.o.) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-07] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [223744 2014-05-31] (Huawei Technologies Co., Ltd.) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-05-30] (Symantec Corporation) S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-07] (Atheros) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140727.002\ENG64.SYS [126040 2014-05-31] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140727.002\EX64.SYS [2099288 2014-05-31] (Symantec Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-29] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-06-04] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-23 00:14 - 2015-07-23 00:16 - 00018534 _____ C:\Users\marek\Downloads\FRST.txt 2015-07-23 00:12 - 2015-07-23 00:12 - 00000000 ___RD C:\Users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-07-22 23:59 - 2015-07-22 23:59 - 00003106 _____ C:\Windows\System32\Tasks\{330BA777-56C3-42C8-8D2A-F07768346E41} 2015-07-22 23:27 - 2015-07-23 00:15 - 00000000 ____D C:\FRST 2015-07-22 23:27 - 2015-07-22 23:27 - 02135552 _____ (Farbar) C:\Users\marek\Downloads\FRST64.exe 2015-07-22 23:02 - 2015-07-23 00:09 - 00000000 ____D C:\AdwCleaner 2015-07-22 23:01 - 2015-07-22 23:01 - 02248704 _____ C:\Users\marek\Downloads\adwcleaner_4.208.exe 2015-07-17 16:18 - 2015-07-23 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-16 23:37 - 2015-07-16 23:37 - 00000000 ____D C:\Users\marek\AppData\Roaming\AVG2015 2015-07-16 23:36 - 2015-07-16 23:36 - 00000955 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-07-16 23:36 - 2015-07-16 23:36 - 00000000 ____D C:\Users\marek\AppData\Roaming\TuneUp Software 2015-07-16 23:36 - 2015-07-16 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-07-16 23:35 - 2015-07-16 23:36 - 00000000 ____D C:\ProgramData\AVG2015 2015-07-16 23:35 - 2015-07-16 23:35 - 00000000 ___HD C:\$AVG 2015-07-16 23:35 - 2015-07-16 23:35 - 00000000 ____D C:\Program Files (x86)\AVG 2015-07-16 23:30 - 2015-07-22 23:02 - 00000000 ____D C:\ProgramData\MFAData 2015-07-16 23:30 - 2015-07-17 12:16 - 00000000 ____D C:\Users\marek\AppData\Local\Avg2015 2015-07-16 23:30 - 2015-07-16 23:30 - 05017672 _____ (AVG Technologies) C:\Users\marek\Downloads\avg_free_stb_all_2015_ltst_639.exe 2015-07-16 23:30 - 2015-07-16 23:30 - 00000000 ____D C:\Users\marek\AppData\Local\MFAData 2015-06-30 09:22 - 2015-06-30 09:22 - 00772016 _____ (Reimage®) C:\Users\marek\Downloads\ReimageRepair.exe 2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2015-06-22 21:38 - 2015-06-22 21:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-06-22 21:38 - 2015-06-22 21:38 - 00000000 ____D C:\Users\marek\AppData\Local\Windows Live 2015-06-22 21:38 - 2015-06-22 21:38 - 00000000 ____D C:\Users\marek\AppData\Local\{CDDC68B8-0D26-4A74-819F-ACD75A6865AC} 2015-06-22 21:38 - 2015-06-22 21:38 - 00000000 ____D C:\Users\marek\AppData\Local\{CA315FA3-CF10-4B0C-8257-BA747D6C7B27} 2015-06-22 21:31 - 2015-06-22 21:44 - 00000000 ____D C:\Users\marek\Desktop\silniki 2015-06-19 17:00 - 2015-06-23 01:00 - 00000000 ____D C:\Users\marek\Desktop\graty z piwnicy 2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2015-06-15 23:58 - 2015-06-15 23:58 - 00295400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgwfpa.sys 2015-06-14 10:58 - 2015-07-16 23:36 - 00000000 ____D C:\Program Files\Common Files\AV 2015-06-10 16:38 - 2015-06-10 16:38 - 00226784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2015-06-09 21:09 - 2015-04-29 15:53 - 00098304 _____ C:\Users\marek\J3C11239C85243.scr 2015-06-09 16:48 - 2015-06-09 21:18 - 00000000 ____D C:\Users\marek\Desktop\Nowy folder 2015-06-09 00:46 - 2015-06-09 00:46 - 00000000 ____D C:\Users\marek\Documents\Fax 2015-05-12 14:36 - 2015-05-12 14:36 - 00253408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2015-05-07 13:50 - 2015-05-07 13:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2015-04-24 12:33 - 2015-04-24 12:33 - 00285640 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-23 00:13 - 2014-12-27 19:49 - 00000000 ____D C:\Program Files (x86)\Origin 2015-07-23 00:13 - 2014-05-31 18:20 - 01063311 _____ C:\Windows\WindowsUpdate.log 2015-07-23 00:12 - 2014-06-10 19:11 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-23 00:12 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-23 00:05 - 2012-08-04 00:23 - 00049084 _____ C:\Windows\PFRO.log 2015-07-23 00:02 - 2014-06-10 19:17 - 00000000 ____D C:\Users\marek\AppData\Local\CrashDumps 2015-07-23 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru 2015-07-22 23:51 - 2014-06-02 23:12 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-22 23:26 - 2014-06-10 19:11 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-22 23:14 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp 2015-07-22 23:04 - 2012-08-20 22:04 - 00827626 _____ C:\Windows\system32\perfh015.dat 2015-07-22 23:04 - 2012-08-20 22:04 - 00176034 _____ C:\Windows\system32\perfc015.dat 2015-07-22 23:04 - 2012-07-26 09:28 - 01936290 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-19 23:39 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-07-19 23:36 - 2014-05-31 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-17 14:20 - 2014-06-10 19:18 - 00002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-17 12:21 - 2014-06-10 19:11 - 00004038 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-17 12:21 - 2014-06-10 19:11 - 00003802 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-16 23:36 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-07-16 23:23 - 2015-04-15 11:52 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-07-14 22:55 - 2014-06-02 23:12 - 00003818 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-11 15:41 - 2015-01-16 18:03 - 00000000 ____D C:\ProgramData\OnlineUpdate Some files in TEMP: ==================== C:\Users\marek\AppData\Local\Temp\Quarantine.exe C:\Users\marek\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {6e024ce8-2047-11e2-be6f-806e6f6e6963} {333f199c-209b-11e2-acae-9a1851fc7d44} {333f199d-209b-11e2-acae-9a1851fc7d44} timeout 0 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale pl-PL inherit {globalsettings} default {current} resumeobject {333f19a2-209b-11e2-acae-9a1851fc7d44} displayorder {current} bootsequence {2324e41c-e931-11e3-b271-eb5aef0486ce} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {333f199c-209b-11e2-acae-9a1851fc7d44} description USB Drive (UEFI) Firmware Application (101fffff) ------------------------------- identifier {333f199d-209b-11e2-acae-9a1851fc7d44} description Internal CD/DVD ROM Drive (UEFI) Firmware Application (101fffff) ------------------------------- identifier {6e024ce8-2047-11e2-be6f-806e6f6e6963} description Internal Hard Disk or Solid State Disk Firmware Application (101fffff) ------------------------------- identifier {6f5ad4c1-e8dd-11e3-be72-806e6f6e6963} description Internal Hard Disk or Solid State Disk Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.efi description Windows 8 locale pl-PL inherit {bootloadersettings} recoverysequence {c4946f09-e8dd-11e3-be72-20689dc5c3df} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {333f19a2-209b-11e2-acae-9a1851fc7d44} nx OptIn bootmenupolicy Standard Windows Boot Loader ------------------- identifier {c4946f09-e8dd-11e3-be72-20689dc5c3df} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{c4946f0a-e8dd-11e3-be72-20689dc5c3df} path \windows\system32\winload.efi description Windows Recovery Environment locale pl-PL inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{c4946f0a-e8dd-11e3-be72-20689dc5c3df} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {333f19a2-209b-11e2-acae-9a1851fc7d44} device partition=C: path \Windows\system32\winresume.efi description Windows Resume Application locale pl-PL inherit {resumeloadersettings} recoverysequence {c4946f09-e8dd-11e3-be72-20689dc5c3df} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale pl-PL inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {c4946f0a-e8dd-11e3-be72-20689dc5c3df} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2015-07-16 08:40 ==================== End of log ============================