Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014 Ran by Adrian (administrator) on TESLA on 30-09-2014 23:55:19 Running from C:\Users\Adrian\Downloads\FRST Loaded Profile: Adrian (Available profiles: Adrian) Platform: Windows 8.1 Pro (X64) OS Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/?gfe_rd=cr&ei=97cqVMeuJo-LOrm2gMAN&gws_rd=ssl SearchScopes: HKCU - DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 SearchScopes: HKCU - {7C281982-291D-4C0A-9AA5-FC50B0AF9B15} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKCU - {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 FireFox: ======== FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\x6ncbx43.default Chrome: ======= CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-18] (Microsoft Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2013-08-22] (Microsoft Corporation) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed] S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63al.sys [5170176 2013-07-01] (Broadcom Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 23:49 - 2014-09-30 23:55 - 00000000 ____D () C:\Users\Adrian\Downloads\FRST 2014-09-30 23:36 - 2014-09-30 14:03 - 00000000 ___DC () C:\WINDOWS\Panther 2014-09-30 23:35 - 2014-09-30 23:35 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2014-09-30 23:35 - 2014-09-30 23:35 - 00000000 ____D () C:\Windows.old 2014-09-30 20:33 - 2014-09-30 20:33 - 00602112 _____ (OldTimer Tools) C:\Users\Adrian\Downloads\OTL.scr 2014-09-30 20:32 - 2014-09-30 20:32 - 00602112 _____ (OldTimer Tools) C:\Users\Adrian\Downloads\OTL.com 2014-09-30 20:31 - 2014-09-30 20:31 - 00602112 _____ (OldTimer Tools) C:\Users\Adrian\Downloads\OTL.exe 2014-09-30 20:26 - 2014-09-30 20:26 - 00001757 _____ () C:\Users\Adrian\Downloads\GMER.txt 2014-09-30 18:46 - 2014-09-30 18:46 - 00368705 _____ () C:\Users\Adrian\Downloads\gm.zip 2014-09-30 18:44 - 2014-09-30 18:44 - 00380416 _____ () C:\Users\Adrian\Downloads\zlbhm61t.exe 2014-09-30 18:37 - 2014-09-30 18:37 - 00020325 _____ () C:\Users\Adrian\Downloads\Shortcut.txt 2014-09-30 18:36 - 2014-09-30 18:37 - 00019722 _____ () C:\Users\Adrian\Downloads\Addition.txt 2014-09-30 18:35 - 2014-09-30 18:37 - 00017717 _____ () C:\Users\Adrian\Downloads\FRST.txt 2014-09-30 18:33 - 2014-09-30 23:55 - 00000000 ____D () C:\FRST 2014-09-30 17:24 - 2014-09-30 17:24 - 00000000 ____D () C:\ProgramData\Mozilla 2014-09-30 17:22 - 2014-09-30 17:22 - 00244304 _____ () C:\Users\Adrian\Downloads\Firefox Setup Stub 32.0.3.exe 2014-09-30 17:01 - 2014-09-30 17:36 - 00002434 _____ () C:\Users\Adrian\Desktop\Google Chrome.lnk 2014-09-30 16:51 - 2014-09-30 16:51 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-30 16:13 - 2014-09-30 16:18 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-30 14:02 - 2014-09-30 14:02 - 00001448 _____ () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-30 14:02 - 2014-09-30 14:02 - 00000020 ___SH () C:\Users\Adrian\ntuser.ini 2014-09-30 13:49 - 2014-09-30 20:30 - 00279018 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-30 13:48 - 2014-09-30 13:48 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat 2014-09-30 13:43 - 2014-09-30 13:43 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-09-30 13:41 - 2014-09-30 13:41 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2014-09-30 13:40 - 2014-09-30 14:02 - 00000000 ____D () C:\Users\Adrian 2014-09-30 13:40 - 2014-09-30 13:49 - 00022863 _____ () C:\WINDOWS\diagwrn.xml 2014-09-30 13:40 - 2014-09-30 13:49 - 00022863 _____ () C:\WINDOWS\diagerr.xml 2014-09-30 13:40 - 2014-07-10 23:28 - 00000000 ___RD () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-09-30 13:40 - 2014-03-18 12:35 - 00000000 ___RD () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-09-30 13:40 - 2014-03-18 12:15 - 00000369 _____ () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-09-30 13:40 - 2014-03-18 12:15 - 00000369 _____ () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-09-30 13:40 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-30 13:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-30 13:37 - 2014-09-30 13:37 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2014-09-30 13:21 - 2014-09-30 13:49 - 00006607 _____ () C:\WINDOWS\comsetup.log 2014-09-30 13:06 - 2014-09-30 13:20 - 00000000 ___HD () C:\$WINDOWS.~BT 2014-09-30 12:30 - 2014-09-30 23:11 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\vlc 2014-09-30 12:30 - 2014-09-30 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-09-30 12:30 - 2014-09-30 12:30 - 00000507 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-09-30 02:11 - 2014-09-30 02:11 - 00000903 _____ () C:\Users\Adrian\Desktop\µTorrent.lnk 2014-09-30 02:11 - 2014-09-30 02:11 - 00000883 _____ () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-09-30 02:10 - 2014-09-30 10:20 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\uTorrent 2014-09-30 01:26 - 2014-09-30 16:51 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Google 2014-09-30 01:25 - 2014-09-30 17:03 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Mozilla 2014-09-30 01:25 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Mozilla 2014-09-30 01:24 - 2014-09-30 01:24 - 00000017 _____ () C:\Users\Adrian\AppData\Local\resmon.resmoncfg 2014-09-30 00:00 - 2014-09-30 15:38 - 00770504 _____ () C:\WINDOWS\system32\perfh015.dat 2014-09-30 00:00 - 2014-09-30 15:38 - 00155698 _____ () C:\WINDOWS\system32\perfc015.dat 2014-09-30 00:00 - 2014-09-30 15:36 - 00342912 _____ () C:\WINDOWS\system32\perfi015.dat 2014-09-30 00:00 - 2014-09-30 15:36 - 00041236 _____ () C:\WINDOWS\system32\perfd015.dat 2014-09-29 23:59 - 2014-09-30 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\pl 2014-09-29 23:58 - 2014-09-30 15:36 - 00000000 ____D () C:\WINDOWS\system32\pl 2014-09-29 23:09 - 2014-09-29 23:09 - 00000000 __SHD () C:\Users\Adrian\AppData\Local\EmieUserList 2014-09-29 23:09 - 2014-09-29 23:09 - 00000000 __SHD () C:\Users\Adrian\AppData\Local\EmieSiteList 2014-09-29 22:28 - 2014-09-30 18:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-721118335-2541393669-1043028165-1001 2014-09-29 22:28 - 2014-09-29 22:28 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Macromedia 2014-09-29 22:23 - 2014-09-30 23:52 - 00000000 __RDO () C:\Users\Adrian\OneDrive 2014-09-29 22:23 - 2014-09-29 22:23 - 00073728 _____ () C:\Users\Adrian\AppData\Local\Web Data 2014-09-29 22:23 - 2014-09-22 05:39 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\fportable 2014-09-29 22:20 - 2014-09-30 15:29 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Packages 2014-09-29 22:20 - 2014-09-29 22:20 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Adobe 2014-09-29 22:20 - 2014-09-29 22:20 - 00000000 ____D () C:\Users\Adrian\AppData\Local\VirtualStore 2014-09-29 22:18 - 2014-09-30 13:25 - 00401575 _____ () C:\WINDOWS\WindowsUpdate (1).log 2014-09-29 22:18 - 2014-09-29 22:18 - 00004608 _____ () C:\WINDOWS\SECOH-QAD.exe 2014-09-29 22:18 - 2014-09-29 22:18 - 00003706 _____ () C:\WINDOWS\System32\Tasks\AutoPico Daily Restart 2014-09-29 22:18 - 2014-09-29 22:18 - 00003584 _____ () C:\WINDOWS\SECOH-QAD.dll 2014-09-29 22:18 - 2014-09-29 22:18 - 00000000 ____D () C:\Program Files\KMSpico 2014-09-29 22:18 - 2014-09-29 21:22 - 129955328 _____ () C:\WINDOWS\Update.exe 2014-09-29 22:06 - 2014-09-29 22:06 - 00000000 ____D () C:\WINDOWS\CSC ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 23:51 - 2014-03-18 11:54 - 00002278 _____ () C:\WINDOWS\PFRO.log 2014-09-30 23:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-30 23:51 - 2013-08-22 16:44 - 00337840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-30 23:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-09-30 23:35 - 2013-08-22 17:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2014-09-30 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-09-30 15:38 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-09-30 15:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com 2014-09-30 15:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2014-09-30 15:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Com 2014-09-30 15:36 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing 2014-09-30 15:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2014-09-30 14:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-09-30 13:49 - 2014-03-18 12:04 - 00818732 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-09-30 13:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration 2014-09-30 13:49 - 2013-08-22 16:46 - 00296951 _____ () C:\WINDOWS\setupact.log 2014-09-30 13:48 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media 2014-09-30 13:48 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\system32\winrm 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\system32\WCN 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\system32\slmgr 2014-09-30 13:43 - 2014-03-18 11:32 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts 2014-09-30 13:43 - 2013-08-22 17:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log 2014-09-30 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-09-30 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2014-09-30 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2014-09-30 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2014-09-30 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2014-09-30 13:43 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default 2014-09-30 13:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2014-09-30 13:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2014-09-30 13:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2014-09-30 13:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2014-09-30 13:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-09-30 13:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2014-09-30 13:43 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\Default.migrated 2014-09-30 13:43 - 2013-08-22 15:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM 2014-09-30 13:42 - 2014-03-18 11:46 - 00000000 ____D () C:\Program Files\Windows Journal 2014-09-30 13:42 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\InputMethod 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\WindowsPowerShell 2014-09-30 13:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2014-09-30 13:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-30 13:36 ==================== End Of Log ============================