Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Gregor (administrator) on GREGOR-KOMPUTER on 12-11-2014 16:36:25 Running from G:\ Loaded Profile: Gregor (Available profiles: Gregor) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\sqlservr.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Young Digital Poland) C:\Program Files (x86)\YDP\YdpDict\Watch.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ASUS) C:\Windows\AsScrPro.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1732608 2009-11-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [ACPW06EN] => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1231992 2012-11-14] (ACD Systems) HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage) HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: H - H:\LaunchU3.exe -a HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: {3329fa39-3ce1-11e0-9540-485b3904d0bd} - G:\AutoRun.exe HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: {3329fa3e-3ce1-11e0-9540-485b3904d0bd} - G:\AutoRun.exe HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: {3329fa40-3ce1-11e0-9540-485b3904d0bd} - G:\AutoRun.exe HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: {3329fa42-3ce1-11e0-9540-485b3904d0bd} - G:\AutoRun.exe HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: {370fa516-bbf2-11df-9167-485b3904d0bd} - F:\Setup.exe -auto HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: {7cce59e8-3fed-11e0-85a4-485b3904d0bd} - G:\AutoRun.exe HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: {7cce59eb-3fed-11e0-85a4-485b3904d0bd} - G:\AutoRun.exe HKU\S-1-5-21-2594288395-2575548641-1274416727-1000\...\MountPoints2: {aa2c863c-6a51-11df-8821-00158335bd7e} - G:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktywacja Testera.lnk ShortcutTarget: Aktywacja Testera.lnk -> C:\Program Files (x86)\YDP\YdpDict\Watch.exe (Young Digital Poland) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.) Startup: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={3C153BBE-6337-4B1B-98EC-C681B1868B8B}&mid=42760d473b5647d0895099127fe0394e-f098aa263336bb89bd3031ed9a2eb476dabd5051&lang=pl&ds=xn011&pr=sa&d=2012-09-23 08:58:38&v=14.2.0.1&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={3C153BBE-6337-4B1B-98EC-C681B1868B8B}&mid=42760d473b5647d0895099127fe0394e-f098aa263336bb89bd3031ed9a2eb476dabd5051&lang=pl&ds=xn011&pr=sa&d=2012-09-23 08:58:38&v=14.2.0.1&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik rejestracji usługi Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll No File BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll No File BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll No File Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-2594288395-2575548641-1274416727-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-2594288395-2575548641-1274416727-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\bcxsag28.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\bcxsag28.default\user.js FF user.js: detected! => C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\8lm0pfex.default-1354916507328\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll (LizardTech) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: NetVideoHunter - C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\bcxsag28.default\Extensions\netvideohunter@netvideohunter.com [2014-07-28] FF Extension: Flash and Video Download - C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\bcxsag28.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-10-13] FF Extension: anonymoX - C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\bcxsag28.default\Extensions\client@anonymox.net.xpi [2014-06-14] FF Extension: Illimitux - C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\bcxsag28.default\Extensions\illimitux@illimitux.net.xpi [2011-06-16] FF Extension: Adblock Plus - C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\bcxsag28.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-30] FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-11-07] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-10] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25] Chrome: ======= CHR Profile: C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-13] CHR Extension: (Google Search) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-13] CHR Extension: (Gmail) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-13] CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-09-09] (Adobe Systems) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MSSQL$OPTIMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation) S3 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed] S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 OberonGameConsoleService; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [44312 2009-09-15] () R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 SQLAgent$OPTIMA; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.OPTIMA\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation) S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed] R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbawx64.sys [169496 2007-02-07] (Analog Devices Inc.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] () R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 16:28 - 2014-11-12 16:28 - 00415232 _____ (Farbar) C:\Users\Gregor\Downloads\FSS_www.INSTALKI.pl.exe 2014-11-11 21:36 - 2014-11-11 21:36 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Avg2015 2014-11-11 19:29 - 2014-11-12 16:36 - 00000000 ____D () C:\FRST 2014-11-09 21:55 - 2014-11-09 21:55 - 00003878 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415566538 2014-11-09 21:55 - 2014-11-09 21:55 - 00001141 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-11-09 21:55 - 2014-11-09 21:55 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-11-09 21:55 - 2014-11-09 21:55 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Opera Software 2014-11-09 21:55 - 2014-11-09 21:55 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Opera Software 2014-11-09 21:55 - 2014-11-09 21:55 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-11-09 21:54 - 2014-11-11 21:28 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Systweak 2014-11-09 21:54 - 2014-11-09 21:54 - 06825694 _____ () C:\Users\Gregor\Downloads\SopCast.zip 2014-11-07 17:37 - 2014-11-07 18:38 - 367013895 _____ () C:\Users\Gregor\Downloads\tp103-medieval.avi 2014-11-07 17:03 - 2014-11-07 17:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-06 21:56 - 2014-11-06 22:12 - 367017991 _____ () C:\Users\Gregor\Downloads\tp102-medieval.avi 2014-11-05 07:50 - 2014-11-05 07:50 - 00179712 _____ () C:\Users\Gregor\Downloads\archiwum_tab_a_2014(3).xls 2014-11-05 07:49 - 2014-11-05 07:49 - 00073018 _____ () C:\Users\Gregor\Downloads\pliki_darex.zip 2014-11-03 17:58 - 2014-11-03 19:11 - 366592000 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E10.PL.WEB-DL.XviD-CAMBiO.avi 2014-10-31 19:52 - 2014-10-31 20:13 - 366995463 _____ () C:\Users\Gregor\Downloads\tp101-medieval.avi 2014-10-29 20:15 - 2014-10-29 21:17 - 366757888 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO(1).avi 2014-10-28 21:48 - 2014-10-28 21:48 - 00000000 ____D () C:\Users\Public\Desktop\Radio Koszalin - www.radio.koszalin.pl 2014-10-28 21:48 - 2014-10-28 21:48 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\streamripper 2014-10-28 21:48 - 2014-10-28 21:48 - 00000000 ____D () C:\Program Files (x86)\Streamripper 2014-10-28 21:47 - 2014-10-28 21:47 - 02633439 _____ () C:\Users\Gregor\Downloads\streamripper-windows-installer-1.64.6.exe 2014-10-28 21:08 - 2014-10-28 21:08 - 20578448 _____ () C:\Users\Gregor\Documents\ff.wma.sfap0 2014-10-28 21:08 - 2014-10-28 21:08 - 00160832 _____ () C:\Users\Gregor\Documents\ff.wma.sfk 2014-10-28 20:49 - 2014-10-28 20:49 - 00485403 _____ () C:\Users\Gregor\Documents\Bez_nazwyxx.wma 2014-10-28 20:01 - 2014-10-28 20:03 - 01419323 _____ () C:\Users\Gregor\Documents\ff.wma 2014-10-27 18:01 - 2014-10-27 18:01 - 00000000 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO.avi 2014-10-27 18:00 - 2014-10-27 18:25 - 312063008 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E09.PL.WEB-DL.XviD-CAMBiO.avi.part 2014-10-27 17:23 - 2014-10-27 18:25 - 366999826 _____ () C:\Users\Gregor\Downloads\The.Walking.Dead.S05E03.HDTV.XviD-AFG.rar.part 2014-10-27 17:23 - 2014-10-27 17:23 - 00000000 _____ () C:\Users\Gregor\Downloads\The.Walking.Dead.S05E03.HDTV.XviD-AFG.rar 2014-10-25 17:31 - 2014-10-25 17:31 - 00011052 _____ () C:\Users\Gregor\Downloads\Samsung-Avila_4_.jpeg 2014-10-22 21:03 - 2014-10-25 23:30 - 00000488 _____ () C:\Windows\Viewer.INI 2014-10-21 16:41 - 2014-10-21 18:21 - 367130126 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E08.PL.WEB-DL.XviD-CAMBiO.avi 2014-10-16 23:25 - 2014-10-16 23:25 - 00611536 _____ () C:\Users\Gregor\Desktop\022.djvu 2014-10-13 16:21 - 2014-10-13 16:46 - 366843904 _____ () C:\Users\Gregor\Downloads\Czas.Honoru.S07E07.PL.WEB-DL.XviD-CAMBiO.avi ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2060-08-18 18:02 - 2012-09-24 18:32 - 02023424 ____N (Inprise Corporation) C:\Windows\SysWOW64\VCL50.BPL 2060-08-18 18:02 - 2012-09-24 18:32 - 01496064 ____N (Inprise Corporation) C:\Windows\SysWOW64\CC3250MT.DLL 2060-08-18 18:02 - 2012-09-24 18:32 - 00248832 ____N (Inprise Corporation) C:\Windows\SysWOW64\VCLX50.BPL 2060-08-18 17:40 - 2012-09-24 18:32 - 00909824 ____N (Inprise Corporation) C:\Windows\SysWOW64\CP3245MT.DLL 2060-08-18 17:40 - 2012-09-24 18:32 - 00024064 ____N (Inprise Corporation) C:\Windows\SysWOW64\BORLNDMM.DLL 2014-11-12 16:27 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-12 16:27 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-12 16:26 - 2010-06-25 15:27 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-12 16:23 - 2010-02-25 08:54 - 01671189 _____ () C:\Windows\WindowsUpdate.log 2014-11-12 16:22 - 2010-06-25 15:27 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-12 16:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-12 16:19 - 2009-07-14 05:51 - 00292732 _____ () C:\Windows\setupact.log 2014-11-11 21:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-10 23:01 - 2013-04-20 14:48 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-11-09 21:52 - 2011-05-17 18:57 - 00000173 _____ () C:\Windows\YdpDict.INI 2014-11-09 11:49 - 2013-04-20 14:30 - 00000000 ____D () C:\ProgramData\MFAData 2014-11-08 11:50 - 2012-02-21 19:14 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2014-11-08 11:49 - 2012-04-30 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-05 21:32 - 2009-08-03 20:55 - 00832034 _____ () C:\Windows\system32\perfh015.dat 2014-11-05 21:32 - 2009-08-03 20:55 - 00189654 _____ () C:\Windows\system32\perfc015.dat 2014-11-05 21:32 - 2009-07-14 06:13 - 01926950 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-05 07:45 - 2010-05-09 17:14 - 00117888 _____ () C:\Users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-05 07:43 - 2009-07-14 05:45 - 03043440 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-04 23:50 - 2010-02-25 09:07 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-01 22:07 - 2010-02-25 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-11-01 20:36 - 2011-11-11 17:29 - 00000000 ____D () C:\Users\Gregor\Desktop\11.11 2014-11-01 09:16 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-26 21:42 - 2012-10-28 21:20 - 00000000 ____D () C:\Users\Gregor\Desktop\ipn 2014-10-22 20:21 - 2010-06-25 15:27 - 00004044 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-22 20:21 - 2010-06-25 15:27 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 19:49 - 2010-09-10 13:16 - 00002891 ____H () C:\Users\Gregor\Downloads\.picasa.ini 2014-10-14 00:45 - 2014-07-01 23:17 - 00000000 ____D () C:\Users\Gregor\Downloads\druk ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 22:12 ==================== End Of Log ============================