Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by Tomek (administrator) on TOMEK-KOMPUTER on 09-02-2015 16:52:23 Running from C:\Users\Tomek\Downloads\Nowy folder (2) Loaded Profiles: Tomek (Available profiles: Tomek) Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe (HP) C:\Windows\System32\HPSIsvc.exe (TODO: ) C:\Program Files (x86)\STab\ProtectService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\System32\PnkBstrA.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Akamai Technologies, Inc.) C:\Users\Tomek\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Docudesk Corporation) C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (BitTorrent Inc.) C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe () C:\ProgramData\{c457b742-fa38-e47d-c457-7b742fa3dd0b}\Download.exe (SearchProtect) C:\Program Files (x86)\STab\CmdShell.exe (TODO: ) C:\Program Files (x86)\STab\HPNotify.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (Akamai Technologies, Inc.) C:\Users\Tomek\AppData\Local\Akamai\netsession_win.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-06] () HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [ASRockOCTuner] => [X] HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2174976 2009-10-05] (Gainward Co.) HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [RGSC] => E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tomek\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [Facebook Update] => C:\Users\Tomek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-13] (Facebook Inc.) HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation) HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [uTorrent] => C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-02-07] (BitTorrent Inc.) HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\MountPoints2: {5e9fc157-fd36-11e3-8438-bc5ff4d0a0cc} - G:\start.exe HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\MountPoints2: {aa93c238-6be4-11e3-bc52-bc5ff4d0a0cc} - J:\setup.exe /autorun HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\MountPoints2: {c5233471-a606-11e3-94fa-bc5ff4d0a0cc} - G:\AutoRun.exe HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\MountPoints2: {c5233480-a606-11e3-94fa-bc5ff4d0a0cc} - G:\AutoRun.exe HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\MountPoints2: {c523349f-a606-11e3-94fa-bc5ff4d0a0cc} - G:\AutoRun.exe Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk ShortcutTarget: Download.lnk -> C:\ProgramData\{c457b742-fa38-e47d-c457-7b742fa3dd0b}\Download.exe () BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKU\S-1-5-21-3233527848-828038961-4074897931-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKU\S-1-5-21-3233527848-828038961-4074897931-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9D5F4F82-8B23-42B8-ACE6-61E59C3AD5E8}&mid=70881a8c5dfc47d39fe86d16b234493f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-06 11:58:11&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) BHO: youtubeadblocker -> {52a5d084-65f1-4902-9ae8-5fd4646bb132} -> C:\Program Files (x86)\youtubeadblocker\ul50tWOZZxYWeM.x64.dll () BHO: VVaUUdix -> {915b1d5f-504a-4856-99b6-40a0d063bc3e} -> C:\Program Files (x86)\VVaUUdix\QDLuwXOmL95Dnz.x64.dll () BHO-x32: Media Buzz -> {06fa1323-e27c-46c2-9b4e-c1f4e035242d} -> C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2767\ie\MediaBuzzV1mode2767.dll () BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG) BHO-x32: Rich Media View -> {bf22bdc1-e4dc-47d4-8159-dd7bb6d11d5c} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release881\ie\RichMediaViewV1release881.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 192.168.123.1 FireFox: ======== FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592 FF NewTab: chrome://quick_start/content/index.html FF SelectedSearchEngine: webssearches FF Homepage: hxxp://google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin HKU\S-1-5-21-3233527848-828038961-4074897931-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tomek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-3233527848-828038961-4074897931-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tomek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592\user.js FF SearchPlugin: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml FF Extension: AVG Web TuneUp - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592\Extensions\avg@toolbar [2014-11-06] FF Extension: Battlefield Play4Free - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592\Extensions\battlefieldplay4free@ea.com [2014-12-05] FF Extension: youtubeadblocker - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592\Extensions\fL@3.com [2015-01-21] FF Extension: Adblock Plus - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-27] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-12-23] FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2013-12-23] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode2767.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2767\ff FF Extension: Media Buzz - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2767\ff [2014-04-26] FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release881.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release881\ff FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release881\ff [2014-05-14] FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592\extensions\faststartff@gmail.com Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\DEFAULT CHR HKLM-x32\...\Chrome\Extension: [emgglocpcajimhnlciidmpkeaaemoinj] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release881\ch\RichMediaViewV1release881.crx [2014-05-13] CHR HKLM-x32\...\Chrome\Extension: [gdklnpfkeikonadmklecfhlafgjgfcec] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2767\ch\MediaBuzzV1mode2767.crx [2014-04-23] CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26] CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH) R2 IHProtect Service; C:\Program Files (x86)\STab\ProtectService.exe [158864 2014-11-10] (TODO: ) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-19] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-19] () R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-06] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-16] (Fuyu LIMITED) [File not signed] S2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [X] S2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-06] (AVG Technologies) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-23] (DT Soft Ltd) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S2 TBPanel; No ImagePath S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [X] S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 16:52 - 2015-02-09 16:52 - 00000000 ____D () C:\FRST 2015-02-08 18:01 - 2015-02-08 18:01 - 00291368 _____ () C:\Windows\Minidump\020815-31325-01.dmp 2015-02-07 13:27 - 2015-02-07 13:27 - 00000000 ____D () C:\ProgramData\APN 2015-02-05 18:13 - 2015-02-09 16:52 - 00000000 ____D () C:\Users\Tomek\Downloads\Nowy folder (2) 2015-01-30 21:56 - 2015-01-30 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Player 2015-01-27 17:41 - 2015-01-27 17:41 - 00291392 _____ () C:\Windows\Minidump\012715-29094-01.dmp 2015-01-26 23:13 - 2015-01-26 23:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-21 21:09 - 2015-01-21 21:09 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker 2015-01-21 21:09 - 2015-01-21 21:09 - 00000000 ____D () C:\Program Files (x86)\Yandex.Traffic 2015-01-21 21:08 - 2015-01-21 21:08 - 00000000 ____D () C:\Program Files (x86)\VVaUUdix 2015-01-21 21:07 - 2015-01-22 10:31 - 00000000 ____D () C:\ProgramData\{c457b742-fa38-e47d-c457-7b742fa3dd0b} 2015-01-21 21:07 - 2015-01-21 21:07 - 00000000 ____D () C:\ProgramData\7791935601182018279 2015-01-21 21:07 - 2015-01-21 21:07 - 00000000 ____D () C:\Program Files (x86)\VVaudix 2015-01-17 17:00 - 2015-01-18 08:20 - 00285184 _____ () C:\Users\Tomek\Documents\Projekt budowy placu zabaw w miejscowości Pniówek.pptx 2015-01-15 19:36 - 2015-01-15 19:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2015-01-15 19:34 - 2015-01-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories 2015-01-15 19:34 - 2015-01-15 19:34 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 16:52 - 2014-01-02 10:41 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\uTorrent 2015-02-09 16:48 - 2014-12-16 13:12 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-02-09 16:48 - 2014-10-06 18:25 - 00000000 ____D () C:\ProgramData\Origin 2015-02-09 16:37 - 2014-07-13 12:32 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3233527848-828038961-4074897931-1000UA.job 2015-02-09 16:05 - 2014-01-28 09:16 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-09 14:42 - 2009-07-14 05:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-09 14:42 - 2009-07-14 05:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-09 14:38 - 2013-12-23 14:53 - 01155614 _____ () C:\Windows\WindowsUpdate.log 2015-02-09 14:35 - 2014-02-03 10:02 - 00000372 _____ () C:\Windows\Tasks\AmiUpdXp.job 2015-02-09 14:35 - 2013-12-23 15:08 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-09 14:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-09 14:35 - 2009-07-14 05:51 - 00189845 _____ () C:\Windows\setupact.log 2015-02-09 08:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-08 20:25 - 2014-02-24 11:51 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-02-08 20:25 - 2014-02-24 11:51 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-02-08 18:01 - 2014-02-17 20:51 - 573656011 _____ () C:\Windows\MEMORY.DMP 2015-02-08 18:01 - 2014-02-17 20:51 - 00000000 ____D () C:\Windows\Minidump 2015-02-08 13:37 - 2014-07-13 12:32 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3233527848-828038961-4074897931-1000Core.job 2015-02-08 09:10 - 2013-12-23 16:27 - 00000000 ____D () C:\Windows\system32\Drivers\AVG 2015-02-07 13:27 - 2014-12-31 09:19 - 00000865 _____ () C:\Users\Tomek\Desktop\µTorrent.lnk 2015-02-07 13:27 - 2014-12-31 09:19 - 00000845 _____ () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-02-06 12:00 - 2013-12-23 15:09 - 00000000 ____D () C:\Users\Tomek\AppData\Local\CrashDumps 2015-02-05 18:05 - 2014-01-28 09:16 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 18:05 - 2013-12-23 15:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 18:05 - 2013-12-23 15:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 17:31 - 2014-02-05 09:11 - 00001119 _____ () C:\Users\Tomek\Desktop\Youtube Downloader HD.lnk 2015-02-05 17:31 - 2014-02-05 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD 2015-02-05 17:31 - 2014-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\Youtube Downloader HD 2015-01-31 07:54 - 2009-07-14 18:55 - 00738970 _____ () C:\Windows\system32\perfh015.dat 2015-01-31 07:54 - 2009-07-14 18:55 - 00155080 _____ () C:\Windows\system32\perfc015.dat 2015-01-31 07:54 - 2009-07-14 06:13 - 01666088 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-30 21:56 - 2014-02-18 21:19 - 00000688 _____ () C:\Users\Public\Desktop\Crystal Player.lnk 2015-01-27 13:41 - 2013-12-23 16:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-21 13:46 - 2014-12-31 15:44 - 00000000 ____D () C:\Users\Tomek\Documents\FIFA 14 2015-01-19 16:32 - 2014-11-30 21:17 - 00000000 ____D () C:\Users\Tomek\Downloads\Praca domowa 2015-01-16 22:02 - 2014-10-09 16:35 - 00000000 ____D () C:\Users\Tomek\Documents\USA 2015-01-16 16:21 - 2014-02-27 19:51 - 00000000 ____D () C:\Users\Tomek\Documents\Nowy folder 2015-01-15 19:34 - 2013-12-23 16:59 - 00161572 _____ () C:\Windows\DirectX.log 2015-01-13 16:47 - 2014-01-06 13:56 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ipla 2015-01-13 10:19 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2014-02-03 16:41 - 2014-02-03 16:41 - 0003584 _____ () C:\Users\Tomek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-23 19:41 - 2013-12-31 18:56 - 0007598 _____ () C:\Users\Tomek\AppData\Local\Resmon.ResmonCfg 2014-01-13 19:09 - 2014-01-13 19:10 - 0002432 _____ () C:\Users\Tomek\AppData\Local\TempjP1704.html 2014-01-13 19:09 - 2014-01-13 19:10 - 0002089 _____ () C:\Users\Tomek\AppData\Local\TempXy1704.html 2013-12-23 14:59 - 2013-12-23 14:59 - 0000003 _____ () C:\Users\Tomek\AppData\Local\user_data.ini Some content of TEMP: ==================== C:\Users\Tomek\AppData\Local\Temp\1b303c5124345.exe C:\Users\Tomek\AppData\Local\Temp\CJoqRWIgsqRpCZDWmrJQ.DLL C:\Users\Tomek\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Tomek\AppData\Local\Temp\fttlOhS624.exe C:\Users\Tomek\AppData\Local\Temp\ipl3959.tmp.exe C:\Users\Tomek\AppData\Local\Temp\ipl4839.tmp.exe C:\Users\Tomek\AppData\Local\Temp\ipl5D5B.tmp.exe C:\Users\Tomek\AppData\Local\Temp\ipl712.tmp.exe C:\Users\Tomek\AppData\Local\Temp\ipl7196.tmp.exe C:\Users\Tomek\AppData\Local\Temp\ipl8A35.tmp.exe C:\Users\Tomek\AppData\Local\Temp\iplA93F.tmp.exe C:\Users\Tomek\AppData\Local\Temp\iplD652.tmp.exe C:\Users\Tomek\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Tomek\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe C:\Users\Tomek\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Tomek\AppData\Local\Temp\nvStInst.exe C:\Users\Tomek\AppData\Local\Temp\ose00000.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1394187545540.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1394350193436.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1394398014017.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1394983490715.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1395163758054.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1395168314704.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1395333846579.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1396276506120.exe C:\Users\Tomek\AppData\Local\Temp\SamsungAPInstaller_1396464830366.exe C:\Users\Tomek\AppData\Local\Temp\set-app.exe C:\Users\Tomek\AppData\Local\Temp\setapp.exe C:\Users\Tomek\AppData\Local\Temp\Setup-a.exe C:\Users\Tomek\AppData\Local\Temp\Setup2.exe C:\Users\Tomek\AppData\Local\Temp\siinst.exe C:\Users\Tomek\AppData\Local\Temp\Softonic_PL_1-5-7.exe C:\Users\Tomek\AppData\Local\Temp\sonarinst.exe C:\Users\Tomek\AppData\Local\Temp\strings.dll C:\Users\Tomek\AppData\Local\Temp\utt6C6F.tmp.exe C:\Users\Tomek\AppData\Local\Temp\uttA10B.tmp.exe C:\Users\Tomek\AppData\Local\Temp\yac_up.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-05 15:47 ==================== End Of Log ============================