Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Dawid (administrator) on DAWIDOSEK on 09-03-2015 13:12:34
Running from C:\Users\Dawid\Downloads
Loaded Profiles: Dawid (Available profiles: Dawid & adrian & Damian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\CancelAutoPlay.exe
(http://www.tinydm.com/) C:\Users\Dawid\AppData\Local\DM\TinyDM.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\zLoggingDaemon.exe
() C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\Cyfrowy Polsat MF821.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Rock Turner\updateRockTurner.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
() C:\ProgramData\253696b0-e9b9-4e71-87e6-dd3f97c02b2a\maintainer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [zLoader.exe] => C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\zLoader.exe [26480 2012-05-22] ()
HKLM\...\Run: [CancelAutoPlay.exe] => C:\Program Files (x86)\Cyfrowy Polsat\MF821\Bin\CancelAutoPlay.exe [74096 2012-05-22] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\...\Run: [Tiny download manager] => C:\Users\Dawid\AppData\Local\DM\TinyDM.exe [289752 2014-12-28] (http://www.tinydm.com/)
HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3631448 2015-02-27] (Electronic Arts)
HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\...\MountPoints2: {12ddc825-940c-11e4-bc60-0019666031da} - D:\AutoRun.exe /s
HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\...\MountPoints2: {747e55c0-6a97-11e4-bc7b-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs-x32: c:\progra~2\gs_boo~1\assist~1.dll => "c:\progra~2\gs_boo~1\assist~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/pl-pl/?ocid=UP97DHP&pc=UP97
HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE
HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://rts.dsrlte.com?affID=na
http://www.search.ask.com/?tpid=ORJ-ST-SPE&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5EPL&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5EPL&apn_dbr=cr_38.0.2125.111&apn_uid=EBC246C1-4F1E-43C9-9FF0-A37F0A56880A&itbv=12.18.0.81&doi=2014-10-31&psv=&pt=tb
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1699041526-1260768229-1946834793-1001 -> DefaultScope {D4D8AEB1-142B-4C79-BCC3-C7BB37F26D2A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1699041526-1260768229-1946834793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1699041526-1260768229-1946834793-1001 -> {2B64B16C-CDF5-4324-9F53-974761394866} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1699041526-1260768229-1946834793-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1699041526-1260768229-1946834793-1001 -> {5025A078-BCE7-40BD-A9E7-1C00FDC5DDFA} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11467&pf=V7&p2=^BED^OSJ000^YY^PL&gct=&itbv=12.18.0.81&apn_uid=EBC246C1-4F1E-43C9-9FF0-A37F0A56880A&apn_ptnrs=BED&apn_dtid=^OSJ000^YY^PL&apn_dbr=cr_38.0.2125.111&doi=2014-10-31&trgb=CR&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1699041526-1260768229-1946834793-1001 -> {D4D8AEB1-142B-4C79-BCC3-C7BB37F26D2A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1699041526-1260768229-1946834793-1001 -> {F6D549FA-E52C-4BAA-8130-3E0C8CEA0C90} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=498
BHO: LuuckyCOuppON -> {34085CC6-3EF0-9AD2-7920-DA2AFF3FC4BB} -> C:\ProgramData\LuuckyCOuppON\JD.x64.dll [2014-09-08] ()
BHO: BetterPRicECheC -> {6E6B5A77-BBD0-D26F-B20E-1A27B5E45576} -> C:\ProgramData\BetterPRicECheC\Xue9cw.x64.dll [2014-09-05] ()
BHO: WowCooupoon -> {9BD49075-9368-A83F-0BD5-99EE911C9464} -> C:\ProgramData\WowCooupoon\sYIIUFjxO.x64.dll [2014-08-10] ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: LuuckyCOuppON -> {34085CC6-3EF0-9AD2-7920-DA2AFF3FC4BB} -> C:\ProgramData\LuuckyCOuppON\JD.dll [2014-09-08] ()
BHO-x32: Rock Turner 1.0.0.7 -> {527b365c-1bd3-4a66-906f-8729805ce78c} -> C:\Program Files (x86)\Rock Turner\RockTurnerBHO.dll [2015-01-27] (Rock Turner)
BHO-x32: BetterPRicECheC -> {6E6B5A77-BBD0-D26F-B20E-1A27B5E45576} -> C:\ProgramData\BetterPRicECheC\Xue9cw.dll [2014-09-05] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-27] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1410268049&from=wpc&uid=MaxtorX6E030L0_E12HLVDE

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll [2014-10-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll [2014-10-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-21] (Google Inc.)

Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://rts.dsrlte.com?affID=pr_9c463e7f-5d65-4289-b233-694661020215"
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2014-12-10]
CHR Extension: (Rock Turner) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdjeihkmglmapgifllngcdlaoeemaacf [2014-12-11]
CHR Extension: (AdBlock) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-01]
CHR Extension: (Google Wallet) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-21]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1699041526-1260768229-1946834793-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-09-18] (Just Develop It) <==== ATTENTION
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
R2 MaintainerSvc3.36.5835263; C:\ProgramData\253696b0-e9b9-4e71-87e6-dd3f97c02b2a\maintainer.exe [123680 2015-03-09] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 Update Rock Turner; C:\Program Files (x86)\Rock Turner\updateRockTurner.exe [414496 2015-03-09] ()
R2 Util Rock Turner; C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe [414496 2015-03-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 4d349a54; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs_boo~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2011-12-14] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-11-12] (Duplex Secure Ltd.)
S3 zgdcat; C:\Windows\System32\DRIVERS\zgdcat.sys [130200 2011-12-14] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\System32\DRIVERS\zgdcdiag.sys [130200 2011-12-14] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\System32\DRIVERS\zgdcmdm.sys [130200 2011-12-14] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\System32\DRIVERS\zgdcnet.sys [169496 2011-12-14] (ZTE Incorporated)
S3 zgdcnmea; C:\Windows\System32\DRIVERS\zgdcnmea.sys [130200 2011-12-14] (ZTE Incorporated)
R1 {825c5be7-672f-4c14-9929-48a3a5e1a660}w64; C:\Windows\System32\drivers\{825c5be7-672f-4c14-9929-48a3a5e1a660}w64.sys [44736 2014-09-16] (StdLib)
R1 {8aa67d0b-c01c-4d37-acff-fff3e85a7686}w64; C:\Windows\System32\drivers\{8aa67d0b-c01c-4d37-acff-fff3e85a7686}w64.sys [48832 2014-11-27] (StdLib)
R1 {8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64; C:\Windows\System32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys [61120 2014-05-22] (StdLib)
R1 {e4c6b00c-d06e-4877-9f09-d92a224047b5}w64; C:\Windows\System32\drivers\{e4c6b00c-d06e-4877-9f09-d92a224047b5}w64.sys [48832 2014-11-29] (StdLib)
R1 {eb5ff5f5-0862-4d0e-b77f-65f32d94e6ab}w64; C:\Windows\System32\drivers\{eb5ff5f5-0862-4d0e-b77f-65f32d94e6ab}w64.sys [48832 2014-11-28] (StdLib)
U3 a67hvsux; C:\Windows\System32\Drivers\a67hvsux.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 13:12 - 2015-03-09 13:13 - 00018781 _____ () C:\Users\Dawid\Downloads\FRST.txt
2015-03-09 13:11 - 2015-03-09 13:12 - 00000000 ____D () C:\FRST
2015-03-09 13:10 - 2015-03-09 13:10 - 02095104 _____ (Farbar) C:\Users\Dawid\Downloads\FRST64.exe
2015-03-09 13:10 - 2015-03-09 13:10 - 00371057 _____ () C:\Users\Dawid\Downloads\gm.zip
2015-03-09 11:19 - 2015-03-09 13:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 11:19 - 2015-03-09 11:19 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-09 11:19 - 2015-03-09 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-09 11:19 - 2015-03-09 11:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 11:19 - 2015-03-09 11:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-09 11:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 11:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 11:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 11:18 - 2015-03-09 11:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dawid\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-09 11:11 - 2015-03-09 11:11 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-09 11:11 - 2015-03-09 11:11 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-09 11:11 - 2015-03-09 11:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-09 11:10 - 2015-03-09 11:10 - 05325696 _____ (Piriform Ltd) C:\Users\Dawid\Downloads\ccsetup503.exe
2015-02-20 12:15 - 2015-02-20 17:51 - 00000000 ____D () C:\Users\Dawid\AppData\Roaming\Skype
2015-02-20 12:15 - 2015-02-20 12:15 - 00000000 ____D () C:\Users\Dawid\AppData\Local\Skype
2015-02-19 08:50 - 2015-02-19 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-19 08:50 - 2015-02-19 08:50 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-02-13 20:45 - 2015-03-08 20:02 - 00000000 ____D () C:\Users\Dawid\Documents\FIFA 14
2015-02-13 20:41 - 2015-02-13 20:41 - 00001134 _____ () C:\Users\Public\Desktop\FIFA 14.lnk
2015-02-13 20:41 - 2015-02-13 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14
2015-02-13 19:05 - 2015-02-13 19:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-08 20:09 - 2015-02-08 20:09 - 00000000 ____D () C:\Users\adrian\Documents\FIFA World

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 12:54 - 2009-07-14 05:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 12:54 - 2009-07-14 05:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 11:12 - 2014-12-30 17:04 - 00000000 ____D () C:\Users\Dawid\AppData\Local\LogMeIn Hamachi
2015-03-09 11:12 - 2014-11-12 16:47 - 00000000 ____D () C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite
2015-03-09 11:12 - 2008-01-22 20:38 - 00000000 ____D () C:\Windows\Panther
2015-03-09 10:58 - 2014-05-20 17:34 - 00000000 ____D () C:\ProgramData\Origin
2015-03-09 10:55 - 2014-05-30 12:00 - 00000000 ____D () C:\Program Files (x86)\Rock Turner
2015-03-09 10:24 - 2014-10-29 08:55 - 00000000 ____D () C:\ProgramData\253696b0-e9b9-4e71-87e6-dd3f97c02b2a
2015-03-09 09:57 - 2008-01-22 20:42 - 01971072 ____N () C:\Windows\WindowsUpdate.log
2015-03-09 09:54 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-03-09 09:53 - 2015-01-07 17:44 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-09 09:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-09 09:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 21:19 - 2014-12-30 14:44 - 00000000 ____D () C:\Users\adrian\AppData\Local\LogMeIn Hamachi
2015-03-08 21:19 - 2014-12-01 17:15 - 00000000 ____D () C:\Users\adrian\AppData\Local\Gameo
2015-03-08 20:10 - 2015-01-31 14:11 - 00000000 ____D () C:\Users\adrian\AppData\Roaming\.minecraft
2015-03-03 08:59 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 08:58 - 2014-12-01 17:15 - 00000296 _____ () C:\Windows\Tasks\PennyBee.job
2015-03-01 11:22 - 2014-12-01 17:15 - 00003238 _____ () C:\Windows\System32\Tasks\PennyBee
2015-03-01 11:22 - 2014-11-08 18:31 - 00000000 ____D () C:\ProgramData\Skype
2015-02-28 15:23 - 2014-12-01 19:15 - 00000087 _____ () C:\Users\adrian\AppData\Roaming\WB.CFG
2015-02-27 17:18 - 2014-12-02 14:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-23 20:45 - 2014-12-29 16:06 - 00000000 ____D () C:\Users\adrian\Desktop\Nowy folder
2015-02-21 15:28 - 2014-11-08 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-20 12:15 - 2014-11-08 18:31 - 00000000 ____D () C:\Users\adrian\AppData\Roaming\Skype
2015-02-20 11:36 - 2014-12-12 21:10 - 00000000 ____D () C:\Users\Dawid\AppData\Roaming\.minecraft
2015-02-19 19:35 - 2014-10-21 12:36 - 00000000 ____D () C:\Users\Dawid\AppData\Roaming\Origin
2015-02-19 08:50 - 2015-01-30 09:09 - 00000886 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-02-16 16:20 - 2014-07-17 12:42 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-02-14 11:06 - 2014-09-26 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-02-13 20:41 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-13 18:54 - 2015-01-26 19:57 - 00000000 ____D () C:\Users\Dawid\Documents\FIFA 13
2015-02-12 16:35 - 2011-04-12 14:21 - 00737242 _____ () C:\Windows\system32\perfh015.dat
2015-02-12 16:35 - 2011-04-12 14:21 - 00153930 _____ () C:\Windows\system32\perfc015.dat
2015-02-12 16:35 - 2009-07-14 06:13 - 01661232 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 13:50 - 2015-01-19 23:02 - 00000000 ____D () C:\Users\adrian\AppData\Local\Mozilla Firefox
2015-02-08 18:03 - 2014-12-02 13:19 - 00000000 ____D () C:\Users\adrian\AppData\Local\CrashDumps

Some content of TEMP:
====================
C:\Users\Dawid\AppData\Local\Temp\dsrsetup.exe
C:\Users\Dawid\AppData\Local\Temp\res.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-07 18:49

==================== End Of Log ============================