Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by user (administrator) on USER-HP on 03-06-2015 02:20:52 Running from C:\Users\user\Downloads\skanery fixit Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Home Premium (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-28] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] () HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1223011260-1282141417-537522039-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\S-1-5-21-1223011260-1282141417-537522039-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-19] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com HKU\S-1-5-21-1223011260-1282141417-537522039-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com SearchScopes: HKLM -> DefaultScope {87387933-163F-4056-BCB8-A9EE43750493} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {87387933-163F-4056-BCB8-A9EE43750493} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {A2453129-6392-4821-AEBF-6B58278C1019} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {F973EA7A-FAD4-49AB-A192-CC271731A67D} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> DefaultScope {87387933-163F-4056-BCB8-A9EE43750493} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {87387933-163F-4056-BCB8-A9EE43750493} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {A2453129-6392-4821-AEBF-6B58278C1019} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {F973EA7A-FAD4-49AB-A192-CC271731A67D} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-1223011260-1282141417-537522039-1000 -> DefaultScope {87387933-163F-4056-BCB8-A9EE43750493} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-08-17] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-08-17] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-08-17] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-08-17] (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-08-17] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-16] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16] CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-17] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16] CHR Extension: (Bookmark Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16] Opera: ======= OPR Extension: (Digital More) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\idipklkclglaeaidmeedenepljfnfbfn [2015-05-03] OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-05-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] () R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [126904 2010-05-23] (Symantec Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS [117808 2010-05-28] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS [1773104 2010-05-28] (Symantec Corporation) S1 SRTSP; C:\Windows\system32\drivers\NISx64\1200000.080\SRTSP64.SYS [701800 2010-05-24] (Symantec Corporation) [File not signed] R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1200000.080\SRTSPX64.SYS [38248 2010-05-24] (Symantec Corporation) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 02:04 - 2015-02-24 04:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-05-19 22:04 - 2015-05-19 22:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\LavasoftStatistics 2015-05-19 21:57 - 2015-05-19 21:57 - 00000000 ____D () C:\Program Files\Lavasoft 2015-05-19 21:47 - 2015-05-19 21:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\Lavasoft 2015-05-19 21:47 - 2015-05-19 21:47 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2015-05-19 21:23 - 2015-05-19 21:23 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-05-17 09:03 - 2015-06-03 02:20 - 00000000 ____D () C:\FRST 2015-05-17 09:02 - 2015-06-03 02:15 - 00000000 ____D () C:\Users\user\Downloads\skanery fixit 2015-05-17 02:33 - 2015-05-17 02:35 - 00000000 ____D () C:\AdwCleaner 2015-05-17 02:17 - 2015-05-17 02:17 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList 2015-05-17 02:17 - 2015-05-17 02:17 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList 2015-05-17 02:17 - 2015-05-17 02:17 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList 2015-05-17 01:33 - 2015-06-03 02:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-05-17 01:33 - 2015-06-03 02:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-05-17 01:33 - 2015-06-03 01:44 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2015-05-17 01:17 - 2015-06-03 02:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-05-17 01:16 - 2015-06-03 02:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-05-17 00:41 - 2015-06-03 02:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-17 00:41 - 2015-06-03 02:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-17 00:27 - 2015-05-17 00:30 - 00000026 _____ () C:\Users\user\Desktop\Nowy dokument tekstowy.txt 2015-05-15 18:11 - 2015-05-15 18:40 - 00000000 ____D () C:\Users\user\Desktop\PP2000 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 02:58 - 2010-08-17 06:05 - 00000000 ____D () C:\ProgramData\Symantec 2015-06-03 02:54 - 2013-12-28 09:46 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe 2015-06-03 02:54 - 2010-08-17 06:48 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-06-03 02:54 - 2010-08-17 05:53 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-06-03 02:49 - 2011-03-09 12:02 - 00687828 _____ () C:\Windows\system32\perfh015.dat 2015-06-03 02:49 - 2011-03-09 12:02 - 00131382 _____ () C:\Windows\system32\perfc015.dat 2015-06-03 02:49 - 2010-08-17 14:47 - 00680010 _____ () C:\Windows\system32\perfh010.dat 2015-06-03 02:49 - 2010-08-17 14:47 - 00124006 _____ () C:\Windows\system32\perfc010.dat 2015-06-03 02:49 - 2010-08-17 14:39 - 00684954 _____ () C:\Windows\system32\perfh00C.dat 2015-06-03 02:49 - 2010-08-17 14:39 - 00127070 _____ () C:\Windows\system32\perfc00C.dat 2015-06-03 02:49 - 2010-08-17 14:31 - 00633536 _____ () C:\Windows\system32\perfh007.dat 2015-06-03 02:49 - 2010-08-17 14:31 - 00125928 _____ () C:\Windows\system32\perfc007.dat 2015-06-03 02:49 - 2009-07-14 07:13 - 03894866 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-06-03 02:47 - 2011-03-09 11:53 - 00077760 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-03 02:41 - 2010-12-21 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-06-03 02:39 - 2010-08-19 11:32 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-06-03 02:39 - 2010-08-19 02:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2015-06-03 02:39 - 2010-08-19 02:06 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2015-06-03 02:39 - 2010-08-19 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2015-06-03 02:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-06-03 02:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages 2015-06-03 02:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-06-03 02:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender 2015-06-03 02:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker 2015-06-03 02:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2015-06-03 02:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ras 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Msdtc 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\manifeststore 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ias 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System 2015-06-03 02:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Services 2015-06-03 02:38 - 2011-03-09 12:01 - 00000000 ____D () C:\Windows\SysWOW64\pl 2015-06-03 02:38 - 2011-03-09 12:00 - 00000000 ____D () C:\Windows\system32\pl 2015-06-03 02:38 - 2010-08-17 14:46 - 00000000 ____D () C:\Windows\SysWOW64\it 2015-06-03 02:38 - 2010-08-17 14:46 - 00000000 ____D () C:\Windows\system32\it 2015-06-03 02:38 - 2010-08-17 14:39 - 00000000 ____D () C:\Windows\SysWOW64\fr 2015-06-03 02:38 - 2010-08-17 14:38 - 00000000 ____D () C:\Windows\system32\fr 2015-06-03 02:38 - 2010-08-17 14:31 - 00000000 ____D () C:\Windows\SysWOW64\de 2015-06-03 02:38 - 2010-08-17 14:31 - 00000000 ____D () C:\Windows\system32\de 2015-06-03 02:38 - 2010-08-17 08:41 - 00000000 ____D () C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76} 2015-06-03 02:38 - 2010-08-17 07:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-06-03 02:38 - 2010-08-17 07:35 - 00000000 ____D () C:\ProgramData\CyberLink 2015-06-03 02:38 - 2010-08-17 07:10 - 00000000 ____D () C:\ProgramData\Ulead Systems 2015-06-03 02:38 - 2010-08-17 06:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services 2015-06-03 02:38 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2015-06-03 02:38 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-06-03 02:38 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2015-06-03 02:38 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ras 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\uk-UA 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\th-TH 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sppui 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sl-SI 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sk-SK 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ro-RO 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\lv-LV 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\lt-LT 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\hr-HR 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\he-IL 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\et-EE 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\bg-BG 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-06-03 02:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas 2015-06-03 02:27 - 2010-08-19 02:06 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2015-06-03 02:27 - 2010-08-17 14:31 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2015-06-03 02:27 - 2010-08-17 08:42 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard 2015-06-03 02:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm 2015-06-03 02:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN 2015-06-03 02:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr 2015-06-03 02:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts 2015-06-03 02:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\system32\winrm 2015-06-03 02:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\system32\WCN 2015-06-03 02:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\system32\slmgr 2015-06-03 02:27 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spp 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Speech 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NetworkList 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI 2015-06-03 02:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com 2015-06-03 02:26 - 2011-03-09 11:51 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-03 02:26 - 2011-03-09 11:51 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-03 02:26 - 2010-08-19 02:08 - 00000000 ____D () C:\ProgramData\WildTangent 2015-06-03 02:26 - 2010-08-19 02:06 - 00000000 ____D () C:\ProgramData\Norton 2015-06-03 02:26 - 2010-08-19 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star 2015-06-03 02:26 - 2010-08-19 01:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling 2015-06-03 02:26 - 2010-08-17 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-06-03 02:26 - 2010-08-17 07:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-06-03 02:26 - 2010-08-17 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media 2015-06-03 02:26 - 2010-08-17 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X3 2015-06-03 02:26 - 2010-08-17 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3 2015-06-03 02:26 - 2010-08-17 06:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager 2015-06-03 02:26 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-03 02:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech 2015-06-03 02:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security 2015-06-03 02:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas 2015-06-03 02:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2015-06-03 02:25 - 2010-08-19 02:08 - 00000000 ____D () C:\Program Files (x86)\HP Games 2015-06-03 02:25 - 2010-08-17 08:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-06-03 02:25 - 2010-08-17 06:27 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2015-06-03 02:25 - 2010-08-17 05:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-06-03 02:25 - 2010-08-17 05:39 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2015-06-03 02:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-06-03 02:24 - 2015-04-30 07:53 - 00000000 ____D () C:\017ac5e64d286917ae2b 2015-06-03 02:24 - 2015-04-22 08:28 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-06-03 02:24 - 2014-10-14 12:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-06-03 02:24 - 2014-09-22 13:49 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-06-03 02:23 - 2015-04-22 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-06-03 02:23 - 2015-04-22 08:41 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-06-03 02:23 - 2015-04-22 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-06-03 02:23 - 2015-04-20 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-03 02:23 - 2015-04-20 22:28 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0 2015-06-03 02:23 - 2013-07-07 17:17 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2015-06-03 02:23 - 2013-07-07 15:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\GG 2015-06-03 02:23 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-06-03 02:21 - 2010-08-19 01:46 - 00099544 _____ () C:\Windows\WindowsUpdate.log 2015-06-03 02:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2015-06-03 02:18 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-03 02:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-03 02:17 - 2009-07-14 06:51 - 00047501 _____ () C:\Windows\setupact.log 2015-06-03 02:16 - 2010-08-19 01:51 - 00010368 _____ () C:\Windows\PFRO.log 2015-06-03 02:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2015-06-03 02:08 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-03 02:08 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-03 02:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2015-06-03 02:03 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-06-03 02:00 - 2010-08-17 07:12 - 00000000 ____D () C:\ProgramData\Corel 2015-06-03 01:59 - 2010-12-21 23:58 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2015-06-03 01:58 - 2010-08-17 08:03 - 00000000 ____D () C:\Program Files (x86)\EasyBits For Kids 2015-06-03 01:44 - 2015-04-08 21:17 - 00000000 ____D () C:\Users\user\AppData\Local\OpenFM 2015-06-03 01:44 - 2014-03-18 17:04 - 00000000 ____D () C:\Windows\pss 2015-06-03 01:44 - 2013-05-16 15:58 - 00000000 ____D () C:\Program Files\AVAST Software 2015-06-03 01:44 - 2013-05-16 15:57 - 00000000 ____D () C:\ProgramData\AVAST Software ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-17 03:41 ==================== End of log ============================