Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by Joanna (administrator) on HP on 16-07-2015 00:56:45 Running from C:\Users\Joanna\Desktop\Nowy folder Loaded Profiles: Joanna (Available Profiles: Joanna) Platform: Windows 8.1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files (x86)\RegCleaner\RegCleanr.exe () C:\Users\Joanna\Desktop\Nowy folder\AdwCleaner.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (OldTimer Tools) C:\Users\Joanna\Desktop\Nowy folder\OTL.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] (Atheros Communications) HKU\S-1-5-21-2515682888-3305128835-3166960817-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2515682888-3305128835-3166960817-1002\...\Run: [Spotify] => C:\Users\Joanna\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-15] (Spotify Ltd) HKU\S-1-5-21-2515682888-3305128835-3166960817-1002\...\MountPoints2: {c90766d4-5153-11e4-bebd-a4db303e0c3e} - "G:\LGAutoRun.exe" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1434920034&z=134341ae5efaed6263b7572g2z4caz8t5o7ebe4cae&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX21A830474904749 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1434920034&z=134341ae5efaed6263b7572g2z4caz8t5o7ebe4cae&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX21A830474904749&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1434920034&z=134341ae5efaed6263b7572g2z4caz8t5o7ebe4cae&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX21A830474904749 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1434920034&z=134341ae5efaed6263b7572g2z4caz8t5o7ebe4cae&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX21A830474904749&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2515682888-3305128835-3166960817-1002\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1434920034&z=134341ae5efaed6263b7572g2z4caz8t5o7ebe4cae&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX21A830474904749&q={searchTerms} SearchScopes: HKLM -> {23A0AE0F-606D-418B-B5C5-C1BCA96DC33C} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1434920034&z=134341ae5efaed6263b7572g2z4caz8t5o7ebe4cae&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX21A830474904749&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2515682888-3305128835-3166960817-1002 -> OldSearch URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX21A830474904749&ts=1434920134&type=default&q={searchTerms} BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File Toolbar: HKU\S-1-5-21-2515682888-3305128835-3166960817-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2515682888-3305128835-3166960817-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Winsock: Missing Catalog5 entry, broken internet access. <===== ATTENTION. Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{33B3126F-BD8E-4ACE-B987-CD0F775C4A83}: [DhcpNameServer] 10.106.12.27 Tcpip\..\Interfaces\{50B133F5-93A7-4BD0-A3F9-D8F75DF82319}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{50B133F5-93A7-4BD0-A3F9-D8F75DF82319}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11] CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11] CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11] CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11] CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-26] CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11] CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11] CHR HKU\S-1-5-21-2515682888-3305128835-3166960817-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-05] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-12-10] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-08] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-08] (Synaptics Incorporated) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-16 01:00 - 2015-07-16 01:00 - 00000928 _____ C:\Users\Public\Desktop\AIMP3.lnk 2015-07-16 00:55 - 2015-07-16 00:56 - 00000000 ____D C:\FRST 2015-07-16 00:54 - 2015-07-16 00:54 - 00001209 _____ C:\Users\Joanna\Desktop\CrystalDiskInfo.lnk 2015-07-16 00:54 - 2015-07-16 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2015-07-16 00:54 - 2015-07-16 00:54 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo 2015-07-16 00:51 - 2015-07-16 00:51 - 00000981 _____ C:\Users\Joanna\Desktop\RegCleaner.lnk 2015-07-16 00:51 - 2015-07-16 00:51 - 00000000 ____D C:\Program Files (x86)\RegCleaner 2015-07-16 00:50 - 2015-07-16 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-07-16 00:50 - 2014-12-21 15:58 - 03570688 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll 2015-07-16 00:50 - 2014-12-21 15:57 - 03588608 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll 2015-07-16 00:50 - 2014-12-05 00:56 - 00729088 _____ C:\WINDOWS\system32\xvidcore.dll 2015-07-16 00:50 - 2014-12-05 00:55 - 00655872 _____ C:\WINDOWS\SysWOW64\xvidcore.dll 2015-07-16 00:50 - 2014-11-14 16:12 - 00254976 _____ C:\WINDOWS\system32\xvidvfw.dll 2015-07-16 00:50 - 2014-11-14 16:11 - 00240128 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll 2015-07-16 00:50 - 2012-07-21 13:55 - 00180736 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm 2015-07-16 00:50 - 2012-07-21 13:54 - 00122880 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm 2015-07-16 00:50 - 2011-12-07 20:37 - 00148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll 2015-07-16 00:50 - 2011-12-07 20:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll 2015-07-16 00:49 - 2015-07-16 00:49 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2015-07-16 00:49 - 2015-01-13 20:00 - 00112640 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll 2015-07-16 00:49 - 2014-12-02 16:10 - 00260184 _____ C:\WINDOWS\system32\unrar64.dll 2015-07-16 00:49 - 2014-12-02 16:10 - 00218712 _____ C:\WINDOWS\SysWOW64\unrar.dll 2015-07-16 00:48 - 2015-07-16 00:53 - 00000000 ____D C:\AdwCleaner 2015-07-16 00:47 - 2015-07-16 00:58 - 00000000 ____D C:\Users\Joanna\Desktop\Nowy folder 2015-07-16 00:32 - 2015-07-16 00:32 - 00000886 _____ C:\Users\Joanna\Documents\Pobrane — skrót.lnk 2015-07-16 00:14 - 2015-07-16 00:14 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-07-15 23:53 - 2015-07-15 23:53 - 00007605 _____ C:\Users\Joanna\AppData\Local\Resmon.ResmonCfg 2015-07-15 22:02 - 2015-07-15 22:15 - 00013029 _____ C:\Users\Joanna\Desktop\fix.txt 2015-07-15 21:30 - 2015-07-15 21:30 - 00380416 _____ C:\Users\Joanna\Downloads\1pekjwqz.exe 2015-06-23 20:08 - 2015-06-23 20:08 - 00000000 ____D C:\Users\Joanna\AppData\Local\Avg 2015-06-21 23:43 - 2015-07-15 23:46 - 00000000 ____D C:\Program Files\Common Files\AV 2015-06-21 23:20 - 2015-07-16 00:41 - 00000000 ____D C:\Users\Joanna\AppData\Local\Spotify 2015-06-21 23:20 - 2015-06-21 23:53 - 00001825 _____ C:\Users\Joanna\Desktop\Spotify.lnk 2015-06-21 23:20 - 2015-06-21 23:53 - 00001811 _____ C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-06-21 23:19 - 2015-07-15 22:15 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Spotify 2015-06-21 22:55 - 2015-06-21 22:55 - 00000000 ____D C:\ProgramData\IHProtectUpDate 2015-06-21 22:53 - 2015-06-21 22:53 - 00003198 _____ C:\WINDOWS\System32\Tasks\Web Protector Plus Server 2015-06-21 22:53 - 2015-06-21 22:53 - 00003168 _____ C:\WINDOWS\System32\Tasks\Web Protector Plus 2015-06-21 22:53 - 2015-06-21 22:53 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Mozilla 2015-06-21 22:53 - 2015-06-21 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Protector Plus 2015-06-20 10:18 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2015-06-20 10:18 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-06-20 10:18 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-16 01:00 - 2013-12-29 15:04 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\AIMP3 2015-07-16 00:55 - 2014-12-10 21:11 - 02004870 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-16 00:51 - 2013-12-22 19:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2515682888-3305128835-3166960817-1002 2015-07-16 00:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-07-16 00:47 - 2015-04-17 12:29 - 00009687 _____ C:\WINDOWS\setupact.log 2015-07-16 00:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-07-16 00:42 - 2015-04-15 15:20 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-07-16 00:42 - 2013-12-17 11:07 - 00000000 ____D C:\Users\Joanna\Documents\Bluetooth Folder 2015-07-16 00:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-07-16 00:34 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-16 00:33 - 2014-09-24 07:58 - 00697374 _____ C:\WINDOWS\PFRO.log 2015-07-16 00:33 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-07-16 00:14 - 2013-10-11 14:20 - 00000000 ____D C:\Program Files (x86)\Realtek 2015-07-15 23:47 - 2014-11-22 13:27 - 00000000 ____D C:\ProgramData\AVG2015 2015-07-15 23:47 - 2014-07-01 12:27 - 00000000 ____D C:\ProgramData\MFAData 2015-07-15 23:45 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-07-15 23:16 - 2015-05-15 00:12 - 00000000 ____D C:\Program Files\Google 2015-07-15 23:16 - 2013-12-19 17:58 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-15 23:04 - 2013-06-05 19:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-07-15 23:04 - 2013-06-05 19:07 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-07-15 23:03 - 2013-06-05 19:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2015-07-15 23:03 - 2013-01-14 21:16 - 00000000 ____D C:\Program Files\Hewlett-Packard 2015-07-15 22:59 - 2013-12-19 09:37 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\hpqlog 2015-07-15 22:58 - 2013-10-11 14:40 - 00000000 ____D C:\ProgramData\CyberLink 2015-07-15 22:58 - 2013-10-11 14:36 - 00000000 ____D C:\Program Files (x86)\CyberLink 2015-07-15 22:58 - 2013-06-05 19:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-15 22:53 - 2013-12-19 16:47 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\CyberLink 2015-07-15 22:51 - 2013-12-19 17:58 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google 2015-07-15 21:45 - 2015-04-09 17:31 - 00004034 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-15 21:45 - 2015-04-09 17:31 - 00003798 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-15 20:33 - 2014-09-24 17:08 - 02026164 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-07-15 20:33 - 2014-09-24 16:35 - 00878416 _____ C:\WINDOWS\system32\perfh015.dat 2015-07-15 20:33 - 2014-09-24 16:35 - 00198680 _____ C:\WINDOWS\system32\perfc015.dat 2015-07-15 20:29 - 2015-02-04 10:01 - 00003964 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCB004D3-DE59-483B-AFD9-6290456E718E} 2015-07-15 12:54 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-07-15 12:06 - 2015-04-09 17:32 - 00002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-14 23:00 - 2014-12-10 21:25 - 00000000 ____D C:\Users\Joanna 2015-07-14 22:34 - 2014-12-16 17:35 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoanna.job 2015-07-14 22:20 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2015-07-12 20:35 - 2014-11-21 22:31 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-07-08 18:40 - 2013-12-17 11:07 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Atheros 2015-06-22 22:34 - 2014-12-16 17:35 - 00003158 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoanna 2015-06-21 22:54 - 2015-02-04 10:01 - 00000000 __SHD C:\Users\Joanna\AppData\Local\EmieUserList 2015-06-21 22:54 - 2015-02-04 10:01 - 00000000 __SHD C:\Users\Joanna\AppData\Local\EmieSiteList 2015-06-21 22:54 - 2015-02-04 10:01 - 00000000 __SHD C:\Users\Joanna\AppData\Local\EmieBrowserModeList 2015-06-21 20:07 - 2012-07-26 07:26 - 00000367 _____ C:\WINDOWS\win.ini 2015-06-20 18:17 - 2015-04-17 12:27 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-06-20 18:17 - 2014-09-24 18:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2015-06-17 18:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2015-06-17 09:09 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-06-16 23:45 - 2014-01-11 00:58 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-16 23:31 - 2014-01-11 00:57 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2015-07-15 23:53 - 2015-07-15 23:53 - 0007605 _____ () C:\Users\Joanna\AppData\Local\Resmon.ResmonCfg 2014-10-10 13:55 - 2014-10-10 13:56 - 0000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe C:\Users\Joanna\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-06 21:47 ==================== End of log ============================