Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01 Ran by Edyta (administrator) on EDYTKA on 19-07-2015 16:34:55 Running from C:\Users\Edyta\Downloads Loaded Profiles: Edyta (Available Profiles: Edyta & Administrator) Platform: Windows 8 (X64) OS Language: English (United Kingdom) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exe (REALiX) C:\Users\Edyta\Documents\hw64_500\HWiNFO64.exe (Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\PluginContainer.exe () C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\Updater.exe () C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugins\2\Plugin.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4279228227-215742994-1318027649-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com SearchScopes: HKU\S-1-5-21-4279228227-215742994-1318027649-1001 -> DefaultScope {A9A9ECA3-DEA4-482B-AD43-46692B227404} URL = BHO-x32: Wander Burst -> {0f4e02f8-f10e-493d-a1a7-3aed7ba7b110} -> C:\Program Files (x86)\Wander Burst\Extensions\0f4e02f8-f10e-493d-a1a7-3aed7ba7b110.dll [2015-07-19] () Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{D25B177E-E246-454C-86B2-24906EC3C2A7}: [DhcpNameServer] 192.168.1.1 FireFox: ======== ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 Service Mgr WanderBurst; C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\plugincontainer.exe [651488 2015-07-19] () R2 Update Mgr WanderBurst; C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe [569056 2015-07-19] () R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows (R) Win 7 DDK provider) R3 HWiNFO32; \??\C:\Users\Edyta\AppData\Local\Temp\HWiNFO64A.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-19 16:34 - 2015-07-19 16:35 - 00005509 _____ C:\Users\Edyta\Downloads\FRST.txt 2015-07-19 15:45 - 2015-07-19 15:46 - 00000000 ____D C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511 2015-07-19 15:45 - 2015-07-19 15:45 - 00001186 _____ C:\Users\Edyta\Desktop\CrystalDiskInfo.lnk 2015-07-19 15:45 - 2015-07-19 15:45 - 00000000 ____D C:\Users\Edyta\AppData\Roaming\OpenCandy 2015-07-19 15:45 - 2015-07-19 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2015-07-19 15:45 - 2015-07-19 15:45 - 00000000 ____D C:\Program Files (x86)\Wander Burst 2015-07-19 15:45 - 2015-07-19 15:45 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo 2015-07-19 15:43 - 2015-07-19 15:43 - 03907296 _____ (Crystal Dew World ) C:\Users\Edyta\Downloads\CrystalDiskInfo6_5_2-en.exe 2015-07-19 15:19 - 2015-07-19 15:28 - 00000000 ____D C:\Users\Edyta\Documents\hw64_500 2015-07-17 20:42 - 2015-07-17 20:45 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-07-17 20:42 - 2015-07-03 08:43 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-07-17 17:29 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-07-17 17:29 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-07-16 00:01 - 2015-07-16 19:53 - 00000000 ____D C:\Windows.old 2015-07-16 00:01 - 2015-07-16 00:01 - 00262144 _____ C:\WINDOWS\system32\config\userdiff 2015-07-15 23:47 - 2015-07-15 23:47 - 00000000 ____D C:\$WINDOWS.~BT 2015-07-15 23:45 - 2015-07-16 19:39 - 00000000 ___HD C:\$SysReset 2015-07-15 23:22 - 2015-07-15 23:22 - 00000000 ____D C:\ProgramData\Samsung 2015-07-15 23:22 - 2015-07-15 23:22 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate 2015-07-15 22:54 - 2015-07-05 11:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-07-15 22:32 - 2014-05-15 02:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-07-15 22:32 - 2014-05-14 23:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-07-15 22:32 - 2014-05-14 23:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-07-15 22:32 - 2014-05-14 23:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-07-15 22:32 - 2014-05-14 23:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2015-07-15 22:32 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-07-15 22:32 - 2012-11-06 05:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll 2015-07-15 22:32 - 2012-11-06 05:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll 2015-07-15 22:26 - 2015-07-15 22:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2015-07-15 22:26 - 2015-07-15 22:26 - 00000000 ____D C:\Program Files\Common Files\Intel 2015-07-15 22:26 - 2015-07-15 22:26 - 00000000 ____D C:\Program Files (x86)\Cisco 2015-07-15 22:25 - 2015-07-15 22:25 - 00000000 ____D C:\ProgramData\Package Cache 2015-07-15 22:23 - 2015-07-15 22:23 - 00000000 ____D C:\Users\Edyta\AppData\Roaming\Macromedia 2015-07-15 22:23 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2015-07-15 22:23 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2015-07-15 22:22 - 2015-07-15 23:21 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4279228227-215742994-1318027649-1001 2015-07-15 22:17 - 2015-07-15 22:17 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2015-07-15 22:16 - 2015-07-15 22:16 - 00001430 _____ C:\Users\Edyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-15 22:16 - 2015-07-15 22:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2015-07-15 22:16 - 2015-07-15 22:16 - 00000000 ____D C:\Users\Edyta\AppData\Roaming\Adobe 2015-07-15 22:14 - 2015-07-15 23:28 - 00000000 ____D C:\Users\Edyta\AppData\Local\Packages 2015-07-15 22:14 - 2015-07-15 22:14 - 00000020 ___SH C:\Users\Edyta\ntuser.ini 2015-07-15 22:14 - 2015-07-15 22:14 - 00000000 ____D C:\Users\Edyta\AppData\Roaming\Intel 2015-07-15 22:14 - 2015-07-15 22:14 - 00000000 ____D C:\Users\Edyta\AppData\Local\VirtualStore 2015-07-15 22:04 - 2015-07-19 16:33 - 00000000 ____D C:\Users\Edyta 2015-07-15 22:04 - 2015-07-15 22:05 - 00017148 _____ C:\WINDOWS\diagwrn.xml 2015-07-15 22:04 - 2015-07-15 22:05 - 00017148 _____ C:\WINDOWS\diagerr.xml 2015-07-15 22:04 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\Edyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-07-15 22:04 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\Edyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-15 22:04 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\Edyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-07-15 22:04 - 2012-07-26 09:13 - 00000000 ____D C:\Users\Edyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-07-15 22:02 - 2015-07-15 22:12 - 00281088 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-07-14 23:07 - 2015-07-14 23:07 - 00000000 __SHD C:\found.000 2015-07-14 21:51 - 2015-07-14 21:51 - 00380416 _____ C:\Users\Edyta\Downloads\zy6yzbws.exe 2015-07-14 21:44 - 2015-07-19 16:34 - 00000000 ____D C:\Users\Edyta\Downloads\FRST-OlderVersion 2015-07-11 18:36 - 2015-07-19 16:34 - 00000000 ____D C:\FRST 2015-07-11 18:35 - 2015-07-19 16:34 - 02134528 _____ (Farbar) C:\Users\Edyta\Downloads\FRST64.exe 2015-07-11 18:25 - 2015-07-11 18:25 - 00619688 _____ (Duplex Secure Ltd) C:\Users\Edyta\Downloads\SPTDinst-v187-x64.exe 2015-07-11 17:02 - 2015-04-09 17:09 - 00049664 _____ C:\Users\Edyta\Desktop\Avstämning_sociala_avgifter.xls 2015-07-11 16:54 - 2015-07-11 16:54 - 00000000 ____D C:\Users\Edyta\Desktop\Aib ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-19 16:29 - 2012-11-13 22:52 - 01138356 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-19 16:19 - 2013-05-19 19:03 - 00848896 ___SH C:\Users\Edyta\Desktop\Thumbs.db 2015-07-19 16:19 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-07-19 16:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru 2015-07-19 15:25 - 2014-07-23 21:48 - 00001112 _____ C:\Users\Edyta\Desktop\µTorrent.lnk 2015-07-17 15:28 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2015-07-16 00:01 - 2012-07-26 09:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template 2015-07-15 22:55 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2015-07-15 22:34 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-07-15 22:27 - 2012-11-14 01:51 - 00725978 _____ C:\WINDOWS\system32\perfh01D.dat 2015-07-15 22:27 - 2012-11-14 01:51 - 00153132 _____ C:\WINDOWS\system32\perfc01D.dat 2015-07-15 22:27 - 2012-11-14 01:43 - 00454218 _____ C:\WINDOWS\system32\perfh014.dat 2015-07-15 22:27 - 2012-11-14 01:43 - 00081138 _____ C:\WINDOWS\system32\perfc014.dat 2015-07-15 22:27 - 2012-11-14 01:35 - 00439770 _____ C:\WINDOWS\system32\perfh00B.dat 2015-07-15 22:27 - 2012-11-14 01:35 - 00085674 _____ C:\WINDOWS\system32\perfc00B.dat 2015-07-15 22:27 - 2012-11-14 01:27 - 00469132 _____ C:\WINDOWS\system32\perfh006.dat 2015-07-15 22:27 - 2012-11-14 01:27 - 00083646 _____ C:\WINDOWS\system32\perfc006.dat 2015-07-15 22:27 - 2012-11-13 22:49 - 00000000 ____D C:\ProgramData\Intel 2015-07-15 22:27 - 2012-07-26 08:28 - 03259898 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-07-15 22:26 - 2012-11-13 22:49 - 00000000 ____D C:\Program Files\Intel 2015-07-15 22:26 - 2012-11-13 22:49 - 00000000 ____D C:\Program Files (x86)\Intel 2015-07-15 22:14 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-07-15 22:14 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore 2015-07-15 22:13 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-15 22:12 - 2012-08-05 22:07 - 00001944 _____ C:\WINDOWS\PFRO.log 2015-07-15 22:11 - 2012-08-05 23:07 - 00000000 ___DC C:\WINDOWS\Panther 2015-07-15 22:11 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-07-15 22:05 - 2012-07-26 09:12 - 00000000 __RHD C:\Users\Public\Libraries 2015-07-15 22:05 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\Recovery 2015-07-15 22:05 - 2012-07-26 08:21 - 00023899 _____ C:\WINDOWS\setupact.log 2015-07-15 21:30 - 2014-05-16 19:05 - 00000000 __RDO C:\Users\Edyta\OneDrive 2015-07-11 18:52 - 2013-11-28 20:05 - 00173056 ___SH C:\Users\Edyta\Documents\Thumbs.db ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2012-08-05 22:07 ==================== End of log ============================