Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-03-2016 Ran by jola (administrator) on JOLA-LAPTOP (01-03-2016 17:46:33) Running from C:\Users\jola\Downloads\Programs Loaded Profiles: jola (Available Profiles: jola) Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\loggingserver.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-02-24] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2874440 2016-02-22] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1969394032-2968187218-3225461528-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3933392 2016-02-11] (Tonec Inc.) HKU\S-1-5-21-1969394032-2968187218-3225461528-1000\...\MountPoints2: {0a597743-4b9d-11e5-9273-e5721d96cf72} - G:\LaunchU3.exe -a ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9548E4E6-F89A-4D33-B0C5-5840817B9F72}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1969394032-2968187218-3225461528-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKU\S-1-5-21-1969394032-2968187218-3225461528-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKU\S-1-5-21-1969394032-2968187218-3225461528-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F96206BE-BB94-4010-85C0-7A13E8E1D4CB}&mid=9fbbc916425047cd8dc9d16acdabf1f1-8c6f0904766649064817fcc983efa96ffb92427a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1215av&pr=fr&d=2015-12-04 16:37:18&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1969394032-2968187218-3225461528-1000 -> {C9637372-2A07-4FD2-A350-1D0ECE84C49B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-05] (Oracle Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll [2016-02-22] (AVG) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-05] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\jola\AppData\Roaming\Mozilla\Firefox\Profiles\6qf8su6p.default FF DefaultSearchEngine: AVG Secure Search FF Homepage: hxxps://www.google.com/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-21] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-21] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.6\\npsitesafety.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF SearchPlugin: C:\Users\jola\AppData\Roaming\Mozilla\Firefox\Profiles\6qf8su6p.default\searchplugins\avg-secure-search.xml [2016-02-22] FF SearchPlugin: C:\Users\jola\AppData\Roaming\Mozilla\Firefox\Profiles\6qf8su6p.default\searchplugins\yahoo-ysp.xml [2015-11-18] FF Extension: All-in-One Sidebar - C:\Users\jola\AppData\Roaming\Mozilla\Firefox\Profiles\6qf8su6p.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2016-01-05] FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27] FF Extension: AVG Web TuneUp - C:\Users\jola\AppData\Roaming\Mozilla\Firefox\Profiles\6qf8su6p.default\extensions\avg@toolbar.xpi [2016-02-22] FF Extension: New Tab by Yahoo - C:\Users\jola\AppData\Roaming\Mozilla\Firefox\Profiles\6qf8su6p.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [not signed] FF Extension: Adblock Plus - C:\Users\jola\AppData\Roaming\Mozilla\Firefox\Profiles\6qf8su6p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-08-28] [not signed] FF HKU\S-1-5-21-1969394032-2968187218-3225461528-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-1969394032-2968187218-3225461528-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\jola\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\jola\AppData\Roaming\IDM\idmmzcc5 [2016-03-01] [not signed] FF HKU\S-1-5-21-1969394032-2968187218-3225461528-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi Chrome: ======= CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-02-24] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-24] (AVG Technologies CZ, s.r.o.) R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) R2 vToolbarUpdater40.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-22] (AVG Secure Search) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-02-22] () R2 yksvc; RUNDLL32.EXE ykx64mpcoinst,serviceStartProc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-02-15] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.) R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.) R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [63264 2008-12-11] (O2Micro ) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-01 17:45 - 2016-03-01 17:46 - 00000000 ____D C:\FRST 2016-03-01 17:34 - 2016-03-01 17:34 - 00000000 ____D C:\Users\jola\AppData\Roaming\AVG 2016-03-01 17:31 - 2016-03-01 17:31 - 00000843 _____ C:\Users\Public\Desktop\AVG Protection.lnk 2016-03-01 17:26 - 2016-03-01 17:29 - 00000000 ____D C:\ProgramData\Avg 2016-03-01 17:25 - 2016-03-01 17:27 - 00000000 ____D C:\Users\jola\AppData\Local\AvgSetupLog 2016-02-21 17:45 - 2016-02-23 18:38 - 00000000 ____D C:\ProgramData\firebird 2016-02-21 17:45 - 2016-02-21 17:45 - 00000000 ____D C:\Users\jola\AppData\Local\SpacialAudio 2016-02-21 17:42 - 2016-02-21 17:42 - 00001863 _____ C:\Users\jola\Desktop\SAM Broadcaster.lnk 2016-02-21 17:42 - 2016-02-21 17:42 - 00000000 ____D C:\Users\jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster 2016-02-21 17:42 - 2016-02-21 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32) 2016-02-21 17:42 - 2016-02-21 17:42 - 00000000 ____D C:\Program Files (x86)\SpacialAudio 2016-02-21 17:42 - 2016-02-21 17:42 - 00000000 ____D C:\Program Files (x86)\Firebird 2016-02-21 17:42 - 2010-09-17 11:13 - 00548864 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL 2016-02-21 17:18 - 2016-02-21 17:18 - 45993886 _____ C:\Users\jola\Desktop\SAM.Broadcaster.x86.v4.9.1-RES-patch.rar 2016-02-21 17:00 - 2016-02-21 17:00 - 00000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-02-15 16:38 - 2016-02-15 16:38 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2016-02-11 18:33 - 2016-02-17 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-11 09:26 - 2016-01-28 04:20 - 00209056 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2016-02-10 17:20 - 2016-01-07 10:27 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-02-10 17:19 - 2016-01-29 22:09 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-02-10 17:19 - 2016-01-29 21:44 - 01915392 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-02-10 17:19 - 2016-01-09 12:06 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-02-10 17:19 - 2016-01-09 11:42 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-02-10 17:15 - 2016-02-01 12:25 - 01589376 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-02-10 17:15 - 2016-02-01 12:25 - 01171696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdohlp.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax 2016-02-10 17:15 - 2016-01-29 22:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbeio.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-02-10 17:15 - 2016-01-29 22:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-02-10 17:15 - 2016-01-29 22:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-02-10 17:15 - 2016-01-29 22:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll 2016-02-10 17:15 - 2016-01-29 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-02-10 17:15 - 2016-01-29 22:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax 2016-02-10 17:15 - 2016-01-29 22:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax 2016-02-10 17:15 - 2016-01-29 22:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax 2016-02-10 17:15 - 2016-01-29 22:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasads.dll 2016-02-10 17:15 - 2016-01-29 22:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasdatastore.dll 2016-02-10 17:15 - 2016-01-29 22:07 - 00802304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-02-10 17:15 - 2016-01-29 21:48 - 04693952 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-02-10 17:15 - 2016-01-29 21:44 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax 2016-02-10 17:15 - 2016-01-29 21:44 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax 2016-02-10 17:15 - 2016-01-29 21:44 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax 2016-02-10 17:15 - 2016-01-29 21:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-02-10 17:15 - 2016-01-29 21:44 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-02-10 17:15 - 2016-01-29 21:43 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-02-10 17:15 - 2016-01-29 21:43 - 01067008 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-02-10 17:15 - 2016-01-29 21:43 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll 2016-02-10 17:15 - 2016-01-29 21:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax 2016-02-10 17:15 - 2016-01-29 21:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-02-10 17:15 - 2016-01-29 21:43 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll 2016-02-10 17:15 - 2016-01-29 21:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll 2016-02-10 17:15 - 2016-01-29 20:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe 2016-02-10 17:15 - 2016-01-29 20:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-02-10 17:15 - 2016-01-29 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iashost.exe 2016-02-10 17:15 - 2016-01-29 20:24 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-02-10 17:15 - 2016-01-29 20:24 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-02-10 17:15 - 2016-01-29 20:24 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-02-10 17:14 - 2016-01-07 10:32 - 02799104 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-02-09 17:44 - 2016-01-25 00:35 - 17894400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-02-09 17:44 - 2016-01-25 00:33 - 02351104 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-02-09 17:44 - 2016-01-25 00:28 - 10938880 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-02-09 17:44 - 2016-01-25 00:27 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-02-09 17:44 - 2016-01-25 00:27 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-02-09 17:44 - 2016-01-25 00:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-02-09 17:44 - 2016-01-25 00:26 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-02-09 17:44 - 2016-01-25 00:26 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-02-09 17:44 - 2016-01-25 00:25 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-02-09 17:44 - 2016-01-25 00:25 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-02-09 17:44 - 2016-01-25 00:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2016-02-09 17:44 - 2016-01-25 00:25 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2016-02-09 17:44 - 2016-01-24 23:59 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-02-09 17:44 - 2016-01-24 23:57 - 12391424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-02-09 17:44 - 2016-01-24 23:55 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-02-09 17:44 - 2016-01-24 23:54 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-02-09 17:44 - 2016-01-24 23:53 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-02-09 17:44 - 2016-01-24 23:52 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-02-09 17:44 - 2016-01-24 23:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-02-09 17:44 - 2016-01-24 23:52 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-02-09 17:44 - 2016-01-24 23:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-02-09 17:44 - 2016-01-24 23:52 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-02-09 17:44 - 2016-01-24 23:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2016-02-09 17:44 - 2016-01-24 23:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-02-09 17:44 - 2016-01-24 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-02-09 17:44 - 2016-01-24 23:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-02-09 17:44 - 2016-01-24 23:51 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-02-09 17:44 - 2016-01-24 23:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-02-09 17:44 - 2016-01-24 23:51 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-02-09 17:44 - 2016-01-24 23:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-02-09 17:44 - 2016-01-24 23:51 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2016-02-09 17:44 - 2016-01-24 23:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2016-02-09 17:43 - 2016-01-25 00:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2016-02-09 17:43 - 2016-01-24 23:54 - 09753600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-02-09 17:43 - 2016-01-24 23:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2016-02-03 11:53 - 2016-02-03 11:53 - 00378288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-01 17:44 - 2006-11-02 10:22 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-01 17:44 - 2006-11-02 10:22 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-01 17:40 - 2015-08-26 19:19 - 00000000 ____D C:\ProgramData\MFAData 2016-03-01 17:37 - 2015-09-17 17:42 - 00000000 ____D C:\Users\jola\AppData\Local\Avg 2016-03-01 17:35 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-01 17:34 - 2015-08-28 16:03 - 00000000 ____D C:\Users\jola\AppData\Roaming\DMCache 2016-03-01 17:34 - 2015-08-26 19:21 - 00000000 ____D C:\Program Files (x86)\AVG 2016-03-01 17:34 - 2006-11-02 10:42 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-03-01 17:33 - 2015-08-26 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-03-01 17:33 - 2015-08-26 19:21 - 00000000 ___HD C:\$AVG 2016-02-23 18:28 - 2015-08-28 16:35 - 00000000 ____D C:\totalcmd 2016-02-23 18:04 - 2015-08-28 15:42 - 00000000 ____D C:\Users\jola\AppData\Roaming\Skype 2016-02-23 16:19 - 2015-09-09 15:20 - 00000000 ____D C:\Users\jola\Desktop\ściągane 2016-02-23 15:04 - 2015-12-04 16:37 - 00000000 ____D C:\Users\jola\AppData\Local\AVG Web TuneUp 2016-02-22 18:27 - 2015-12-04 16:37 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2016-02-22 18:26 - 2015-12-04 16:36 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp 2016-02-22 18:26 - 2015-08-25 21:59 - 00049168 _____ C:\Users\jola\AppData\Local\GDIPFONTCACHEV1.DAT 2016-02-22 18:25 - 2015-08-28 16:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-22 18:25 - 2006-11-02 10:21 - 00237480 _____ C:\Windows\system32\FNTCACHE.DAT 2016-02-21 17:45 - 2015-08-25 21:59 - 00000000 ____D C:\Users\jola\AppData\Local\VirtualStore 2016-02-21 17:01 - 2015-08-26 19:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-02-21 16:56 - 2015-08-28 16:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-21 16:56 - 2015-08-28 16:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-21 16:56 - 2015-08-28 16:39 - 00003684 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-02-21 16:55 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf 2016-02-21 16:55 - 2006-11-02 07:46 - 00758862 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-17 20:39 - 2015-08-28 16:25 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2016-02-17 20:39 - 2015-08-26 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-17 20:34 - 2015-08-28 16:26 - 00000000 ____D C:\Users\jola\AppData\Roaming\IDM 2016-02-10 18:21 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache 2016-02-10 18:00 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-10 18:00 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Collaboration 2016-02-10 17:45 - 2015-08-27 15:38 - 00000000 ____D C:\Windows\system32\MRT 2016-02-10 17:38 - 2006-11-02 07:35 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-02-05 22:05 - 2015-08-28 16:00 - 00000000 ____D C:\Users\jola\.oracle_jre_usage 2016-02-05 22:05 - 2015-08-28 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-05 22:05 - 2015-08-28 15:59 - 00000000 ____D C:\ProgramData\Oracle 2016-02-05 22:05 - 2015-08-28 15:59 - 00000000 ____D C:\Program Files (x86)\Java 2016-02-05 22:04 - 2015-08-28 16:00 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ==================== Files in the root of some directories ======= 2015-08-27 14:04 - 2015-08-27 14:04 - 0024226 _____ () C:\Users\jola\AppData\Roaming\UserTile.png 2015-08-25 21:59 - 2015-08-26 18:57 - 0000732 _____ () C:\Users\jola\AppData\Local\d3d9caps64.dat Some files in TEMP: ==================== C:\Users\jola\AppData\Local\Temp\avg-0da87f3b-4658-4e06-a467-9257f2476b3f.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-01 17:42 ==================== End of FRST.txt ============================