Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Administrator (administrator) on VAIO on 07-04-2015 22:12:36 Running from C:\Users\Administrator\Downloads Loaded Profiles: Administrator (Available profiles: Administrator & Gość) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe (National Instruments Corporation) C:\Windows\SysWOW64\nisvcloc.exe (Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe (Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Mozilla Corporation) C:\Program Files (x86)\Aurora\firefox.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2012-03-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 2008-03-03] () HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKU\S-1-5-21-2948893786-2576746275-1645524499-500\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-2948893786-2576746275-1645524499-500\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-2948893786-2576746275-1645524499-500\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD) HKU\S-1-5-21-2948893786-2576746275-1645524499-500\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2948893786-2576746275-1645524499-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKU\S-1-5-21-2948893786-2576746275-1645524499-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-30] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-30] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-30] (Oracle Corporation) BHO-x32: Better-Surf -> {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} -> C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll [2013-11-25] () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-30] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8csg0rbq.default-1395484777098 FF DefaultSearchEngine,S: FF DefaultSearchUrl: FF SearchEngineOrder.1: FF SearchEngineOrder.1,S: FF SelectedSearchEngine,S: FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-05] () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-05] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-30] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-10-25] (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-10-25] (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-26] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Plugin HKU\S-1-5-21-2948893786-2576746275-1645524499-500: @coreonline.com/run3d,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Square Enix\nprun3d.dll [2012-08-23] (Square Enix) FF Plugin HKU\S-1-5-21-2948893786-2576746275-1645524499-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-05-11] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2948893786-2576746275-1645524499-500: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Extension: Flashblock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8csg0rbq.default-1395484777098\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-13] FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8csg0rbq.default-1395484777098\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [50f4938a44228@50f4938a44261.com] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\b1ltqxbe.default\extensions\50f4938a44228@50f4938a44261.com FF HKLM-x32\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files (x86)\Better-Surf\ff FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-11-29] StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Aurora\firefox.exe Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-25] (globalUpdate) [File not signed] R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-06-19] () [File not signed] S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-11-27] (Lavasoft Limited) S3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) S4 matlabserver; C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe [536576 2005-07-27] () [File not signed] R2 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13041152 2015-01-19] () [File not signed] S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2009-09-18] (Macrovision Corporation) [File not signed] R2 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation) S4 npggsvc; C:\Windows\SysWOW64\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.) [File not signed] S3 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [49152 2011-08-27] () [File not signed] S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [69632 2011-08-27] (Oracle Corporation) [File not signed] R2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [115773440 2011-08-27] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [12800 2011-08-27] (Oracle Corporation) [File not signed] R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [512000 2011-08-27] (Oracle Corporation) [File not signed] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-26] (Electronic Arts) S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types)) S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-18] () S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-28] (http://libusb-win32.sourceforge.net) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-18] () S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed] S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [77248 2004-11-25] (Protection Technology) [File not signed] S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed] S3 SaiK3611; C:\Windows\System32\DRIVERS\SaiK3611.sys [182024 2011-07-26] (Saitek) S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-20] (Duplex Secure Ltd.) S2 TVicPort; No ImagePath S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-03] (Oracle Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) U3 aecp6kid; C:\Windows\System32\Drivers\aecp6kid.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) S3 avchv; system32\DRIVERS\avchv.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] S3 dump_wmimmc; \??\D:\Gry\Lineage II\system\GameGuard\dump_wmimmc.sys [X] S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-07 22:12 - 2015-04-07 22:13 - 00020080 _____ () C:\Users\Administrator\Downloads\FRST.txt 2015-04-07 22:10 - 2015-04-07 22:12 - 00000000 ____D () C:\FRST 2015-04-07 22:10 - 2015-04-07 22:10 - 00380416 _____ () C:\Users\Administrator\Downloads\nrbo7zzr.exe 2015-04-07 22:07 - 2015-04-07 22:08 - 02095616 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2015-04-07 15:15 - 2015-04-07 15:15 - 00030305 _____ () C:\ComboFix.txt 2015-04-07 03:18 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-07 03:18 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-07 03:18 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-07 03:18 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-07 03:18 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-07 03:18 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-07 03:18 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-07 03:18 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-07 03:18 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-07 03:18 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-07 03:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-07 03:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-07 03:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-07 03:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-07 02:56 - 2015-04-07 03:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Raptr 2015-04-07 02:56 - 2015-04-07 02:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\library_dir 2015-04-07 02:56 - 2015-04-07 02:56 - 00000000 ____D () C:\Program Files (x86)\Raptr 2015-04-07 02:56 - 2015-04-07 02:56 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2015-04-07 02:55 - 2015-04-07 02:55 - 00055928 _____ () C:\Windows\SysWOW64\CCCInstall_201504070255577709.log 2015-04-07 02:54 - 2015-04-07 02:54 - 00000000 ____D () C:\Program Files\AMD 2015-04-07 02:49 - 2014-04-18 05:43 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2015-04-07 02:49 - 2014-04-18 05:42 - 08010968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2015-04-07 02:49 - 2014-04-18 05:42 - 07520200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2015-04-07 02:49 - 2014-04-18 05:42 - 06799688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2015-04-07 02:49 - 2014-04-18 05:42 - 06796592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2015-04-07 02:49 - 2014-04-18 05:42 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2015-04-07 02:49 - 2014-04-18 05:42 - 00099520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2015-04-07 02:49 - 2014-04-18 05:23 - 00231424 _____ () C:\Windows\system32\clinfo.exe 2015-04-07 02:49 - 2014-04-18 05:22 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll 2015-04-07 02:49 - 2014-04-18 05:22 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll 2015-04-07 02:49 - 2014-04-18 05:22 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2015-04-07 02:49 - 2014-04-18 05:22 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2015-04-07 02:49 - 2014-04-18 05:13 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2015-04-07 02:49 - 2014-04-18 05:13 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2015-04-07 02:49 - 2014-04-18 04:51 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2015-04-07 02:49 - 2014-04-18 04:45 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2015-04-07 02:49 - 2014-04-18 04:45 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2015-04-07 02:49 - 2014-04-18 04:28 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap 2015-04-07 02:49 - 2014-04-18 04:28 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2015-04-07 02:49 - 2014-04-18 04:21 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll 2015-04-07 02:49 - 2014-04-18 04:17 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap 2015-04-07 02:49 - 2014-04-10 20:58 - 00082128 _____ () C:\Windows\system32\ativce02.dat 2015-04-07 02:49 - 2014-04-01 01:06 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat 2015-04-07 02:49 - 2014-04-01 01:04 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat 2015-04-07 02:49 - 2014-02-06 18:45 - 00134192 _____ () C:\Windows\system32\ativce03.dat 2015-04-07 02:49 - 2014-01-16 20:00 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat 2015-04-07 02:49 - 2014-01-16 19:59 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat 2015-04-07 02:48 - 2014-04-18 05:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2015-04-07 02:48 - 2014-04-18 05:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2015-04-07 02:48 - 2014-04-18 05:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2015-04-07 02:48 - 2014-04-18 05:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2015-04-07 02:48 - 2014-04-18 05:42 - 10335208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2015-04-07 02:48 - 2014-04-18 05:42 - 08866928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2015-04-07 02:48 - 2014-04-18 05:42 - 01343272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2015-04-07 02:48 - 2014-04-18 05:42 - 01117184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2015-04-07 02:48 - 2014-04-18 05:36 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2015-04-07 02:48 - 2014-04-18 05:22 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2015-04-07 02:48 - 2014-04-18 05:19 - 24107520 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2015-04-07 02:48 - 2014-04-18 05:17 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-04-07 02:48 - 2014-04-18 05:17 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-04-07 02:48 - 2014-04-18 05:12 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2015-04-07 02:48 - 2014-04-18 05:12 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2015-04-07 02:48 - 2014-04-18 04:58 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2015-04-07 02:48 - 2014-04-18 04:46 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2015-04-07 02:48 - 2014-04-18 04:46 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb 2015-04-07 02:48 - 2014-04-18 04:46 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb 2015-04-07 02:48 - 2014-04-18 04:46 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2015-04-07 02:48 - 2014-04-18 04:46 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2015-04-07 02:48 - 2014-04-18 04:46 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2015-04-07 02:48 - 2014-04-18 04:46 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2015-04-07 02:48 - 2014-04-18 04:46 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2015-04-07 02:48 - 2014-04-18 04:42 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2015-04-07 02:48 - 2014-04-18 04:33 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2015-04-07 02:48 - 2014-04-18 04:33 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2015-04-07 02:48 - 2014-04-18 04:30 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2015-04-07 02:48 - 2014-04-18 04:30 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll 2015-04-07 02:48 - 2014-04-18 04:29 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe 2015-04-07 02:48 - 2014-04-18 04:29 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2015-04-07 02:48 - 2014-04-18 04:09 - 01177600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2015-04-07 02:48 - 2014-04-18 04:09 - 00848896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2015-04-07 02:48 - 2014-04-18 04:07 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2015-04-07 02:48 - 2014-04-18 04:07 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2015-04-07 02:48 - 2014-04-18 04:07 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2015-04-07 02:48 - 2014-04-18 04:07 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2015-04-07 02:48 - 2014-04-18 04:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2015-04-07 02:48 - 2014-04-18 04:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2015-04-07 02:48 - 2014-04-18 04:04 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2015-04-07 02:48 - 2014-01-16 11:34 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat 2015-04-07 02:37 - 2015-04-07 02:37 - 16464153 _____ () C:\Users\Administrator\Downloads\AIDA64.Extreme.5.20.3400 [PL] PORTABLE + SERIAL.rar 2015-04-07 02:21 - 2015-04-07 02:30 - 436036592 _____ (leshcat ) C:\Users\Administrator\Downloads\Catalyst_14.4_WHQL_UnifL_v2.4.exe 2015-04-07 00:41 - 2015-04-07 00:41 - 00000000 ____D () C:\SymCache 2015-04-07 00:37 - 2015-04-07 00:37 - 00000000 ____D () C:\symbols 2015-04-07 00:35 - 2015-04-07 00:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView 2015-04-07 00:16 - 2015-04-07 15:37 - 00000000 ____D () C:\Program Files (x86)\Aurora 2015-04-06 23:57 - 2015-04-07 14:50 - 00002314 _____ () C:\Windows\PFRO.log 2015-04-06 23:26 - 2015-04-07 14:50 - 00000896 _____ () C:\Windows\setupact.log 2015-04-06 23:26 - 2015-04-06 23:26 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-05 19:01 - 2015-04-05 19:01 - 00000000 ____D () C:\dx 2015-04-05 18:57 - 2015-04-05 19:00 - 100271992 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\directx_Jun2010_redist.exe 2015-04-05 16:53 - 2015-04-05 16:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-04-02 04:38 - 2015-04-02 04:38 - 00002617 _____ () C:\Users\Administrator\Desktop\MySQL Workbench 5.0 OSS.lnk 2015-04-02 00:28 - 2015-04-02 00:28 - 05007216 _____ (Adobe Systems Inc.) C:\Users\Administrator\Desktop\Shockwave_Installer_Slim.exe 2015-04-02 00:28 - 2015-04-02 00:28 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2015-04-01 20:46 - 2015-04-01 20:46 - 01930692 _____ () C:\Users\Administrator\Desktop\javaee-api-7.0.jar 2015-04-01 18:24 - 2015-04-07 21:58 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-01 17:24 - 2015-04-07 21:58 - 00001360 _____ () C:\Windows\Tasks\24seven_savings_notification_service.job 2015-04-01 17:24 - 2015-04-07 21:58 - 00000722 _____ () C:\Windows\Tasks\24seven_savings_updating_service.job 2015-04-01 17:24 - 2015-04-01 17:24 - 00004390 _____ () C:\Windows\System32\Tasks\24seven_savings_notification_service 2015-04-01 17:24 - 2015-04-01 17:24 - 00003754 _____ () C:\Windows\System32\Tasks\24seven_savings_updating_service 2015-04-01 17:24 - 2015-04-01 17:24 - 00000000 ____D () C:\Program Files (x86)\24Seven savings 2015-04-01 00:30 - 2015-04-01 00:30 - 00000000 ____D () C:\Users\Administrator\Desktop\Obrazki 2015-04-01 00:27 - 2015-04-01 00:27 - 00000649 _____ () C:\Users\Administrator\Desktop\Studia — skrót.lnk 2015-04-01 00:22 - 2015-04-01 00:22 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2015-03-31 06:18 - 2015-03-31 00:21 - 00016930 _____ () C:\Users\Administrator\standalone.xml 2015-03-31 05:54 - 2014-07-11 18:37 - 00002139 _____ () C:\Users\Administrator\Desktop\add-user.bat 2015-03-31 05:41 - 2015-03-31 05:42 - 00000000 ____D () C:\Users\Administrator\EAP-6.3.0 2015-03-31 03:52 - 2015-03-30 23:34 - 00960372 _____ () C:\Users\Administrator\mysql-connector-java-5.1.34.jar 2015-03-31 03:52 - 2014-10-17 09:05 - 00960374 _____ () C:\Users\Administrator\mysql-connector-java-5.1.34-bin.jar 2015-03-31 01:16 - 2015-03-31 01:16 - 00000000 ____D () C:\Users\Administrator\.eclipse 2015-03-30 19:21 - 2015-03-30 19:21 - 00000000 ____D () C:\Users\Administrator\Desktop\modules 2015-03-30 19:12 - 2015-03-24 17:42 - 00000104 _____ () C:\Users\Administrator\add-user.bat 2015-03-30 18:44 - 2015-03-30 18:45 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++ 2015-03-30 18:44 - 2015-03-30 18:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-03-30 18:44 - 2015-03-30 18:44 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2015-03-30 18:43 - 2015-03-30 18:43 - 08271739 _____ () C:\Users\Administrator\Desktop\npp.6.7.5.Installer.exe 2015-03-30 18:35 - 2014-10-24 15:42 - 183399393 _____ () C:\Users\Administrator\jboss-eap-6.3.0-installer.jar 2015-03-30 17:56 - 2015-03-30 17:56 - 00002167 _____ () C:\Users\Administrator\Documents\blogdb.sql 2015-03-30 17:54 - 2015-03-30 20:02 - 00006099 _____ () C:\Users\Administrator\Documents\blogdb.mwb 2015-03-30 05:39 - 2015-03-30 05:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\MySQL 2015-03-30 05:37 - 2015-03-30 05:37 - 11186412 _____ () C:\Users\Administrator\Desktop\mysql-workbench-oss-5.0.30-win32.msi 2015-03-30 04:37 - 2015-03-30 05:31 - 07194312 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\vcredist_x64.exe 2015-03-30 04:36 - 2015-03-30 05:31 - 06503984 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\vcredist_x86.exe 2015-03-30 04:32 - 2013-10-05 00:58 - 00963232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120.dll 2015-03-30 04:31 - 2015-03-30 04:31 - 00520193 _____ () C:\Users\Administrator\Downloads\__32-msvcr120.dll12.0.21005.1.zip 2015-03-30 03:34 - 2015-03-30 03:34 - 00000000 ____D () C:\Windows\System32\Tasks\MySQL 2015-03-30 03:33 - 2015-03-30 05:38 - 00000000 ____D () C:\Program Files (x86)\MySQL 2015-03-30 03:24 - 2015-03-30 03:24 - 00000000 ___HD () C:\Users\Administrator\InstallAnywhere 2015-03-30 03:17 - 2015-03-30 03:17 - 00003188 _____ () C:\Windows\System32\Tasks\{03175872-4DD3-47A0-94E7-D9A010B56889} 2015-03-30 02:50 - 2015-03-24 16:21 - 296165376 _____ () C:\Users\Administrator\Downloads\mysql-installer-community-5.6.23.0.msi 2015-03-26 02:52 - 2015-03-30 19:31 - 00000000 ____D () C:\Users\Administrator\.m2 2015-03-26 02:18 - 2015-03-30 05:35 - 00000000 ____D () C:\Program Files\MySQL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-07 22:13 - 2012-04-03 23:02 - 02055164 _____ () C:\Windows\WindowsUpdate.log 2015-04-07 22:04 - 2013-05-07 23:40 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-07 22:02 - 2014-10-25 15:57 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-04-07 22:02 - 2009-07-14 06:45 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-07 22:02 - 2009-07-14 06:45 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-07 21:58 - 2013-05-07 23:40 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-07 21:58 - 2012-07-05 12:52 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-07 16:02 - 2014-10-25 15:57 - 00000950 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-04-07 15:15 - 2012-11-20 17:28 - 00000000 ____D () C:\Qoobox 2015-04-07 15:08 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-07 14:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-07 14:49 - 2012-11-20 17:28 - 00000000 ____D () C:\Windows\erdnt 2015-04-07 14:49 - 2009-07-14 04:34 - 82313216 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-04-07 14:49 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-04-07 14:49 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-04-07 14:49 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2015-04-07 14:49 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2015-04-07 14:47 - 2012-04-03 23:59 - 00000000 ____D () C:\Users\Administrator 2015-04-07 04:40 - 2012-08-16 22:12 - 00007620 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg 2015-04-07 03:57 - 2013-06-04 02:53 - 00000193 _____ () C:\Windows\WORDPAD.INI 2015-04-07 03:49 - 2013-01-20 20:20 - 00000000 ____D () C:\Windows\pss 2015-04-07 03:36 - 2014-10-27 02:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware 2015-04-07 03:36 - 2014-10-27 02:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\VMware 2015-04-07 03:36 - 2013-06-11 02:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn Hamachi 2015-04-07 02:56 - 2013-01-28 00:54 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2015-04-07 02:55 - 2013-01-17 03:11 - 00000000 ____D () C:\Program Files\ATI Technologies 2015-04-07 01:06 - 2012-04-04 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-07 01:00 - 2015-01-03 02:41 - 00000000 ____D () C:\Program Files\SoftEther VPN Client 2015-04-07 00:37 - 2013-03-04 00:13 - 00000000 ____D () C:\Program Files (x86)\Debugging Tools for Windows 2015-04-07 00:35 - 2013-03-03 23:07 - 00000000 ____D () C:\Program Files (x86)\NirSoft 2015-04-07 00:04 - 2012-12-03 01:47 - 00000000 ____D () C:\Users\Administrator\Documents\Baldur's Gate - Enhanced Edition 2015-04-06 23:09 - 2012-05-14 14:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Media Player Classic 2015-04-06 22:17 - 2014-05-15 20:56 - 00000000 ____D () C:\Users\Administrator\Documents\abc 2015-04-06 21:48 - 2009-07-14 19:55 - 00747432 _____ () C:\Windows\system32\perfh015.dat 2015-04-06 21:48 - 2009-07-14 19:55 - 00158688 _____ () C:\Windows\system32\perfc015.dat 2015-04-06 21:48 - 2009-07-14 07:13 - 01689578 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-05 22:35 - 2013-12-05 09:16 - 00000825 _____ () C:\Users\Administrator\Desktop\Aurora.lnk 2015-04-05 17:31 - 2012-05-24 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe 2015-04-05 17:30 - 2012-07-05 12:52 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-05 17:29 - 2012-04-04 18:21 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-05 17:29 - 2012-04-04 18:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-01 20:56 - 2013-10-02 20:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Eclipse 2015-04-01 19:18 - 2012-10-20 16:17 - 00000000 ____D () C:\Users\Administrator\workspace 2015-03-31 13:05 - 2014-12-13 12:44 - 00000172 _____ () C:\Users\Administrator\.packettracer 2015-03-31 05:06 - 2012-12-21 02:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent 2015-03-31 05:06 - 2012-04-17 02:57 - 00000000 ____D () C:\Windows\Minidump 2015-03-31 05:06 - 2012-04-05 13:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite 2015-03-30 20:08 - 2009-07-14 06:45 - 02818496 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-30 20:04 - 2013-05-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Maple 14 2015-03-30 19:51 - 2012-04-04 15:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2015-03-30 15:25 - 2012-07-03 03:31 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-03-30 05:39 - 2012-04-03 23:59 - 00218432 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-30 03:58 - 2012-03-29 04:30 - 00000000 ____D () C:\Users\Administrator\Downloads\paczka instalek 2015-03-30 03:27 - 2013-05-30 16:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Aspell 2015-03-30 03:27 - 2012-08-09 23:48 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2015-03-30 03:19 - 2013-05-30 20:47 - 00000000 ____D () C:\Program Files (x86)\Mathcad 2015-03-30 03:19 - 2009-07-14 20:09 - 00000000 ____D () C:\Windows\ShellNew 2015-03-30 03:04 - 2013-10-15 02:55 - 00000000 ____D () C:\Program Files (x86)\Opera Next 2015-03-30 03:02 - 2013-11-04 13:03 - 00000000 ____D () C:\Program Files (x86)\PE Explorer 2015-03-30 03:00 - 2012-04-03 23:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-30 02:59 - 2013-11-07 17:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Razer 2015-03-30 02:59 - 2013-11-07 17:14 - 00000000 ____D () C:\Program Files (x86)\Razer 2015-03-30 02:16 - 2013-10-30 14:09 - 00000000 ____D () C:\Program Files (x86)\OSCAR Editor X7 2015-03-30 00:50 - 2012-06-26 17:22 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2015-03-26 04:42 - 2012-12-18 22:09 - 00000000 ____D () C:\Users\Administrator\SkySales2_pliki 2015-03-21 17:31 - 2012-11-21 19:54 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll 2015-03-21 17:30 - 2013-11-29 14:39 - 00000162 _____ () C:\Zdjęcia iCloud.lnk ==================== Files in the root of some directories ======= 2013-05-28 04:22 - 2013-05-28 04:22 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Preferencje Adobe CS5 dla formatu BMP 2012-06-05 01:24 - 2013-10-10 18:47 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG 2013-05-08 22:41 - 2014-12-12 22:46 - 0008704 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-04 21:53 - 2012-06-04 21:53 - 0003086 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel 2012-08-16 22:12 - 2015-04-07 04:40 - 0007620 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg Files to move or delete: ==================== C:\Users\Administrator\add-user.bat C:\Users\Administrator\dotNetFx45_Full_setup.exe C:\Users\Administrator\Gw2Setup.exe C:\Users\Administrator\StellarPhoenixArchivePasswordRecovery.exe C:\Users\Administrator\vcredist_x64.exe C:\Users\Administrator\vcredist_x86.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-26 00:01 ==================== End Of Log ============================