Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by Administrator (administrator) on MAGIC-KOMPUTER on 06-07-2015 17:49:23 Running from C:\Users\Administrator\Downloads Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe (Windows SysTool) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Price Fountain) C:\Users\Administrator\AppData\Local\PriceFountain\pricefountainw.exe (Price Fountain) C:\Users\Administrator\AppData\Local\PriceFountain\pricefountain.exe (XTab system) C:\Program Files\XTab\ProtectService.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Program Files\Vast Aspect\Vast Aspect.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Valve Corporation) C:\Program Files\Steam\Steam.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Electronic Arts) C:\Program Files\Origin\Origin.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe () C:\Program Files\Opera\29.0.1795.60\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe () C:\Users\Administrator\pwo5\svchost.exe () C:\Users\Administrator\AppData\Local\Temp\_MEI62922\bin\winlogon.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe (Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) HKLM\...\RunOnce: [PriceFountain] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\ADMINI~1\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat" HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\Run: [Expressivo] => C:\Program Files\ivo\Expressivo\expressivo.exe [1277952 2008-07-30] (IVO Software Sp. z o.o.) HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\Run: [DAEMON Tools Lite] => D:\ważne\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\Run: [uTorrent] => C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.) HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\Run: [pricefountainw.exe] => C:\Users\Administrator\AppData\Local\PriceFountain\pricefountainw.exe [462848 2015-02-17] (Price Fountain) HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3632472 2015-05-26] (Electronic Arts) HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\Run: [pwo5] => C:\Users\Administrator\pwo5\svchost.exe [7691285 2015-07-06] () HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\RunOnce: [PriceFountain] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\ADMINI~1\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat" HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\MountPoints2: {2b0a825e-196f-11e3-b84e-001a4dfcd643} - J:\LGAutoRun.exe HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\MountPoints2: {386ba26f-de3f-11e2-bc58-00004dfcd643} - L:\autorun.exe HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\MountPoints2: {52368170-1cf9-11e5-b198-001485eadcd2} - J:\Startme.exe HKU\S-1-5-21-1377628560-2540776379-1351235919-500\...\MountPoints2: {9c65cae0-5b7f-11d9-b3d6-806e6f6e6963} - E:\SETUP.EXE AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [148016 2014-03-20] (NVIDIA Corporation) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallout New Vegas Keygen Generator Tool.lnk [2015-03-13] ShortcutTarget: Fallout New Vegas Keygen Generator Tool.lnk -> C:\ProgramData\{46e994cc-01fe-cf8b-46e9-994cc01f5330}\Fallout New Vegas Keygen Generator Tool.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hppp&ts=1425843054&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1425843004&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hppp&ts=1425843054&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1425843004&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252&q={searchTerms} HKU\S-1-5-21-1377628560-2540776379-1351235919-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dspp&ts=1425843054&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252&q={searchTerms} HKU\S-1-5-21-1377628560-2540776379-1351235919-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hppp&ts=1425843054&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252 HKU\S-1-5-21-1377628560-2540776379-1351235919-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hppp&ts=1425843054&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252 HKU\S-1-5-21-1377628560-2540776379-1351235919-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dspp&ts=1425843054&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1425843004&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1425843004&from=cor&uid=WDCXWD2500AAJS-00VTA0_WD-WMART134525245252&q={searchTerms} SearchScopes: HKU\S-1-5-21-1377628560-2540776379-1351235919-500 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1377628560-2540776379-1351235919-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1377628560-2540776379-1351235919-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1377628560-2540776379-1351235919-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1377628560-2540776379-1351235919-500 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: Isaverr -> {0BB0C536-4F99-4FF7-AAD9-E6EE56B95B39} -> C:\Program Files\Isaverr\hogxCi2QNLqjDk.dll [2015-06-29] () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{8E35BF22-31C0-4793-A9AC-CEC2AD9FE103}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B45752DB-C740-4473-BE2B-036F269D66FD}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @artistscope.com/ArtistScope Plugin -> C:\Program Files\Common Files\ArtistScope\npArtistScope.dll [2013-09-22] (ArtistScope Pty Ltd) FF Plugin: @artistscope.com/ArtistScope Plugin 5 -> C:\Program Files\Common Files\ArtistScope\npArtistScope5.dll [2013-09-22] (ArtistScope Pty Ltd) FF Plugin: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File FF Plugin: @esn/npbattlelog,version=2.3.2 -> C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-02] (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-11-08] (Pando Networks) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1377628560-2540776379-1351235919-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\magic\AppData\Roaming\Mozilla\Firefox\Profiles\j0sp6vdc.default\extensions\quick_start@gmail.com FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\magic\AppData\Roaming\Mozilla\Firefox\Profiles\j0sp6vdc.default\extensions\faststartff@gmail.com FF HKLM\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\magic\AppData\Roaming\Mozilla\Firefox\Profiles\j0sp6vdc.default\extensions\shortcutff@gmail.com Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13] CHR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-13] CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13] CHR Extension: (Screencastify Screen Video Recorder) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2015-06-29] CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13] CHR HKLM\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\magic\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [Not Found] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\magic\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 4f838e60; c:\Program Files\LibraryInit\LibraryInit.dll [1659392 2015-04-08] () [File not signed] S4 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO) S4 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO) S4 CSHelper; C:\Program Files\Common Files\ArtistScope\CSHelper32.exe [236624 2013-10-01] (ArtistScope Pty Ltd) S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848168 2015-03-30] (LogMeIn Inc.) R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [157824 2015-05-29] (XTab system) R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-06-03] (Elex do Brasil Participações Ltda) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-03-30] (LogMeIn, Inc.) S4 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA) S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15904544 2014-02-05] (NVIDIA Corporation) S4 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV) S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-09-22] () S4 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 Vast Aspect; C:\Program Files\Vast Aspect\Vast Aspect.exe [8015947 2015-06-10] () [File not signed] <==== ATTENTION R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487424 2015-05-29] (Windows SysTool) [File not signed] <==== ATTENTION R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [471696 2015-06-04] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31312 2009-12-01] (Google Inc) R1 arcawfp; C:\Windows\System32\drivers\arcawfp.sys [54840 2014-12-09] (NetFilterSDK.com) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-12-22] () R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO) R1 CSDriver; C:\Program Files\Common Files\ArtistScope\CSDriver32.sys [43888 2013-10-01] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-26] (DT Soft Ltd) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2015-05-04] (Eugene V. Muzychenko) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-03-30] (LogMeIn, Inc.) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO) R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [226024 2015-06-03] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [48784 2015-06-03] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [96424 2015-06-03] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [43536 2015-06-03] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [71744 2015-06-03] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-04-17] (Elex do Brasil Participações Ltda) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-12-22] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation) R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) S3 RivaTuner32; C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [9088 2009-08-22] () [File not signed] R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [22104 2014-07-02] (SplitmediaLabs Limited) R1 {cc30460f-753f-44d9-b58c-13dae1321968}w; C:\Windows\System32\drivers\{cc30460f-753f-44d9-b58c-13dae1321968}w.sys [52928 2014-05-22] (StdLib) S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 XDva424; \??\C:\Windows\system32\XDva424.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 17:49 - 2015-07-06 17:51 - 00021153 _____ C:\Users\Administrator\Downloads\FRST.txt 2015-07-06 17:48 - 2015-07-06 17:49 - 00000000 ____D C:\FRST 2015-07-06 17:48 - 2015-07-06 17:48 - 01636352 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe 2015-07-06 17:48 - 2015-07-06 17:48 - 00380416 _____ C:\Users\Administrator\Downloads\3vl0z1k1.exe 2015-07-06 17:34 - 2015-07-06 17:34 - 00001775 _____ C:\Users\Administrator\Desktop\20159.lnk 2015-07-06 17:34 - 2015-07-06 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\20159 2015-07-06 17:34 - 2009-07-23 18:32 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\system32\ssleay32.dll 2015-07-06 17:33 - 2015-07-06 17:44 - 00000000 ___HD C:\Users\Administrator\pwo5 2015-07-06 17:33 - 2015-07-06 17:34 - 00000000 ____D C:\Program Files\20159 2015-07-06 17:33 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll 2015-07-06 17:33 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll 2015-07-06 17:33 - 2009-07-23 18:32 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\system32\libeay32.dll 2015-07-06 17:32 - 2015-07-06 17:33 - 10735104 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Brontok Removal Tool 1.0 [full].exe 2015-07-06 17:02 - 2015-07-06 17:03 - 00000000 ____D C:\Users\Administrator\Desktop\The Sims 4 2015-07-06 16:34 - 2015-07-06 16:35 - 00000016 _____ C:\Users\Administrator\Desktop\Nowy dokument tekstowy.txt 2015-07-06 16:31 - 2015-07-06 16:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Origin 2015-07-06 16:20 - 2015-07-06 16:31 - 00000000 ____D C:\Program Files\Origin 2015-07-06 16:20 - 2015-07-06 16:20 - 00000937 _____ C:\Users\Public\Desktop\Origin.lnk 2015-07-06 16:16 - 2015-07-06 16:17 - 17116168 _____ (Electronic Arts, Inc.) C:\Users\Administrator\Downloads\OriginThinSetup.exe 2015-06-29 10:25 - 2015-06-29 10:25 - 00000000 ____D C:\Program Files\Isaverr 2015-06-29 10:24 - 2015-06-29 10:25 - 00000000 ____D C:\Program Files\ISaver 2015-06-29 10:24 - 2015-06-29 10:24 - 00000000 ____D C:\Program Files\Screencastify Screen Video Recorder 2015-06-27 21:04 - 2015-06-27 21:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc 2015-06-24 20:05 - 2015-06-24 20:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft Games 2015-06-24 20:05 - 2015-06-24 20:05 - 00000000 ____D C:\ProgramData\Microsoft Games 2015-06-24 19:54 - 2015-06-24 19:54 - 00002031 _____ C:\Users\Administrator\Desktop\Zoo Tycoon 2.lnk 2015-06-24 19:54 - 2015-06-24 19:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2015-06-24 19:54 - 2015-06-24 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2015-06-23 22:38 - 2015-06-23 22:38 - 00000019 _____ C:\Users\Administrator\Desktop\hasło.txt 2015-06-23 19:57 - 2015-06-23 19:57 - 00000981 _____ C:\Users\Public\Desktop\Otchlan 1.3.lnk 2015-06-23 19:57 - 2015-06-23 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Otchlan 1.3 2015-06-23 19:57 - 2015-06-23 19:57 - 00000000 ____D C:\Program Files\Otchlan 1.3 2015-06-22 00:59 - 2015-06-22 01:21 - 00000422 _____ C:\Windows\Tasks\DriverEasy Scheduled Scan.job 2015-06-22 00:59 - 2015-06-22 00:59 - 00001120 _____ C:\Users\Public\Desktop\DriverEasy.lnk 2015-06-22 00:59 - 2015-06-22 00:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Easeware 2015-06-22 00:59 - 2015-06-22 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy 2015-06-22 00:59 - 2015-06-22 00:59 - 00000000 ____D C:\Program Files\Easeware 2015-06-21 21:58 - 2015-06-22 00:10 - 00000000 ____D C:\Users\Administrator\Desktop\kanał2 2015-06-21 13:38 - 2015-06-21 13:38 - 00000000 ____D C:\ProgramData\{a2e4a61b-3c3f-ced0-a2e4-4a61b3c3986c} 2015-06-19 13:50 - 2015-07-06 12:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi 2015-06-18 22:19 - 2015-06-18 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-06-18 22:19 - 2015-06-18 22:19 - 00000000 ____D C:\Program Files\LogMeIn Hamachi 2015-06-18 16:23 - 2015-06-18 16:23 - 00000000 ____D C:\Program Files\AGEIA Technologies 2015-06-18 16:09 - 2015-06-18 16:18 - 00000000 ____D C:\6d0478105c18d5f20138844da47c 2015-06-18 16:09 - 2015-06-18 16:11 - 00000000 ____D C:\154aca6ffff13154632981390cc3 2015-06-18 09:49 - 2015-06-18 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\The Witcher 2015-06-18 09:49 - 2015-06-18 09:49 - 00000000 ____D C:\Users\Administrator\Documents\The Witcher 2015-06-18 09:48 - 2015-06-18 09:49 - 00000000 ____D C:\Users\Public\Documents\The Witcher 2015-06-11 18:29 - 2015-06-29 10:25 - 00000000 ____D C:\Program Files\Fun2SAve 2015-06-10 21:24 - 2015-06-10 21:24 - 00000000 ____D C:\Program Files\Vast Aspect 2015-06-08 18:40 - 2015-06-08 18:40 - 00000000 ____D C:\ProgramData\{a91a3553-7729-a643-a91a-a3553772d54d} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 17:49 - 2014-09-19 12:17 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-06 17:45 - 2013-06-24 20:48 - 00000000 ____D C:\Program Files\PowerISO 2015-07-06 17:37 - 2013-06-17 18:57 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-06 17:33 - 2014-10-13 20:47 - 00000000 ____D C:\Users\Administrator 2015-07-06 17:29 - 2015-03-08 21:29 - 00000314 _____ C:\Windows\Tasks\Price Fountain.job 2015-07-06 17:26 - 2009-07-14 06:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-06 17:26 - 2009-07-14 06:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-06 17:23 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-07-06 17:14 - 2014-05-04 20:12 - 00000340 _____ C:\Windows\Tasks\AmiUpdXp.job 2015-07-06 17:02 - 2013-06-17 22:46 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2015-07-06 16:32 - 2013-06-20 17:00 - 00000000 ____D C:\ProgramData\Origin 2015-07-06 14:46 - 2014-07-14 01:10 - 00000000 ____D C:\Program Files\Steam 2015-07-06 12:42 - 2014-10-15 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent 2015-07-06 12:26 - 2015-05-29 16:46 - 00000000 ____D C:\Program Files\WinZipper 2015-07-06 12:26 - 2015-01-14 17:21 - 01142724 _____ C:\Windows\WindowsUpdate.log 2015-07-06 12:23 - 2013-06-17 18:57 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-06 12:22 - 2015-01-23 16:17 - 00017766 _____ C:\Windows\setupact.log 2015-07-06 12:22 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-06 00:59 - 2015-03-08 22:29 - 00000092 _____ C:\Users\Administrator\AppData\Roaming\WB.CFG 2015-06-29 10:25 - 2015-05-25 20:13 - 00000000 ____D C:\Program Files\RegularDeaals 2015-06-29 10:25 - 2015-05-25 20:12 - 00000000 ____D C:\Program Files\DissCoUNtExteensi 2015-06-29 10:25 - 2015-05-05 15:45 - 00000000 ____D C:\Program Files\SHoppDreop 2015-06-29 10:25 - 2015-05-05 15:44 - 00000000 ____D C:\Program Files\IsaaVer 2015-06-29 10:25 - 2015-04-15 14:10 - 00000000 ____D C:\Program Files\FUn2Saave 2015-06-29 10:25 - 2015-04-15 14:10 - 00000000 ____D C:\Program Files\DeoalExpresss 2015-06-29 10:25 - 2015-04-08 12:59 - 00000000 ____D C:\Program Files\AadddToThis 2015-06-29 10:25 - 2015-04-08 12:58 - 00000000 ____D C:\ProgramData\2772655738130555573 2015-06-29 10:25 - 2015-04-08 12:58 - 00000000 ____D C:\Program Files\ReegularoDeals 2015-06-26 20:15 - 2014-10-21 20:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Audacity 2015-06-24 20:03 - 2014-10-14 12:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-06-24 19:53 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Microsoft Games 2015-06-23 21:23 - 2014-10-14 10:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2015-06-22 08:30 - 2014-10-16 18:41 - 00000000 ____D C:\Users\Administrator\Documents\My Games 2015-06-21 23:37 - 2015-05-28 16:03 - 00000000 ____D C:\Users\Administrator\Desktop\na kanał 2015-06-21 13:39 - 2014-10-21 19:24 - 00000000 ____D C:\Users\Administrator\.gimp-2.8 2015-06-18 19:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-06-18 16:31 - 2011-02-01 21:37 - 00743808 _____ C:\Windows\system32\perfh015.dat 2015-06-18 16:31 - 2011-02-01 21:37 - 00157290 _____ C:\Windows\system32\perfc015.dat 2015-06-18 16:31 - 2010-11-20 23:01 - 01651032 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-18 16:23 - 2013-06-17 18:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-06-15 15:36 - 2014-10-13 23:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Expressivo 2015-06-14 13:48 - 2009-07-14 06:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-06-13 23:13 - 2015-02-06 22:47 - 00000132 _____ C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-06-07 19:27 - 2014-12-08 21:44 - 00000000 ____D C:\Users\Administrator\Documents\RPGVXAce 2015-06-07 19:23 - 2014-09-25 22:40 - 00000000 ____D C:\Users\Administrator\Desktop\muzyka 2015-06-07 17:05 - 2014-10-23 19:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Origin 2015-06-06 20:52 - 2015-06-04 19:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Tropico 4 ==================== Files in the root of some directories ======= 2014-09-19 12:05 - 2014-09-19 12:14 - 6010880 _____ () C:\Program Files\GUT1B96.tmp 2013-07-19 19:14 - 2013-07-19 19:14 - 4188160 _____ () C:\Program Files\GUT4CAA.tmp 2014-12-30 03:18 - 2015-01-24 20:39 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe IllExport Filter CS5 Prefs 2015-02-06 22:47 - 2015-06-13 23:13 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-05-15 10:28 - 2015-06-04 20:14 - 0000024 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr25.bin 2015-04-08 13:26 - 2015-05-13 22:11 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr3.bin 2015-03-08 22:29 - 2015-07-06 00:59 - 0000092 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG 2014-11-02 21:46 - 2015-04-11 15:12 - 0009728 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-05-09 17:26 - 2015-05-09 17:26 - 0000218 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\bdfilters.dll C:\Users\Administrator\AppData\Local\Temp\drm_dyndata_7400009.dll C:\Users\Administrator\AppData\Local\Temp\setacl.exe C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-06 15:50 ==================== End of log ============================