Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015 Ran by 8066_000 (administrator) on LUQ92 on 06-07-2015 20:44:56 Running from C:\Users\8066_000\Desktop Loaded Profiles: 8066_000 (Available Profiles: 8066_000) Platform: Windows 8.1 Pro (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dropbox, Inc.) C:\Users\8066_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) C:\Users\8066_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated) HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => E:\Programy\Malwarebytes Anti-Exploit\mbae.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-742588249-578463927-4040186165-1001\...\Run: [DAEMON Tools Lite] => E:\Programy\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd) HKU\S-1-5-21-742588249-578463927-4040186165-1001\...\Run: [Spotify Web Helper] => C:\Users\8066_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-03] (Spotify Ltd) HKU\S-1-5-21-742588249-578463927-4040186165-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.) HKU\S-1-5-21-742588249-578463927-4040186165-1001\...\Run: [Dropbox Update] => C:\Users\8066_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-742588249-578463927-4040186165-1001\...\Run: [GoogleChromeAutoLaunch_D168359E1E33720926901710C17D7FAB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.) HKU\S-1-5-21-742588249-578463927-4040186165-1001\...\MountPoints2: {78943547-ee68-11e4-824d-aaab32fd65ca} - "J:\autorun\autorun.exe" HKU\S-1-5-21-742588249-578463927-4040186165-1001\...\MountPoints2: {ba691132-f74a-11e4-825c-0800270024f7} - "D:\NoAutoRun.exe" HKU\S-1-5-21-742588249-578463927-4040186165-1001\...\MountPoints2: {ba691159-f74a-11e4-825c-0800270024f7} - "I:\NoAutoRun.exe" Startup: C:\Users\8066_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-29] ShortcutTarget: EvernoteClipper.lnk -> E:\Programy\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\8066_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\8066_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\8066_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\8066_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\8066_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\8066_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\8066_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\8066_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-742588249-578463927-4040186165-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 207.182.150.116 8.8.8.8 Tcpip\..\Interfaces\{C7955D36-A877-4FCE-9F27-AFD10AB35CA2}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C83D7B43-EABC-40E1-A99E-72F95593DD60}: [DhcpNameServer] 207.182.150.116 8.8.8.8 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\8066_000\AppData\Roaming\Mozilla\Firefox\Profiles\zx2fr552.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-15] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> E:\Programy\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Programy\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> E:\Programy\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> E:\Programy\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Extension: SyncInfrastructure Class - C:\Users\8066_000\AppData\Roaming\Mozilla\Firefox\Profiles\zx2fr552.default\Extensions\{C9363C81-B789-91B6-005B-D0B319696495} [2015-06-21] FF Extension: Adblock Plus - C:\Users\8066_000\AppData\Roaming\Mozilla\Firefox\Profiles\zx2fr552.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-15] FF Extension: No Name - E:\Programy\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Please enter your password) - C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-07-04] CHR Extension: (Adblock Plus) - C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04] CHR Extension: (Barcode Generator) - C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkhkkdihamgncpphbkidijapnccgbmp [2015-07-04] CHR Extension: (Google Wallet) - C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-04-29] (Microsoft Corporation) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-04-30] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-04-30] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed] S3 Disc Soft Lite Bus Service; E:\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd) S2 MBAMService; E:\Programy\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 vmms; C:\Windows\system32\vmms.exe [13784576 2014-10-08] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-05-20] () R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-29] (Disc Soft Ltd) R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2015-04-29] (Microsoft Corporation) R3 ksaud; C:\Windows\system32\drivers\ksaud.sys [1148288 2009-12-15] (Creative Technology Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-05-20] () S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2015-05-09] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2015-05-09] (Microsoft Corporation) S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2013-09-07] (Microsoft Corporation) S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-01-27] (Microsoft Corporation) R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation) S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation) S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation) S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) U3 kxldapoc; \??\C:\Users\8066_000\AppData\Local\Temp\kxldapoc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-05 10:48 - 2015-07-06 20:45 - 00015733 _____ C:\Users\8066_000\Desktop\FRST.txt 2015-07-05 10:48 - 2015-07-05 10:48 - 00380416 _____ C:\Users\8066_000\Desktop\1yihd7nw.exe 2015-07-05 10:41 - 2015-07-06 20:43 - 00000232 _____ C:\Windows\setupact.log 2015-07-05 10:41 - 2015-07-05 10:41 - 00000000 _____ C:\Windows\setuperr.log 2015-07-04 23:20 - 2015-07-04 23:22 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-07-04 13:44 - 2015-07-06 20:43 - 00062942 _____ C:\Windows\WindowsUpdate.log 2015-07-04 13:42 - 2015-07-04 13:42 - 02112512 _____ (Farbar) C:\Users\8066_000\Desktop\FRST64.exe 2015-07-04 13:31 - 2015-07-04 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-04 10:51 - 2015-07-04 10:51 - 00000000 _____ C:\autoexec.bat 2015-07-03 11:29 - 2015-07-03 11:29 - 00000000 _____ C:\Users\8066_000\AppData\Local\Temp.dat 2015-07-03 11:26 - 2015-07-04 13:07 - 00000000 ____D C:\Program Files (x86)\eyeCare Protect your vision 2015-07-03 11:24 - 2015-07-05 11:24 - 00000440 _____ C:\Windows\Tasks\BookKeep.job 2015-07-03 11:24 - 2015-07-03 11:24 - 00003332 _____ C:\Windows\System32\Tasks\BookKeep 2015-07-03 10:42 - 2014-10-13 07:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-07-03 10:42 - 2014-10-13 07:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-07-03 10:40 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2015-07-03 10:40 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-07-03 10:39 - 2015-07-03 11:27 - 00000000 ____D C:\ProgramData\Samsung 2015-07-03 10:39 - 2015-07-03 11:27 - 00000000 ____D C:\Program Files (x86)\Samsung 2015-07-03 10:38 - 2015-07-03 10:38 - 00000000 ____D C:\Users\8066_000\AppData\Local\Downloaded Installations 2015-06-29 13:11 - 2015-06-29 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic 2015-06-29 13:08 - 1998-01-23 12:22 - 00304128 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2015-06-28 23:30 - 2008-06-15 13:29 - 01774080 _____ (Gabest) C:\Users\8066_000\Desktop\mplayerc.exe 2015-06-24 18:10 - 2015-06-24 18:10 - 02950746 _____ (Malwarebytes Corporation) C:\Users\8066_000\Desktop\JRT.exe 2015-06-24 18:10 - 2015-06-24 18:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LUQ92-Windows-8.1-Pro-(64-bit).dat 2015-06-24 18:10 - 2015-06-24 18:10 - 00000000 ____D C:\RegBackup 2015-06-24 10:33 - 2015-07-06 20:45 - 00000000 ____D C:\FRST 2015-06-23 11:14 - 2015-06-23 11:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0 2015-06-23 11:11 - 2015-06-23 11:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2015-06-23 10:56 - 2015-06-23 10:56 - 00000000 ____D C:\ProgramData\Sun 2015-06-23 10:56 - 2015-06-23 10:55 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-06-23 10:55 - 2015-06-23 10:55 - 00000000 ____D C:\ProgramData\Oracle 2015-06-23 10:55 - 2015-06-23 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-06-23 10:55 - 2015-06-23 10:55 - 00000000 ____D C:\Program Files (x86)\Java 2015-06-22 20:33 - 2015-06-22 20:33 - 02244096 _____ C:\Users\8066_000\Desktop\adwcleaner_4.207.exe 2015-06-18 12:08 - 2015-06-18 12:08 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\Postal 2 Complete 2015-06-18 08:32 - 2015-06-18 08:32 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-06-18 08:30 - 2015-06-18 08:30 - 00000000 ____D C:\Users\8066_000\AppData\Local\Dropbox 2015-06-18 08:30 - 2015-06-18 08:30 - 00000000 ____D C:\ProgramData\Dropbox 2015-06-16 07:50 - 2015-06-16 07:50 - 00000000 ____D C:\Users\8066_000\Documents\NFS Most Wanted 2015-06-15 14:02 - 2015-06-15 14:02 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted 2015-06-15 14:02 - 2015-06-15 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted 2015-06-11 10:53 - 2015-06-11 10:53 - 00000000 ____D C:\Windows\system32\appmgmt 2015-06-08 00:15 - 2008-09-27 21:18 - 01451520 _____ (CheatHappens) C:\Users\8066_000\Desktop\Witcher Enhanced Edition Trainer.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 20:46 - 2015-04-29 14:25 - 00003984 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F111D8FA-A744-4EB5-A844-721C7FD532DE} 2015-07-06 20:43 - 2015-04-29 14:19 - 00000000 __RDO C:\Users\8066_000\SkyDrive 2015-07-06 20:43 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-07-05 12:04 - 2015-04-29 14:20 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-742588249-578463927-4040186165-1001 2015-07-05 11:30 - 2015-05-03 15:00 - 00905216 ___SH C:\Users\8066_000\Desktop\Thumbs.db 2015-07-05 00:14 - 2015-05-01 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-07-04 23:19 - 2015-04-29 18:40 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-04 23:08 - 2015-05-01 10:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-04 23:08 - 2015-04-29 15:08 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\Dropbox 2015-07-04 23:02 - 2015-05-15 16:15 - 00000000 ____D C:\AdwCleaner 2015-07-04 13:47 - 2015-05-10 16:04 - 27590656 _____ C:\Windows\system32\vmguest.iso 2015-07-04 13:44 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-04 13:31 - 2015-05-14 13:37 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-04 13:22 - 2015-04-29 14:14 - 00001015 _____ C:\Users\8066_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-04 10:51 - 2015-04-29 14:14 - 00000000 ____D C:\Users\8066_000 2015-07-03 12:27 - 2015-05-15 13:50 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\Media Player Classic 2015-07-03 12:27 - 2015-05-10 10:45 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\uTorrent 2015-07-03 12:27 - 2015-04-29 14:54 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\DAEMON Tools Lite 2015-07-03 12:21 - 2015-04-30 15:05 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\Spotify 2015-07-03 12:16 - 2015-04-30 15:08 - 00000000 ____D C:\Users\8066_000\AppData\Local\Spotify 2015-07-03 12:15 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-07-03 12:09 - 2015-04-29 14:14 - 02028832 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-03 12:09 - 2013-08-23 01:12 - 00879246 _____ C:\Windows\system32\perfh015.dat 2015-07-03 12:09 - 2013-08-23 01:12 - 00199510 _____ C:\Windows\system32\perfc015.dat 2015-07-03 11:27 - 2015-04-29 14:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-06-26 13:41 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-06-23 12:41 - 2013-08-22 16:45 - 00000000 ____D C:\Windows\Setup 2015-06-23 11:58 - 2015-05-15 17:40 - 00000000 ____D C:\Users\8066_000\AppData\Local\Google 2015-06-23 11:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\FileManager 2015-06-18 08:42 - 2015-04-29 18:40 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2015-04-29 18:40 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-15 23:19 - 2015-05-01 11:55 - 00000000 ____D C:\Users\8066_000\AppData\Local\Adobe 2015-06-15 08:38 - 2013-08-22 16:44 - 05102888 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-13 11:10 - 2015-05-13 13:37 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\Foxit Software 2015-06-11 11:01 - 2015-05-19 11:04 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-06-11 11:01 - 2015-05-19 10:56 - 00000000 ____D C:\ProgramData\Adobe 2015-06-11 11:01 - 2015-04-29 14:14 - 00000000 ____D C:\Users\8066_000\AppData\Roaming\Adobe 2015-06-11 10:56 - 2015-04-29 15:48 - 00000000 ____D C:\Program Files (x86)\Windows Kits 2015-06-11 10:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-06-11 10:53 - 2015-05-07 15:45 - 00000000 ____D C:\ProgramData\Skype 2015-06-11 10:53 - 2015-04-29 14:56 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-11 10:50 - 2015-04-29 14:59 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-06-11 10:22 - 2015-04-29 16:00 - 00000000 ____D C:\Program Files\MSBuild 2015-06-09 10:16 - 2015-05-20 10:16 - 00000000 ____D C:\Users\8066_000\AppData\Local\The Witcher ==================== Files in the root of some directories ======= 2015-07-03 11:29 - 2015-07-03 11:29 - 0000000 _____ () C:\Users\8066_000\AppData\Local\Temp.dat Some files in TEMP: ==================== C:\Users\8066_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcmoajx.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-29 11:10 ==================== End of log ============================