Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015 Ran by Bozix-pan (administrator) on BOZIX (14-08-2015 20:11:07) Running from C:\Users\Bozix-pan\Downloads Loaded Profiles: Bozix-pan (Available Profiles: Bozix-pan) Platform: Windows 8.1 Pro (X64) Language: Polski (Polska) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (http://winaero.com) C:\Windows\AG.exe (Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Windows\System32\notepad.exe () C:\Windows\System32\notepad.exe () C:\Windows\System32\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [AG] => C:\WINDOWS\AG.exe [8704 2013-01-17] (http://winaero.com) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-21] (Comodo Security Solutions, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll File not found AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => "C:\Windows\SysWOW64\nvinit.dll" File not found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-06-21] ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.) Startup: C:\Users\Bozix-pan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2014-12-20] ShortcutTarget: Curse.lnk -> C:\Users\Bozix-pan\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl HKU\S-1-5-21-143263523-3770091596-503792995-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Windows\System32\OldNewExplorer64.dll [2014-02-13] (www.startisback.com) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-30] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-30] (Oracle Corporation) BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Windows\SysWow64\OldNewExplorer32.dll [2014-02-13] (www.startisback.com) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3053AA4E-99CC-4A45-8A6F-F6B41883CBBF}: [DhcpNameServer] 7.254.254.254 Tcpip\..\Interfaces\{8919913D-0045-46DE-AE51-E0F5B599F26F}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Bozix-pan\AppData\Roaming\Mozilla\Firefox\Profiles\4a3kklol.default FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Bozix-pan\AppData\Roaming\Mozilla\Firefox\Profiles\4a3kklol.default\user.js [2015-02-23] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-18] CHR Extension: (Google Docs) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18] CHR Extension: (Google Drive) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18] CHR Extension: (YouTube) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18] CHR Extension: (Google Search) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18] CHR Extension: (Google Sheets) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-18] CHR Extension: (AdBlock) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18] CHR Extension: (Gmail) - C:\Users\Bozix-pan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1995448 2015-08-13] (Comodo) R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-06-21] (Comodo Security Solutions, Inc.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-08-13] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-13] (COMODO) R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-21] (Comodo Security Solutions, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-06] (Electronic Arts) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [792016 2015-02-09] (Tunngle.net GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-04-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-04-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.) R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO) S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-02] (Disc Soft Ltd) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation) R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-12-18] (Basil Projects) U4 aspnet_state; no ImagePath U4 clr_optimization_v2.0.50727_32; no ImagePath U4 clr_optimization_v2.0.50727_64; no ImagePath U4 clr_optimization_v4.0.30319_32; no ImagePath U4 clr_optimization_v4.0.30319_64; no ImagePath U4 ehRecvr; no ImagePath U4 ehSched; no ImagePath U4 idsvc; no ImagePath U4 IPBusEnum; no ImagePath U4 Mcx2Svc; no ImagePath S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X] S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X] U4 SDRSVC; no ImagePath U3 uxldqpod; \??\C:\Users\Bozix-pan\AppData\Local\Temp\uxldqpod.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-14 20:10 - 2015-08-14 20:11 - 00000000 ____D C:\FRST 2015-08-14 19:50 - 2015-08-14 19:50 - 00577959 _____ C:\Users\Bozix-pan\Desktop\GMER.txt 2015-08-14 12:53 - 2015-08-14 12:53 - 00380416 _____ C:\Users\Bozix-pan\Downloads\bdp0db03.exe 2015-08-14 12:20 - 2015-08-14 12:20 - 02173952 _____ (Farbar) C:\Users\Bozix-pan\Downloads\FRST64.exe 2015-08-14 12:19 - 2015-08-14 20:11 - 00014893 _____ C:\Users\Bozix-pan\Downloads\FRST.txt 2015-08-13 19:09 - 2015-08-13 19:09 - 00003028 _____ C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} 2015-08-13 19:09 - 2015-08-05 02:29 - 00579408 _____ (COMODO) C:\Windows\system32\guard64.dll 2015-08-13 19:09 - 2015-08-05 02:29 - 00445472 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll 2015-08-13 19:09 - 2015-08-05 02:29 - 00041224 _____ (COMODO) C:\Windows\system32\cmdcsr.dll 2015-08-12 20:53 - 2015-08-12 20:54 - 73141626 _____ C:\Users\Bozix-pan\Downloads\Dystans.rar 2015-08-07 16:11 - 2015-08-07 16:12 - 40624326 _____ C:\Users\Bozix-pan\Downloads\materialy_targowe_2015.zip 2015-07-23 23:24 - 2015-07-23 23:24 - 00000000 ____D C:\Users\Bozix-pan\AppData\Local\CEF 2015-07-22 15:51 - 2015-07-22 15:51 - 00000000 ____D C:\Users\Bozix-pan\.android 2015-07-22 15:44 - 2015-07-22 17:30 - 00000000 ____D C:\Users\Bozix-pan\AppData\Local\Genymobile 2015-07-22 15:44 - 2015-07-22 17:21 - 00000000 ____D C:\Users\Bozix-pan\.VirtualBox 2015-07-22 15:43 - 2015-07-22 15:43 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2015-07-22 15:43 - 2015-07-22 15:43 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2015-07-22 15:43 - 2015-07-22 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2015-07-22 15:43 - 2015-07-22 15:43 - 00000000 ____D C:\Program Files\Oracle 2015-07-22 15:41 - 2015-07-22 15:42 - 00855040 _____ (Microsoft Corporation) C:\install.exe 2015-07-22 15:41 - 2015-07-22 15:41 - 00000000 ____D C:\Program Files\Genymobile 2015-07-22 15:38 - 2015-07-22 15:40 - 132187096 _____ (Genymobile ) C:\Users\Bozix-pan\Downloads\genymotion-2.5.2-vbox.exe 2015-07-18 15:35 - 2015-07-18 15:35 - 00002150 _____ C:\Users\Public\Desktop\Battlefield 1942 Secret Weapons of WWII.lnk 2015-07-17 00:54 - 2015-07-17 00:54 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-07-17 00:03 - 2015-07-17 00:03 - 00000000 ____D C:\Windows\LastGood 2015-07-17 00:03 - 2015-07-03 06:28 - 00069992 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2015-07-17 00:03 - 2015-07-03 06:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-07-17 00:03 - 2015-07-03 06:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-07-16 23:23 - 2015-07-16 23:23 - 00002150 _____ C:\Users\Public\Desktop\Battlefield 1942 The Road To Rome.lnk 2015-07-16 23:18 - 2015-07-17 00:43 - 00002140 _____ C:\Users\Public\Desktop\Battlefield 1942.lnk 2015-07-16 23:17 - 2015-07-16 23:17 - 02139391 _____ (SiMPLE ) C:\Users\Bozix-pan\Downloads\battlefield_1942_gamespy_patch_v1.61.exe 2015-07-16 23:10 - 2015-07-18 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-07-16 23:09 - 2015-07-16 23:10 - 00000000 ____D C:\Program Files (x86)\EA GAMES 2015-07-16 14:38 - 2015-08-14 19:43 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-16 14:38 - 2015-08-14 14:43 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-15 20:06 - 2015-07-15 20:06 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-15 20:06 - 2015-07-15 20:06 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-14 20:05 - 2015-07-03 22:49 - 00498614 _____ C:\Windows\system32\Drivers\fvstore.dat 2015-08-14 20:02 - 2015-06-21 10:55 - 00873296 _____ C:\Windows\system32\Drivers\sfi.dat 2015-08-14 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-14 13:15 - 2014-12-18 15:21 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-143263523-3770091596-503792995-1001 2015-08-14 12:43 - 2015-03-09 23:48 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-14 12:42 - 2015-04-15 21:27 - 00005508 _____ C:\Windows\PFRO.log 2015-08-14 12:40 - 2015-07-02 00:05 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-08-14 12:16 - 2015-03-12 23:43 - 01348791 _____ C:\Windows\WindowsUpdate.log 2015-08-14 12:02 - 2014-12-18 15:03 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll 2015-08-14 12:02 - 2014-12-18 15:02 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe 2015-08-14 12:02 - 2014-12-18 15:02 - 00017920 _____ C:\Windows\system32\rpcnetp.exe 2015-08-14 11:51 - 2014-03-18 11:56 - 02157582 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-14 11:51 - 2014-03-18 11:28 - 01051882 _____ C:\Windows\system32\perfh015.dat 2015-08-14 11:51 - 2014-03-18 11:28 - 00247018 _____ C:\Windows\system32\perfc015.dat 2015-08-14 00:37 - 2015-01-24 16:45 - 00000000 ____D C:\Users\Bozix-pan\AppData\Local\Battle.net 2015-08-14 00:37 - 2014-12-20 00:12 - 00000000 ____D C:\Users\Bozix-pan\AppData\Roaming\Curse Client 2015-08-13 23:23 - 2015-06-29 16:45 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-08-13 20:47 - 2014-12-23 20:30 - 00000000 ____D C:\Users\Bozix-pan\AppData\Roaming\TS3Client 2015-08-13 19:09 - 2015-06-21 10:56 - 00002001 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk 2015-08-13 14:44 - 2014-12-18 15:19 - 00002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-13 11:36 - 2014-12-28 15:56 - 00000000 ____D C:\Users\Bozix-pan\AppData\Roaming\foobar2000 2015-08-05 02:31 - 2015-06-05 14:36 - 00827632 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys 2015-08-05 02:31 - 2015-06-05 14:36 - 00127232 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2015-08-05 02:31 - 2015-06-05 14:36 - 00035056 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2015-08-05 02:31 - 2015-06-05 14:36 - 00021720 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2015-08-05 02:28 - 2015-06-05 14:33 - 00358080 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll 2015-08-05 02:28 - 2015-06-05 14:32 - 00045760 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll 2015-08-05 02:27 - 2015-06-05 14:31 - 00288448 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll 2015-08-05 02:26 - 2015-06-05 14:31 - 00040640 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll 2015-08-03 01:09 - 2014-12-18 15:09 - 00000000 ____D C:\Users\Bozix-pan 2015-07-22 15:44 - 2014-05-16 14:03 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys 2015-07-22 15:44 - 2014-05-16 14:01 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll 2015-07-22 15:43 - 2014-05-16 14:03 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2015-07-18 15:36 - 2015-07-11 21:11 - 00001070 _____ C:\Windows\eReg.dat 2015-07-18 15:32 - 2014-12-18 15:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-17 00:56 - 2014-12-18 15:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-07-17 00:55 - 2014-12-18 15:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-07-17 00:55 - 2014-12-18 15:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-07-17 00:06 - 2014-12-18 15:39 - 00000000 ____D C:\Users\Bozix-pan\AppData\Local\NVIDIA Corporation 2015-07-17 00:04 - 2015-03-14 02:05 - 00001796 _____ C:\Windows\setupact.log 2015-07-16 14:38 - 2015-05-22 17:32 - 00004040 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 14:38 - 2015-05-22 17:32 - 00003804 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2014-12-18 15:28 - 2014-12-18 15:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Bozix-pan\AppData\Local\Temp\bitool.dll C:\Users\Bozix-pan\AppData\Local\Temp\ose00000.exe C:\Users\Bozix-pan\AppData\Local\Temp\uttDC72.tmp.exe Some zero byte size files/folders: ========================== C:\Windows\SysWOW64\NTAgent.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-08 16:59 ==================== End of log ============================