Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015 Ran by user (administrator) on PC (20-08-2015 13:27:41) Running from C:\Users\user\Downloads Loaded Profiles: user (Available Profiles: user) Platform: Windows 8.1 Pro (X64) Language: Polski (Polska) Internet Explorer Version 11 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (LogMeIn Inc.) E:\r&f\hamachi-2.exe (LogMeIn, Inc.) E:\r&f\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (LogMeIn Inc.) E:\r&f\hamachi-2-ui.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (LogMeIn, Inc.) E:\r&f\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Electronic Arts) E:\Origin\Origin.exe () C:\Program Files (x86)\screenSHU\screenSHU.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Users\user\Downloads\c6zr5j63.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2015-04-08] (Power Software Ltd) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\r&f\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-05] (Spotify Ltd) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-05] (Spotify Ltd) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [Steam] => E:\Steam\steam.exe [2899136 2015-08-12] (Valve Corporation) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [EADM] => E:\Origin\Origin.exe [3632112 2015-07-29] (Electronic Arts) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [screenSHU] => C:\Program Files (x86)\screenSHU\screenSHU.exe [2112000 2013-09-04] () HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-08-13] (Overwolf LTD) HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\..\Interfaces\{D5595FDD-0588-4376-B040-7BBB9EB9591A}: [DhcpNameServer] 192.241.157.79 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mgjo5sds.default FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File] FF Extension: Ghostery - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mgjo5sds.default\Extensions\firefox@ghostery.com.xpi [2015-08-20] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mgjo5sds.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-20] Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-01] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-23] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-01] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-01] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-01] CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-01] CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-02] CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-23] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-01] CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3 CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 4 CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-20] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-20] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-20] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20] CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation) R2 Hamachi2Svc; E:\r&f\hamachi-2.exe [2545512 2015-08-03] (LogMeIn Inc.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation) S3 Origin Client Service; E:\Origin\OriginClientService.exe [2007048 2015-07-29] (Electronic Arts) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1006320 2015-08-13] (Overwolf LTD) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-23] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-23] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S5 3ware; C:\Windows\System32\drivers\3ware.sys [108896 2013-08-22] (LSI) R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [533824 2014-11-23] (Microsoft Corporation) R5 acpiex; C:\Windows\System32\Drivers\acpiex.sys [79712 2013-08-22] (Microsoft Corporation) S5 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S5 agp440; C:\Windows\System32\drivers\agp440.sys [62304 2013-08-22] (Microsoft Corporation) S5 amdsata; C:\Windows\System32\drivers\amdsata.sys [79200 2013-08-22] (Advanced Micro Devices) S5 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259424 2013-08-22] (AMD Technologies Inc.) S5 amdxata; C:\Windows\System32\drivers\amdxata.sys [25952 2013-08-22] (Advanced Micro Devices) S5 arcsas; C:\Windows\System32\drivers\arcsas.sys [114016 2013-08-22] (PMC-Sierra, Inc.) S5 atapi; C:\Windows\System32\drivers\atapi.sys [26464 2013-08-22] (Microsoft Corporation) S5 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation) R5 CLFS; C:\Windows\System32\drivers\CLFS.sys [376152 2014-09-24] (Microsoft Corporation) R5 CNG; C:\Windows\System32\Drivers\cng.sys [563976 2014-11-23] (Microsoft Corporation) R5 disk; C:\Windows\System32\drivers\disk.sys [100192 2013-08-22] (Microsoft Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-31] (Disc Soft Ltd) S5 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S5 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [82784 2013-08-22] (Microsoft Corporation) S5 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [114016 2013-08-22] (Microsoft Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-01-30] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] () R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [79192 2014-09-24] (Microsoft Corporation) R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [354112 2014-11-23] (Microsoft Corporation) U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [30048 2013-08-22] (Microsoft Corporation) R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [589656 2014-09-24] (Microsoft Corporation) S5 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [65888 2013-08-22] (Microsoft Corporation) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.) S5 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] (Hewlett-Packard Company) S5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24416 2013-08-22] (Microsoft Corporation) S5 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) S5 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412000 2013-08-22] (Intel Corporation) S5 intelide; C:\Windows\System32\drivers\intelide.sys [18272 2013-08-22] (Microsoft Corporation) R5 intelpep; C:\Windows\System32\drivers\intelpep.sys [39744 2014-11-23] (Microsoft Corporation) S5 isapnp; C:\Windows\System32\drivers\isapnp.sys [21856 2013-08-22] (Microsoft Corporation) R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [100672 2014-11-23] (Microsoft Corporation) R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [177472 2014-11-23] (Microsoft Corporation) S5 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [109408 2013-08-22] (LSI Corporation) S5 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [93536 2013-08-22] (LSI Corporation) S5 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) S5 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82784 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) S5 megasas; C:\Windows\System32\drivers\megasas.sys [56672 2013-08-22] (LSI Corporation) S5 megasr; C:\Windows\System32\drivers\megasr.sys [575840 2013-08-22] (LSI Corporation, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [102208 2014-11-23] (Microsoft Corporation) R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17248 2013-08-22] (Microsoft Corporation) R5 Mup; C:\Windows\System32\Drivers\mup.sys [78688 2013-08-22] (Microsoft Corporation) S5 mvumis; C:\Windows\System32\drivers\mvumis.sys [63840 2013-08-22] (Marvell Semiconductor, Inc.) R5 NDIS; C:\Windows\System32\drivers\ndis.sys [1114432 2014-11-23] (Microsoft Corporation) S5 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2013-08-22] (NVIDIA Corporation) S5 nvstor; C:\Windows\System32\drivers\nvstor.sys [168288 2013-08-22] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S5 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [124768 2013-08-22] (Microsoft Corporation) R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [88896 2014-11-23] (Microsoft Corporation) R5 pci; C:\Windows\System32\drivers\pci.sys [280384 2014-09-24] (Microsoft Corporation) S5 pciide; C:\Windows\System32\drivers\pciide.sys [14688 2013-08-22] (Microsoft Corporation) S5 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [114528 2013-08-22] (Microsoft Corporation) R5 pcw; C:\Windows\System32\drivers\pcw.sys [50016 2013-08-22] (Microsoft Corporation) R5 pdc; C:\Windows\System32\drivers\pdc.sys [86336 2014-11-23] (Microsoft Corporation) R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [249688 2014-09-24] (Microsoft Corporation) S3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2013-06-18] (Realtek Semiconductor Corporation ) S5 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107872 2013-08-22] (Microsoft Corporation) S5 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Silicon Integrated Systems Corp.) S5 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2013-08-22] (Silicon Integrated Systems) R5 spaceport; C:\Windows\System32\drivers\spaceport.sys [415040 2014-11-23] (Microsoft Corporation) S5 stexstor; C:\Windows\System32\drivers\stexstor.sys [31072 2013-08-22] (Promise Technology, Inc.) R5 storahci; C:\Windows\System32\drivers\storahci.sys [107872 2013-08-22] (Microsoft Corporation) S5 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [49984 2013-08-22] (Microsoft Corporation) S5 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-09-24] (Microsoft Corporation) S5 storvsc; C:\Windows\System32\drivers\storvsc.sys [45888 2013-08-22] (Microsoft Corporation) R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2485056 2014-11-23] (Microsoft Corporation) S5 uagp35; C:\Windows\System32\drivers\uagp35.sys [64864 2013-08-22] (Microsoft Corporation) S5 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [65888 2013-08-22] (Microsoft Corporation) R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [37728 2013-08-22] (Microsoft Corporation) S5 viaide; C:\Windows\System32\drivers\viaide.sys [19808 2013-08-22] (VIA Technologies, Inc.) S5 vmbus; C:\Windows\System32\drivers\vmbus.sys [97048 2014-11-23] (Microsoft Corporation) R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [73568 2013-08-22] (Microsoft Corporation) R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [377696 2013-08-22] (Microsoft Corporation) R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [310080 2014-09-24] (Microsoft Corporation) S5 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIA Technologies Inc.,Ltd) S5 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305504 2013-08-22] (VIA Corporation) R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [839488 2013-08-22] (Microsoft Corporation) R5 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [136512 2014-11-23] (Microsoft Corporation) R5 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-09-24] (Microsoft Corporation) S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] U3 pxldapow; \??\C:\Users\user\AppData\Local\Temp\pxldapow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-20 13:24 - 2015-08-20 13:24 - 1743329734 _____ C:\Windows\MEMORY.DMP 2015-08-20 13:24 - 2015-08-20 13:24 - 00372384 _____ C:\Windows\Minidump\082015-24296-01.dmp 2015-08-20 13:24 - 2015-08-20 13:24 - 00000000 ____D C:\Windows\Minidump 2015-08-20 13:06 - 2015-08-20 13:07 - 00044774 _____ C:\Users\user\Downloads\Shortcut.txt 2015-08-20 13:05 - 2015-08-20 13:07 - 00037037 _____ C:\Users\user\Downloads\Addition.txt 2015-08-20 13:04 - 2015-08-20 13:28 - 00025198 _____ C:\Users\user\Downloads\FRST.txt 2015-08-20 13:04 - 2015-08-20 13:27 - 00000000 ____D C:\FRST 2015-08-20 13:03 - 2015-08-20 13:03 - 00380416 _____ C:\Users\user\Downloads\c6zr5j63.exe 2015-08-20 13:00 - 2015-08-20 13:13 - 00000000 ____D C:\Users\user\Desktop\logi 2015-08-20 12:48 - 2015-08-20 12:48 - 02173952 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2015-08-20 12:16 - 2015-08-20 12:22 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla 2015-08-20 12:16 - 2015-08-20 12:16 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-08-20 12:16 - 2015-08-20 12:16 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-08-20 12:16 - 2015-08-20 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-20 12:16 - 2015-08-20 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-20 12:08 - 2015-08-20 12:08 - 02870984 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_plk.exe 2015-08-20 12:08 - 2015-08-20 12:08 - 00000000 ____D C:\Program Files (x86)\ESET 2015-08-20 12:03 - 2015-08-20 13:03 - 00000408 __RSH C:\ProgramData\ntuser.pol 2015-08-20 12:01 - 2015-08-20 12:01 - 00827816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\user\Downloads\rufus-2.2.exe 2015-08-20 11:43 - 2015-08-20 11:43 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security 2015-08-20 11:29 - 2015-08-20 11:29 - 01798576 _____ (Malwarebytes Corporation) C:\Users\user\Downloads\JRT.exe 2015-08-20 11:17 - 2015-08-20 13:24 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-20 11:17 - 2015-08-20 11:17 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-20 11:17 - 2015-08-20 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-20 11:17 - 2015-08-20 11:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-20 11:17 - 2015-08-20 11:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-20 11:17 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-20 11:17 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-20 11:17 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-20 11:16 - 2015-08-20 11:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057 (1).exe 2015-08-20 11:16 - 2015-08-20 11:16 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-20 11:06 - 2015-08-20 11:06 - 00000000 ____D C:\Users\user\Doctor Web 2015-08-20 11:03 - 2015-08-20 11:06 - 170082696 _____ C:\Users\user\Downloads\drweb-cureit.exe 2015-08-20 03:00 - 2015-08-20 03:00 - 00000000 ____D C:\Users\user\AppData\Local\NPE 2015-08-20 02:51 - 2015-08-20 11:45 - 00000000 ____D C:\ProgramData\Norton 2015-08-20 02:50 - 2015-08-20 02:51 - 115397264 ____N (Symantec Corporation) C:\Users\user\Downloads\NS-TW-22.0.0-PL.exe 2015-08-20 02:48 - 2015-08-20 02:49 - 00000000 ____D C:\ProgramData\MFAData 2015-08-20 02:48 - 2015-08-20 02:48 - 00000000 ____D C:\Users\user\AppData\Local\MFAData 2015-08-20 02:48 - 2015-08-20 02:48 - 00000000 ____D C:\Users\user\AppData\Local\Avg2015 2015-08-20 02:47 - 2015-08-20 02:51 - 00000000 ____D C:\ProgramData\Avg 2015-08-20 02:47 - 2015-08-20 02:51 - 00000000 ____D C:\Program Files (x86)\AVG 2015-08-20 02:47 - 2015-08-20 02:50 - 00000000 ____D C:\Users\user\AppData\Local\AvgSetupLog 2015-08-20 02:47 - 2015-08-20 02:47 - 00000000 ____D C:\Users\user\AppData\Local\Avg 2015-08-20 02:46 - 2015-08-20 02:47 - 16902256 _____ (AVG Technologies) C:\Users\user\Downloads\avg_gsr_stb_all_ltst_635.exe 2015-08-20 02:20 - 2015-08-20 02:20 - 01585664 _____ C:\Users\user\Downloads\adwcleaner_5.002_www.INSTALKI.pl.exe 2015-08-19 12:23 - 2015-07-05 12:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-08-19 11:45 - 2015-08-19 11:45 - 01563648 _____ C:\Users\user\Downloads\AdwCleaner.pl 5.exe 2015-08-19 11:45 - 2015-08-19 11:45 - 00000784 _____ C:\AdwCleaner[S2].txt 2015-08-18 18:40 - 2015-08-19 15:54 - 00000000 ____D C:\Users\user\Documents\Gothic3 2015-08-18 18:37 - 2015-08-18 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III 2015-08-18 18:37 - 2015-08-18 18:37 - 00001315 _____ C:\Users\Public\Desktop\Gothic III.lnk 2015-08-18 18:36 - 2015-08-18 18:36 - 00000000 ____D C:\Program Files (x86)\JoWooD Productions Software AG 2015-08-18 16:52 - 2015-08-18 16:52 - 00008742 _____ C:\AdwCleaner[C1].txt 2015-08-18 16:51 - 2015-08-20 02:20 - 00000000 ____D C:\AdwCleaner 2015-08-18 16:51 - 2015-08-18 16:51 - 01573888 _____ C:\Users\user\Downloads\adwcleaner_5.001_www.INSTALKI.pl.exe 2015-08-18 16:51 - 2015-08-18 16:51 - 00010688 _____ C:\AdwCleaner[S1].txt 2015-08-18 15:46 - 2015-08-18 15:46 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\sh-remover.exe 2015-08-18 15:11 - 2015-08-18 16:47 - 00213257 _____ C:\spyhunter.fix 2015-08-18 15:11 - 2015-01-30 17:12 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe 2015-08-17 03:18 - 2015-08-17 03:40 - 00000000 ____D C:\Users\user\Downloads\Microsoft Windows 10 Home and Pro x64 Clean ISO 2015-08-14 21:32 - 2015-08-14 21:32 - 00031057 _____ C:\Users\user\Downloads\LauncherHC (1).jar 2015-08-12 16:21 - 2015-08-12 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-08-03 16:33 - 2015-08-03 16:33 - 24018944 _____ C:\Users\user\Downloads\OldSchool.msi 2015-08-03 12:12 - 2015-08-03 12:12 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2015-07-31 18:58 - 2015-07-31 18:58 - 00000000 ____D C:\Users\user\Downloads\ChomikBox 2015-07-31 18:46 - 2015-07-31 18:46 - 00000000 ____D C:\Program Files (x86)\Disc Soft 2015-07-31 18:45 - 2015-08-03 11:16 - 00000000 ____D C:\Users\user\AppData\Local\ChomikBox 2015-07-31 18:45 - 2015-08-02 00:24 - 00000000 ____D C:\Users\user\AppData\Roaming\DAEMON Tools Lite 2015-07-31 18:45 - 2015-07-31 18:48 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-07-31 18:45 - 2015-07-31 18:46 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-07-31 18:45 - 2015-07-31 18:45 - 00001785 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2015-07-31 18:45 - 2015-07-31 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-07-31 18:45 - 2015-07-31 18:45 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2015-07-31 18:44 - 2015-07-31 18:45 - 28266496 _____ C:\Users\user\Downloads\ChomikBox.msi 2015-07-31 18:42 - 2015-07-31 18:42 - 01709792 _____ (Disc Soft Ltd.) C:\Users\user\Downloads\DTLiteInstaller.exe 2015-07-31 18:42 - 2015-07-31 18:42 - 00797479 _____ C:\Users\user\Downloads\DAEMON-Tools-Lite-12708-dp.zip 2015-07-30 13:53 - 2015-07-30 13:53 - 00002051 _____ C:\Users\Public\Desktop\Action!.lnk 2015-07-30 11:35 - 2015-07-31 16:32 - 00000000 ____D C:\Users\user\Documents\Camtasia Studio 2015-07-30 11:35 - 2015-07-30 11:35 - 00000000 ____D C:\Users\user\AppData\Roaming\TechSmith 2015-07-30 11:35 - 2015-07-30 11:35 - 00000000 ____D C:\Users\user\AppData\Local\TechSmith 2015-07-30 11:33 - 2015-07-30 13:32 - 00000000 ____D C:\Users\user\Documents\Bandicam 2015-07-30 11:33 - 2015-07-30 11:33 - 00001000 _____ C:\Users\user\Desktop\Bandicam.lnk 2015-07-30 11:33 - 2015-07-30 11:33 - 00000000 ____D C:\Users\user\AppData\Roaming\BANDISOFT 2015-07-30 11:33 - 2015-07-30 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2015-07-30 11:33 - 2015-07-30 11:33 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1 2015-07-30 11:33 - 2015-07-30 11:33 - 00000000 ____D C:\Program Files (x86)\Bandicam 2015-07-30 11:32 - 2015-07-30 11:33 - 10958336 _____ (Bandisoft) C:\Users\user\Downloads\bdcamsetup.exe 2015-07-30 11:32 - 2015-07-30 11:32 - 00001184 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk 2015-07-30 11:32 - 2015-07-30 11:32 - 00000000 ____D C:\ProgramData\TechSmith 2015-07-30 11:32 - 2015-07-30 11:32 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith 2015-07-30 11:32 - 2015-07-30 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2015-07-30 11:32 - 2015-07-30 11:32 - 00000000 ____D C:\Program Files (x86)\TechSmith 2015-07-30 11:32 - 2015-07-30 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime 2015-07-30 11:27 - 2015-07-30 11:31 - 259561272 _____ C:\Users\user\Downloads\camtasia.exe 2015-07-29 11:30 - 2015-07-29 11:30 - 543791604 _____ C:\Users\user\Downloads\Video 2015-07-28 23-41-49.avi 2015-07-28 23:03 - 2015-07-30 13:52 - 00000000 ____D C:\Program Files (x86)\Mirillis 2015-07-28 23:02 - 2015-07-28 23:03 - 19780072 _____ (Mirillis Ltd.) C:\Users\user\Downloads\action_1_25_5_setup.exe 2015-07-28 19:39 - 2015-07-28 19:39 - 06485453 _____ C:\Users\user\Downloads\1.7.10.mchc.jar 2015-07-28 19:36 - 2015-07-28 19:36 - 01099297 _____ C:\Users\user\Downloads\SkyLand.exe 2015-07-28 19:23 - 2015-07-28 19:23 - 00031089 _____ C:\Users\user\Downloads\LauncherHC.jar 2015-07-28 00:53 - 2015-07-28 00:53 - 00000000 ____D C:\Users\user\Downloads\training_aim_csgo2-dev 2015-07-28 00:52 - 2015-07-28 00:52 - 37297236 _____ C:\Users\user\Downloads\training_aim_csgo2-dev.zip 2015-07-27 13:34 - 2015-07-27 13:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk 2015-07-27 13:34 - 2015-07-27 13:34 - 00002034 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2015-07-27 13:34 - 2015-07-27 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-07-27 13:34 - 2015-07-27 13:34 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-27 13:29 - 2015-08-03 17:36 - 00000000 ____D C:\Windows\system32\appmgmt 2015-07-27 13:29 - 2015-07-27 13:34 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2015-07-27 12:09 - 2015-07-27 13:34 - 00000000 ____D C:\ProgramData\Adobe 2015-07-27 12:07 - 2015-07-27 12:07 - 00000000 ____D C:\Program Files (x86)\GOG.com 2015-07-26 13:00 - 2015-07-26 13:00 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2015-07-26 12:54 - 2015-07-26 12:54 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2015-07-23 22:34 - 2015-08-06 20:00 - 00000000 ____D C:\Users\user\AppData\Local\Purplizer 2015-07-23 22:32 - 2015-08-19 19:22 - 00000000 ____D C:\Program Files (x86)\Overwolf 2015-07-23 22:32 - 2015-07-23 22:32 - 00003726 _____ C:\Windows\System32\Tasks\Overwolf Updater Task 2015-07-23 22:32 - 2015-07-23 22:32 - 00001981 _____ C:\Users\Public\Desktop\Overwolf.lnk 2015-07-23 22:32 - 2015-07-23 22:32 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2015-07-23 22:32 - 2015-07-23 22:32 - 00000000 ____D C:\ProgramData\Overwolf 2015-07-23 22:30 - 2015-08-20 13:25 - 00000000 ____D C:\Users\user\AppData\Local\Overwolf 2015-07-22 02:05 - 2015-07-22 02:05 - 00000000 ____D C:\Users\user\AppData\Local\CEF 2015-07-22 02:01 - 2015-07-22 02:03 - 00000000 ____D C:\Users\user\Documents\Heroes of the Storm 2015-07-22 01:45 - 2015-07-22 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2015-07-22 01:22 - 2015-07-29 18:17 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm 2015-07-22 01:21 - 2015-08-10 17:15 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net 2015-07-22 01:21 - 2015-08-10 17:15 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-07-22 01:21 - 2015-07-31 12:50 - 00000000 ____D C:\Users\user\AppData\Roaming\Battle.net 2015-07-22 01:21 - 2015-07-22 02:01 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2015-07-22 01:21 - 2015-07-22 01:21 - 00001111 _____ C:\Users\Public\Desktop\Battle.net.lnk 2015-07-22 01:21 - 2015-07-22 01:21 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment 2015-07-22 01:21 - 2015-07-22 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-07-22 01:19 - 2015-07-22 01:19 - 00000000 ____D C:\ProgramData\Battle.net ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-20 13:26 - 2015-06-18 20:02 - 01121908 _____ C:\Windows\WindowsUpdate.log 2015-08-20 13:25 - 2015-07-09 12:14 - 00000000 ____D C:\Users\user\AppData\Local\screenSHU 2015-08-20 13:25 - 2015-06-25 09:53 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi 2015-08-20 13:25 - 2015-05-27 16:26 - 00000000 ____D C:\Users\user\OneDrive 2015-08-20 13:25 - 2015-05-25 19:54 - 00000000 ____D C:\ProgramData\Origin 2015-08-20 13:25 - 2015-05-23 21:45 - 00001022 _____ C:\Windows\Tasks\GKOu5KI8J0Fu65ilvAMpBHle.job 2015-08-20 13:25 - 2015-05-23 21:35 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-20 13:24 - 2015-05-23 21:30 - 00000000 ____D C:\ProgramData\NVIDIA 2015-08-20 13:24 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-20 13:12 - 2015-05-24 22:48 - 00000000 ____D C:\Users\user\AppData\Local\Spotify 2015-08-20 13:04 - 2015-06-04 08:58 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps 2015-08-20 13:04 - 2015-05-24 22:47 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify 2015-08-20 13:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-20 12:52 - 2015-05-23 21:35 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-20 12:16 - 2015-05-24 20:18 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla 2015-08-20 12:15 - 2015-05-31 10:33 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2015-08-20 12:15 - 2015-05-24 01:22 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1854063861-834038236-3450837710-1001 2015-08-20 12:06 - 2015-05-23 21:34 - 00003956 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E0C05B2C-BAE0-48D8-8DC1-5C1C7E16F732} 2015-08-20 12:03 - 2014-09-24 17:08 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-20 12:03 - 2014-09-24 16:35 - 00805918 _____ C:\Windows\system32\perfh015.dat 2015-08-20 12:03 - 2014-09-24 16:35 - 00163272 _____ C:\Windows\system32\perfc015.dat 2015-08-20 12:03 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-08-20 12:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2015-08-20 11:45 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-08-20 11:44 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-20 11:43 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-08-20 11:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Registration 2015-08-20 09:36 - 2015-04-19 14:20 - 00000626 _____ C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle 2015-08-20 03:23 - 2015-05-23 21:48 - 00000000 ____D C:\Users\user\AppData\Roaming\03000200-1432410507-0500-0006-000700080009 2015-08-20 01:55 - 2015-05-24 20:47 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client 2015-08-19 12:33 - 2015-05-24 15:14 - 00000000 ____D C:\Program Files\KMSpico 2015-08-18 18:37 - 2015-05-24 02:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-17 18:37 - 2015-06-30 20:10 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft 2015-08-16 15:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing 2015-08-16 15:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF 2015-08-15 23:27 - 2015-06-21 13:22 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraftzyczu 2015-08-15 14:45 - 2015-05-25 21:29 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2015-08-13 15:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-08-13 10:05 - 2015-07-03 16:41 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-08-12 16:21 - 2015-06-25 09:52 - 00000527 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2015-08-06 18:29 - 2015-05-24 01:17 - 00000000 ____D C:\Users\user\AppData\Local\Packages 2015-08-03 17:35 - 2015-06-04 08:58 - 00000000 ____D C:\Users\user\Documents\My Games 2015-08-03 17:35 - 2015-06-04 08:58 - 00000000 ____D C:\ProgramData\Orbit 2015-08-03 17:35 - 2015-05-31 13:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-08-02 17:44 - 2015-06-05 23:07 - 00000000 ___HD C:\Windows\msdownld.tmp 2015-08-01 00:30 - 2015-07-12 12:39 - 00000557 _____ C:\Users\user\Desktop\Nowy dokument tekstowy (2).txt 2015-07-30 13:53 - 2015-06-23 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2015-07-27 12:43 - 2015-05-24 01:17 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore 2015-07-22 22:14 - 2015-05-25 19:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Origin ==================== Files in the root of some directories ======= 2015-04-19 14:20 - 2015-08-20 09:36 - 0000626 _____ () C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\sfamcc00001.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-18 19:51 ==================== End of log ============================