Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015 02 Ran by Gigi (administrator) on GIGI-PC (21-08-2015 21:20:37) Running from C:\Users\Gigi\Downloads Loaded Profiles: Gigi (Available Profiles: Gigi) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\ravmond.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe (DTools LIMITED) C:\ProgramData\2WinManPro2\ProtectWindowsManager.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (ObjectB) C:\Program Files\Object Browser\94363665-e5b2-46a4-9537-931b64f22070-1-6.exe (OB) C:\Program Files\SavePass 1.1\90f2022c-6055-4545-b1d2-336d7d0b7c7e-10.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (Webby) C:\Program Files\iWebar\a898711e-247c-46c3-b277-99f4d61cc845-1-6.exe (AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe () C:\Program Files\ASUS\Wireless Console 3\wcourier.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (ETRWTER) C:\Program Files\fr\fr.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\popwndexe.exe () C:\Program Files\baidu\pps.exe (OB) C:\Program Files\SavePass 1.1\90f2022c-6055-4545-b1d2-336d7d0b7c7e-1-6.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe () C:\Program Files\YTDownloader\BrowserHelperSrv.exe () C:\Program Files\DE813BDB-1439824367-7562-B700-90E6BA060873\hnsm2A7B.tmp () C:\Program Files\DE813BDB-1439824367-7562-B700-90E6BA060873\jnsx1390.tmp (XTab system) C:\Program Files\MiniLite\ProtectService.exe (Goobzo) C:\Program Files\YTDownloader\BrowserHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\updater.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2009-04-10] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS) HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2015-07-15] (Kaspersky Lab ZAO) HKLM\...\Run: [ospd_us_013010062] => [X] HKLM\...\Run: [fr] => C:\Program Files\fr\fr.exe [262144 2015-08-11] (ETRWTER) HKLM\...\Run: [RSDTRAY] => C:\Program Files\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988528 2015-08-16] (YTDownloader) HKLM\...\Run: [gmsd_pl_005010062] => [X] HKLM\...\Run: [gmsd_pl_005010066] => [X] HKU\S-1-5-21-446619337-4208120879-3162927107-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd) HKU\S-1-5-21-446619337-4208120879-3162927107-1001\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988528 2015-08-16] (YTDownloader) HKU\S-1-5-21-446619337-4208120879-3162927107-1001\...\Run: [apphide] => C:\Program Files\baidu\pps.exe [77824 2015-08-12] () HKU\S-1-5-21-446619337-4208120879-3162927107-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2015-07-13] ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699&q={searchTerms} HKU\S-1-5-21-446619337-4208120879-3162927107-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699 HKU\S-1-5-21-446619337-4208120879-3162927107-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-446619337-4208120879-3162927107-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699&q={searchTerms} SearchScopes: HKU\S-1-5-21-446619337-4208120879-3162927107-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699&q={searchTerms} SearchScopes: HKU\S-1-5-21-446619337-4208120879-3162927107-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699&q={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-07-15] (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-07-15] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2015-07-15] (Kaspersky Lab ZAO) BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-08-17] (Goobzo Ltd.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2015-07-15] (Kaspersky Lab ZAO) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-08-01] () Toolbar: HKU\S-1-5-21-446619337-4208120879-3162927107-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-08-01] () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{39A2655E-618D-4F07-A3CD-3B52D3BCD391}: [NameServer] 52.17.204.69,8.8.8.8 Tcpip\..\Interfaces\{39A2655E-618D-4F07-A3CD-3B52D3BCD391}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 52.17.204.69,8.8.8.8 Tcpip\..\Interfaces\{F9499AF4-EE1B-47BC-A0CA-326BE525D136}: [NameServer] 52.17.204.69,8.8.8.8 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1439824493&z=172e21e97dc68768af7ea0fg6z0cetcb7o9zbz6e8e&from=obw&uid=3219913727_67194_BCF5F699 FireFox: ======== FF ProfilePath: C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] () FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [No File] FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-21] (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-21] (globalUpdate) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-446619337-4208120879-3162927107-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File FF Plugin HKU\S-1-5-21-446619337-4208120879-3162927107-1001: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll No File FF Plugin HKU\S-1-5-21-446619337-4208120879-3162927107-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gigi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF Extension: iWebar - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [2015-08-17] FF Extension: SavePass 1.1 - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [2015-08-17] FF Extension: Object Browser - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2015-08-21] FF Extension: DAEMON Tools Toolbar - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\DTToolbar@toolbarnet.com [2015-07-25] FF Extension: 6BB5760DF97E421BAF5B8457A90C3CED - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED} [2015-08-21] FF Extension: Shopper-Pro - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-08-17] FF Extension: uBlock Origin - C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\mdh53bp1.default\Extensions\uBlock0@raymondhill.net.xpi [2015-07-15] FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2015-07-15] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2015-07-15] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2015-07-15] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-08-21] Chrome: ======= CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh Opera: ======= OPR Extension: (SavePass 1.1) - C:\Users\Gigi\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-08-17] OPR Extension: (iWebar) - C:\Users\Gigi\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-08-17] OPR Extension: (Object Browser) - C:\Users\Gigi\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan [2015-08-17] StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.mystartsearch.com/?type=sc&ts=1439825022&z=fdc06c290dfdb6828761f4fg6z3c4t7bco9zft2c3e&from=cmi&uid=3219913727_67194_BCF5F699 ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-16] (ASUS) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2015-07-15] (Kaspersky Lab ZAO) R2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-08-16] () R2 comyninu; C:\Program Files\DE813BDB-1439824367-7562-B700-90E6BA060873\hnsm2A7B.tmp [161792 2015-08-17] () [File not signed] S2 FastBootAgent; C:\Windows\system32\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.) S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-08-21] (globalUpdate) [File not signed] <==== ATTENTION S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-08-21] (globalUpdate) [File not signed] <==== ATTENTION R2 hyverumu; C:\Program Files\DE813BDB-1439824367-7562-B700-90E6BA060873\jnsx1390.tmp [209920 2015-08-17] () [File not signed] R2 IHProtect Service; C:\Program Files\MiniLite\ProtectService.exe [129688 2015-08-20] (XTab system) R2 RsMgrSvc; C:\Program Files\Rising\RSD\RsMgrSvc.exe [196288 2015-08-21] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\2WinManPro2\ProtectWindowsManager.exe [708264 2015-08-21] (DTools LIMITED) <==== ATTENTION ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-20] (Microsoft Corporation) R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2010-11-20] (Advanced Micro Devices) R5 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-14] (Microsoft Corporation) R5 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R5 CNG; C:\Windows\System32\Drivers\cng.sys [369568 2009-07-14] (Microsoft Corporation) R5 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] (Microsoft Corporation) R5 Disk; C:\Windows\System32\drivers\disk.sys [57424 2009-07-14] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2015-07-25] (DT Soft Ltd) R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] (Microsoft Corporation) R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] (Microsoft Corporation) U5 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19536 2009-07-14] (Microsoft Corporation) R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [194800 2010-11-20] (Microsoft Corporation) R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] (Microsoft Corporation) R1 kguard; C:\Windows\System32\DRIVERS\kguard.sys [68376 2014-05-14] (Beijing Rising Information Technology Co., Ltd.) R5 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2015-07-15] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2015-07-15] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2015-07-15] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2015-07-15] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2015-07-15] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2015-07-15] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145224 2015-07-15] (Kaspersky Lab ZAO) R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67456 2010-11-20] (Microsoft Corporation) R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [133200 2009-07-14] (Microsoft Corporation) R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] (Microsoft Corporation) R5 msahci; C:\Windows\System32\drivers\msahci.sys [28032 2010-11-20] (Microsoft Corporation) R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2015-07-13] (ASUS) R5 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] (Microsoft Corporation) R5 NDIS; C:\Windows\System32\drivers\ndis.sys [712576 2010-11-20] (Microsoft Corporation) R5 nvstor32; C:\Windows\System32\DRIVERS\nvstor32.sys [212000 2009-06-29] (NVIDIA Corporation) R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [56192 2010-11-20] (Microsoft Corporation) R5 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] (Microsoft Corporation) R5 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] (Microsoft Corporation) R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] (Microsoft Corporation) R2 rsdsys; C:\Windows\system32\drivers\protreg.sys [24120 2014-05-28] (Beijing Rising Information Technology Co., Ltd.) R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [58664 2014-08-15] (Beijing Rising Information Technology Co., Ltd.) R2 sbmntr; C:\Program Files\YTDownloader\sbmntr.sys [49824 2015-08-16] (YTDownloader) S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [26112 2015-08-17] () [File not signed] R2 SPDRIVER_Unknown; C:\Program Files\ShopperPro\JSDriver\Unknown\jsdrv.sys [41120 2015-08-17] () R5 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] (Microsoft Corporation) R5 storflt; C:\Windows\System32\drivers\vmstorfl.sys [40704 2010-11-20] (Microsoft Corporation) R5 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [156144 2014-09-10] (Beijing Rising Information Technology Co., Ltd.) R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1290112 2010-11-20] (Microsoft Corporation) R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] (Microsoft Corporation) R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] (Microsoft Corporation) R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Microsoft Corporation) R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] (Microsoft Corporation) R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] (Microsoft Corporation) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2015-07-15] (Kaspersky Lab ZAO) S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-21 21:20 - 2015-08-21 21:21 - 00022633 _____ C:\Users\Gigi\Downloads\FRST.txt 2015-08-21 21:18 - 2015-08-21 21:20 - 00000000 ____D C:\FRST 2015-08-21 21:17 - 2015-08-21 21:17 - 01677824 _____ (Farbar) C:\Users\Gigi\Downloads\FRST.exe 2015-08-21 21:04 - 2015-08-21 21:04 - 00001091 _____ C:\Users\Gigi\Desktop\Continue Live Installation.lnk 2015-08-21 20:23 - 2015-08-21 20:23 - 00000948 _____ C:\Users\Gigi\Desktop\firefox — skrót.lnk 2015-08-21 19:20 - 2015-08-21 19:20 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\ppslog 2015-08-21 19:20 - 2015-08-21 19:20 - 00000000 ____D C:\Users\Gigi\.android 2015-08-21 19:09 - 2015-08-21 19:09 - 00000073 _____ C:\Windows\wininit.ini 2015-08-21 19:04 - 2015-08-21 19:04 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-08-21 19:04 - 2015-08-21 19:04 - 00000000 ____D C:\Program Files\CCleaner 2015-08-21 19:03 - 2015-08-21 19:03 - 06609608 _____ (Piriform Ltd) C:\Users\Gigi\Downloads\ccsetup508.exe 2015-08-21 19:01 - 2015-08-21 19:02 - 00865000 _____ (Application Installer generic ) C:\Users\Gigi\Downloads\CCleaner-13061-dp.exe 2015-08-21 18:41 - 2015-08-21 19:01 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job 2015-08-21 18:41 - 2015-08-21 18:44 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job 2015-08-21 18:41 - 2015-08-21 18:44 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job 2015-08-21 18:39 - 2015-08-21 20:41 - 00001020 _____ C:\Windows\Tasks\LiK26z0jjKaDazIRD9Tvx1zR4j.job 2015-08-21 18:38 - 2015-08-21 18:39 - 00000000 ____D C:\Users\Gigi\AppData\Local\SysassistByHotWheel 2015-08-21 18:38 - 2015-08-21 18:38 - 00613255 _____ (CMI Limited) C:\Users\Gigi\AppData\Local\nss99B9.tmp 2015-08-21 18:38 - 2015-08-21 18:38 - 00000000 __SHD C:\Users\Gigi\AppData\Roaming\AnyProtectEx 2015-08-21 18:38 - 2015-08-21 18:38 - 00000000 ____D C:\Users\Gigi\AppData\Local\Unity 2015-08-21 18:37 - 2015-08-21 20:37 - 00000000 ____D C:\ProgramData\IQIYI Video 2015-08-21 18:37 - 2015-08-21 20:37 - 00000000 ____D C:\IQIYI Video 2015-08-21 18:37 - 2015-08-21 19:23 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\IQIYI Video 2015-08-21 18:37 - 2015-08-21 18:37 - 00000000 ____D C:\Users\Public\QiYi 2015-08-21 18:35 - 2015-08-21 18:35 - 00000000 ____D C:\Program Files\baidu 2015-08-21 18:33 - 2015-08-21 18:33 - 00000000 ____D C:\Program Files\Common Files\brmpckpp 2015-08-21 18:27 - 2015-08-21 20:43 - 00000000 ____D C:\ProgramData\update 2015-08-21 18:26 - 2015-08-21 18:27 - 00000000 ____D C:\ProgramData\2WinManPro2 2015-08-21 18:26 - 2015-08-21 18:27 - 00000000 ____D C:\Program Files\MiniLite 2015-08-17 17:35 - 2015-08-17 17:35 - 00262144 _____ C:\Windows\system32\config\elam 2015-08-17 17:30 - 2015-08-17 17:30 - 00001428 _____ C:\Users\Gigi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-17 17:25 - 2015-08-21 19:29 - 00000000 ____D C:\Program Files\gmsd_pl_005010062 2015-08-17 17:24 - 2015-08-17 17:24 - 00298118 __RSH C:\WHRZJ 2015-08-17 17:24 - 2015-08-17 17:24 - 00000000 ____D C:\ProgramData\pWinManProp 2015-08-17 17:24 - 2015-08-17 17:24 - 00000000 _____ C:\Windows\prleth.sys 2015-08-17 17:24 - 2015-08-17 17:24 - 00000000 _____ C:\Windows\hgfs.sys 2015-08-17 17:23 - 2015-08-21 20:12 - 00000000 ____D C:\Users\Gigi\AppData\Local\SmartWeb 2015-08-17 17:23 - 2015-08-17 17:23 - 00000217 _____ C:\task.vbs 2015-08-17 17:23 - 2015-08-17 17:23 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\mystartsearch 2015-08-17 17:22 - 2015-08-21 19:10 - 00000000 ____D C:\Program Files\WordSurfer_1.10.0.19 2015-08-17 17:19 - 2015-08-21 21:19 - 00003430 _____ C:\Windows\Tasks\a898711e-247c-46c3-b277-99f4d61cc845-1-6.job 2015-08-17 17:19 - 2015-08-21 21:19 - 00003110 _____ C:\Windows\Tasks\94363665-e5b2-46a4-9537-931b64f22070-1-6.job 2015-08-17 17:19 - 2015-08-21 20:41 - 00004466 _____ C:\Windows\Tasks\94363665-e5b2-46a4-9537-931b64f22070-4.job 2015-08-17 17:19 - 2015-08-21 20:41 - 00004450 _____ C:\Windows\Tasks\a898711e-247c-46c3-b277-99f4d61cc845-4.job 2015-08-17 17:19 - 2015-08-21 20:41 - 00003774 _____ C:\Windows\Tasks\a898711e-247c-46c3-b277-99f4d61cc845-1-7.job 2015-08-17 17:19 - 2015-08-21 20:41 - 00003110 _____ C:\Windows\Tasks\94363665-e5b2-46a4-9537-931b64f22070-1-7.job 2015-08-17 17:19 - 2015-08-21 20:41 - 00002746 _____ C:\Windows\Tasks\a898711e-247c-46c3-b277-99f4d61cc845-5_user.job 2015-08-17 17:19 - 2015-08-21 20:41 - 00002746 _____ C:\Windows\Tasks\a898711e-247c-46c3-b277-99f4d61cc845-5.job 2015-08-17 17:19 - 2015-08-21 20:41 - 00002418 _____ C:\Windows\Tasks\94363665-e5b2-46a4-9537-931b64f22070-5_user.job 2015-08-17 17:19 - 2015-08-21 20:41 - 00002418 _____ C:\Windows\Tasks\94363665-e5b2-46a4-9537-931b64f22070-5.job 2015-08-17 17:18 - 2015-08-21 20:41 - 00005140 _____ C:\Windows\Tasks\a898711e-247c-46c3-b277-99f4d61cc845-11.job 2015-08-17 17:18 - 2015-08-21 20:41 - 00004812 _____ C:\Windows\Tasks\94363665-e5b2-46a4-9537-931b64f22070-11.job 2015-08-17 17:18 - 2015-08-21 20:12 - 00000000 ____D C:\Program Files\Common Files\ShopperPro 2015-08-17 17:18 - 2015-08-21 19:29 - 00000000 ____D C:\Program Files\Object Browser 2015-08-17 17:18 - 2015-08-21 19:29 - 00000000 ____D C:\Program Files\iWebar 2015-08-17 17:18 - 2015-08-17 17:20 - 00000000 ____D C:\Users\Gigi\AppData\Local\BrowserHelper 2015-08-17 17:18 - 2015-08-17 17:18 - 00000000 ____D C:\Users\Gigi\Documents\ËŃşüÓ°Ňô 2015-08-17 17:17 - 2015-08-21 19:26 - 00000000 ____D C:\Program Files\ShopperPro 2015-08-17 17:17 - 2015-08-17 17:18 - 00000000 ____D C:\ProgramData\ShopperPro 2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\Users\Public\Documents\ShopperPro 2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader 2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\Users\Gigi\AppData\Local\Temp尰 2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\Users\Gigi\AppData\Local\CrashRpt 2015-08-17 17:17 - 2015-08-17 17:17 - 00000000 ____D C:\Program Files\YTDownloader 2015-08-17 17:16 - 2015-08-17 17:16 - 00000132 __RSH C:\rising.ini 2015-08-17 17:16 - 2015-08-17 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System 2015-08-17 17:16 - 2014-09-10 08:11 - 00156144 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-08-17 17:16 - 2014-08-15 03:22 - 00058664 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-08-17 17:16 - 2014-05-14 04:02 - 00068376 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\kguard.sys 2015-08-17 17:16 - 2012-02-29 09:49 - 00010808 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-08-17 17:15 - 2015-08-21 19:08 - 00000000 ____D C:\Program Files\fr 2015-08-17 17:15 - 2015-08-17 17:16 - 00000000 ____D C:\ProgramData\Rising 2015-08-17 17:15 - 2015-08-17 17:16 - 00000000 ____D C:\ProgramData\FWinManProF 2015-08-17 17:15 - 2015-08-17 17:16 - 00000000 ____D C:\Program Files\Rising 2015-08-17 17:15 - 2015-08-17 17:15 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\istartsurf 2015-08-17 17:15 - 2014-05-28 09:37 - 00024120 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\protreg.sys 2015-08-17 17:14 - 2015-08-21 19:29 - 00000000 ____D C:\Program Files\ospd_us_013010062 2015-08-17 17:14 - 2015-08-21 18:02 - 00000000 ____D C:\Program Files\igfx32 2015-08-17 17:14 - 2015-08-17 17:14 - 00000187 _____ C:\Users\Gigi\AppData\Local\Highdom.exe.config 2015-08-17 17:13 - 2015-08-21 21:13 - 00003106 _____ C:\Windows\Tasks\90f2022c-6055-4545-b1d2-336d7d0b7c7e-1-6.job 2015-08-17 17:13 - 2015-08-21 21:13 - 00002080 _____ C:\Windows\Tasks\90f2022c-6055-4545-b1d2-336d7d0b7c7e-10_user.job 2015-08-17 17:13 - 2015-08-21 20:41 - 00004808 _____ C:\Windows\Tasks\90f2022c-6055-4545-b1d2-336d7d0b7c7e-11.job 2015-08-17 17:13 - 2015-08-21 20:41 - 00004126 _____ C:\Windows\Tasks\90f2022c-6055-4545-b1d2-336d7d0b7c7e-4.job 2015-08-17 17:13 - 2015-08-21 20:41 - 00003106 _____ C:\Windows\Tasks\90f2022c-6055-4545-b1d2-336d7d0b7c7e-1-7.job 2015-08-17 17:13 - 2015-08-21 20:41 - 00002414 _____ C:\Windows\Tasks\90f2022c-6055-4545-b1d2-336d7d0b7c7e-5_user.job 2015-08-17 17:13 - 2015-08-21 20:41 - 00002414 _____ C:\Windows\Tasks\90f2022c-6055-4545-b1d2-336d7d0b7c7e-5.job 2015-08-17 17:13 - 2015-08-21 20:41 - 00000956 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-08-17 17:13 - 2015-08-21 20:40 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-08-17 17:13 - 2015-08-21 19:29 - 00000000 ____D C:\Program Files\SavePass 1.1 2015-08-17 17:13 - 2015-08-21 18:42 - 00000960 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-08-17 17:13 - 2015-08-17 17:35 - 00000000 ____D C:\Users\Gigi\AppData\Local\DE813BDB-1439831621-7562-B700-90E6BA060873 2015-08-17 17:13 - 2015-08-17 17:13 - 00000000 ____D C:\Users\Gigi\AppData\Local\globalUpdate 2015-08-17 17:13 - 2015-08-17 17:13 - 00000000 ____D C:\Program Files\globalUpdate 2015-08-17 17:13 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-08-17 17:12 - 2015-08-21 18:43 - 00000000 ____D C:\Program Files\DE813BDB-1439824367-7562-B700-90E6BA060873 2015-08-17 17:12 - 2015-08-17 17:12 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\Opera Software 2015-08-17 17:12 - 2015-08-17 17:12 - 00000000 ____D C:\Users\Gigi\AppData\Local\Opera Software 2015-08-17 17:11 - 2015-08-21 18:02 - 00000000 ____D C:\Program Files\Opera 2015-08-17 17:10 - 2015-08-17 17:20 - 00000000 ____D C:\Program Files\Windows 7 Activator 2015-08-17 16:36 - 2015-08-17 16:36 - 00000000 ____D C:\Users\Gigi\AppData\Local\CEF 2015-08-17 16:22 - 2015-08-17 16:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-08-17 16:22 - 2015-08-17 16:25 - 00000000 ____D C:\ProgramData\Adobe 2015-08-17 16:22 - 2015-08-17 16:22 - 00002024 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-08-17 16:22 - 2015-08-17 16:22 - 00000000 ____D C:\Program Files\Adobe 2015-08-13 18:16 - 2015-08-13 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-13 18:16 - 2015-08-13 18:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-13 18:11 - 2015-08-13 18:15 - 07018720 _____ (Microsoft Corporation) C:\Users\Gigi\Downloads\Silverlight.exe 2015-08-10 20:25 - 2015-08-21 20:41 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-07-25 07:33 - 2015-07-25 07:33 - 00000000 ____D C:\elearn 2015-07-25 07:32 - 2015-07-25 07:32 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images 2015-07-25 07:23 - 2015-07-25 07:23 - 00000000 ____D C:\Program Files\DAEMON Tools Toolbar 2015-07-25 07:22 - 2015-07-25 07:23 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-07-25 07:22 - 2015-07-25 07:22 - 00232512 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2015-07-25 07:22 - 2015-07-25 07:22 - 00001903 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2015-07-25 07:21 - 2015-07-25 07:23 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\DAEMON Tools Lite 2015-07-25 07:21 - 2015-07-25 07:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2015-07-22 21:39 - 2015-08-17 16:22 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-07-22 21:39 - 2015-07-22 21:39 - 00000603 _____ C:\Users\Gigi\Desktop\eLearn.lnk 2015-07-22 21:39 - 2015-07-22 21:39 - 00000000 ____D C:\Windows\system32\Adobe 2015-07-22 21:39 - 2015-07-22 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLearn 2015-07-22 21:39 - 2001-10-26 23:16 - 00016384 _____ C:\Windows\system32\FileOps.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-21 21:05 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-21 21:05 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-21 20:51 - 2015-07-13 21:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-21 20:49 - 2015-07-13 21:31 - 00687812 _____ C:\Windows\system32\perfh015.dat 2015-08-21 20:49 - 2015-07-13 21:31 - 00131366 _____ C:\Windows\system32\perfc015.dat 2015-08-21 20:49 - 2010-11-20 23:01 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-21 20:44 - 2015-07-13 20:17 - 00859050 _____ C:\Windows\WindowsUpdate.log 2015-08-21 20:41 - 2015-07-15 18:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-08-21 20:41 - 2015-07-13 20:51 - 00109216 _____ C:\Users\Gigi\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-21 20:40 - 2010-11-20 23:48 - 00029766 _____ C:\Windows\PFRO.log 2015-08-21 20:40 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-21 20:40 - 2009-07-14 06:39 - 00027053 _____ C:\Windows\setupact.log 2015-08-21 20:40 - 2009-07-14 06:33 - 00407824 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-21 19:20 - 2015-07-14 05:32 - 00000000 ____D C:\Users\Gigi 2015-08-21 18:37 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2015-08-17 17:17 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System 2015-08-17 16:23 - 2015-07-15 20:27 - 00000000 ____D C:\Users\Gigi\AppData\Local\Adobe 2015-08-17 16:23 - 2015-07-13 21:23 - 00000000 ____D C:\Users\Gigi\AppData\Roaming\Adobe 2015-08-14 11:27 - 2015-07-13 21:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-13 19:53 - 2015-07-13 21:23 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-13 19:53 - 2015-07-13 21:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Gigi\AppData\Roaming\LiK26z0jjKaDazIRD9Tvx1zR4j 2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Gigi\AppData\Roaming\LiK26z0jjKaDazIRD9Tvx1zR4j.exe 2015-08-17 17:14 - 2015-08-17 17:14 - 0000187 _____ () C:\Users\Gigi\AppData\Local\Highdom.exe.config 2015-08-21 18:38 - 2015-08-21 18:38 - 0613255 _____ (CMI Limited) C:\Users\Gigi\AppData\Local\nss99B9.tmp Some files in TEMP: ==================== C:\Users\Gigi\AppData\Local\Temp\1078.exe C:\Users\Gigi\AppData\Local\Temp\1620.exe C:\Users\Gigi\AppData\Local\Temp\293.exe C:\Users\Gigi\AppData\Local\Temp\360Inst_sohuyy.exe C:\Users\Gigi\AppData\Local\Temp\4494.exe C:\Users\Gigi\AppData\Local\Temp\740.exe C:\Users\Gigi\AppData\Local\Temp\genteert.dll C:\Users\Gigi\AppData\Local\Temp\InstHelper.exe C:\Users\Gigi\AppData\Local\Temp\IQIYIsetup_l_huayukeji@kb006.exe C:\Users\Gigi\AppData\Local\Temp\qqpcmgr_v10.10.16434.218_72488_Silence.exe C:\Users\Gigi\AppData\Local\Temp\qqpcmgr_v10.8.16208.227_71917_Silence.exe C:\Users\Gigi\AppData\Local\Temp\setup3.exe C:\Users\Gigi\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 20:14 ==================== End of log ============================