Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by Ziggy (administrator) on PC on 30-01-2015 12:03:16 Running from C:\Users\Ziggy\Desktop Loaded Profiles: Ziggy (Available profiles: Ziggy & Fendrepans0 & Fendrepans) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Angielski (Stany Zjednoczone) Internet Explorer Version 9 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (VMware, Inc.) D:\Program Files (x86)\VMware\vmware-authd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe () C:\Program Files (x86)\ScreenShooter\screenshooter.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe () C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe () C:\Program Files\Opera Next\27.0.1689.44\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Opera Software) C:\Program Files\Opera Next\27.0.1689.44\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-08-25] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1739480 2014-07-04] (Bitdefender) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2978129333-1637225295-611555160-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit) HKU\S-1-5-21-2978129333-1637225295-611555160-1000\...\Run: [screenshooter] => C:\Program Files (x86)\ScreenShooter\screenshooter.exe [606208 2010-09-03] () HKU\S-1-5-18\...\Run: [Agent Portfela Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-07-04] (Bitdefender) HKU\S-1-5-18\...\Run: [Portfel Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-07-04] (Bitdefender) HKU\S-1-5-18\...\Run: [Agent aplikacji Portfel Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-07-04] (Bitdefender) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) BootExecute: autocheck autochk * SmartDefragBootTime.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-2978129333-1637225295-611555160-1000] => 111.111.111.111:8080 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2978129333-1637225295-611555160-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2978129333-1637225295-611555160-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415050619&from=smt&uid=ST31000524AS_6VPBP3HKXXXX6VPBP3HK&q={searchTerms} SearchScopes: HKU\S-1-5-21-2978129333-1637225295-611555160-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415050619&from=smt&uid=ST31000524AS_6VPBP3HKXXXX6VPBP3HK&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Portfel Bitdefender -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Portfel Bitdefender -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{5CBE47E4-EC97-473B-9675-AD757AB0D083}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-07-04] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-07-04] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext Chrome: ======= CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1415050619&from=smt&uid=ST31000524AS_6VPBP3HKXXXX6VPBP3HK CHR StartupUrls: Default -> "hxxp://google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Ziggy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ziggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-01-04] CHR Extension: (Bitdefender Wallet) - C:\Users\Ziggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-07-17] CHR Extension: (Adblock Plus) - C:\Users\Ziggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-25] CHR Extension: (AdBlock) - C:\Users\Ziggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-25] CHR Extension: (Adblock for Pirate Bay) - C:\Users\Ziggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2014-08-25] CHR Extension: (Google Wallet) - C:\Users\Ziggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-03] CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-07-04] Opera: ======= StartMenuInternet: (HKLM) Operabeta - C:\Program Files\Opera Next\Launcher.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-29] (Perfect World Entertainment Inc) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-07-04] (Bitdefender) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-31] () R3 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender) R2 VMAuthdService; D:\Program Files (x86)\VMware\vmware-authd.exe [86744 2014-10-29] (VMware, Inc.) S2 VMwareHostd; D:\Program Files (x86)\VMware\vmware-hostd.exe [14407384 2014-10-29] () R2 vsserv; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2014-07-04] (Bitdefender) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-07-04] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-07-04] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2014-07-04] (BitDefender SRL) R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-03] (Disc Soft Ltd) S3 gdrv; No ImagePath R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-29] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.) S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-10-29] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) S3 WinRing0_1_2_0; No ImagePath S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 12:03 - 2015-01-30 12:03 - 00023118 _____ () C:\Users\Ziggy\Desktop\FRST.txt 2015-01-30 11:57 - 2015-01-30 12:03 - 00000000 ____D () C:\FRST 2015-01-30 11:57 - 2015-01-30 11:57 - 02130432 _____ (Farbar) C:\Users\Ziggy\Desktop\FRST64.exe 2015-01-30 11:57 - 2015-01-30 11:57 - 00368705 _____ () C:\Users\Ziggy\Downloads\gm.zip 2015-01-30 11:50 - 2015-01-30 11:50 - 00000168 _____ () C:\Windows\setupact.log 2015-01-30 11:50 - 2015-01-30 11:50 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-30 11:49 - 2015-01-30 11:49 - 00002420 _____ () C:\Windows\PFRO.log 2015-01-29 22:52 - 2015-01-29 23:02 - 00000000 ____D () C:\Users\Ziggy\Downloads\WContig 2015-01-29 20:51 - 2015-01-29 20:51 - 00001146 _____ () C:\Users\Ziggy\Desktop\CrystalDiskInfo.lnk 2015-01-29 20:51 - 2015-01-29 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2015-01-29 20:51 - 2015-01-29 20:51 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2015-01-29 20:49 - 2015-01-29 20:50 - 03014272 _____ (Crystal Dew World ) C:\Users\Ziggy\Downloads\CrystalDiskInfo6_3_0-en.exe 2015-01-29 17:22 - 2015-01-29 17:22 - 00000000 ____D () C:\Users\Ziggy\Downloads\ccsetup502 2015-01-29 17:09 - 2015-01-29 17:10 - 05834513 _____ () C:\Users\Ziggy\Downloads\ccsetup502.zip 2015-01-29 14:32 - 2015-01-29 14:32 - 00003820 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422538376 2015-01-29 14:32 - 2015-01-29 14:32 - 00001095 _____ () C:\Users\Public\Desktop\Opera.lnk 2015-01-29 14:32 - 2015-01-29 14:32 - 00001095 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-01-29 14:29 - 2015-01-30 11:55 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-29 14:28 - 2015-01-29 14:28 - 00713168 _____ (Opera Software) C:\Users\Fendrepans0\Downloads\Opera_NI_stable.exe 2015-01-28 22:01 - 2015-01-28 22:01 - 00000000 ____D () C:\ProgramData\Auslogics 2015-01-25 20:29 - 2015-01-25 21:13 - 00000000 ____D () C:\Users\Ziggy\AppData\Roaming\LeagueSharp 2015-01-25 08:47 - 2015-01-25 08:47 - 00018648 _____ () C:\Users\Fendrepans0\Downloads\Burnout.Legends - PlayStation.Portable.torrent 2015-01-25 08:46 - 2015-01-25 08:46 - 00031267 _____ () C:\Users\Fendrepans0\Downloads\[www.tnt24.info] Burnout Dominator USA PSP-pSyPSP.torrent 2015-01-25 08:45 - 2015-01-25 08:45 - 00026915 _____ () C:\Users\Fendrepans0\Downloads\[www.tnt24.info] Burnout Dominator [PSP] [ISO] [ENG].torrent 2015-01-25 08:33 - 2015-01-25 08:33 - 05584725 _____ () C:\Users\Fendrepans0\Downloads\TerrariaTestRelease02.rar 2015-01-23 06:57 - 2015-01-23 06:57 - 00000000 ____H () C:\asc_rdflag 2015-01-18 08:56 - 2015-01-18 08:56 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Roaming\Need for Speed World 2015-01-17 18:07 - 2015-01-17 18:07 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Local\Electronic_Arts_Inc 2015-01-17 11:00 - 2015-01-17 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed World 2015-01-14 13:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 06:51 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 06:51 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 06:51 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 06:51 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 06:51 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 06:51 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 06:51 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 06:51 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 06:51 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 06:51 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 06:51 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 06:51 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-09 16:09 - 2015-01-09 16:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-01-08 15:31 - 2015-01-08 15:31 - 00464075 _____ () C:\Users\Fendrepans0\Desktop\k2.jpeg 2015-01-06 07:44 - 2015-01-06 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition 2015-01-05 14:46 - 2015-01-05 14:46 - 00000000 ____D () C:\Users\Ziggy\AppData\Roaming\TERA 2015-01-05 14:43 - 2015-01-26 21:44 - 00000000 ____D () C:\Users\Ziggy\Downloads\Gameforge Live 2015-01-05 13:47 - 2015-01-05 13:49 - 20201072 _____ (Gameforge ) C:\Users\Ziggy\Downloads\TERA_GameforgeLiveSetup.exe 2015-01-05 10:50 - 2015-01-05 10:50 - 00067543 _____ () C:\Users\Fendrepans0\Downloads\poczekalnia.htm 2015-01-05 07:30 - 2015-01-05 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2015-01-05 07:20 - 2015-01-05 07:21 - 03099552 _____ (Blizzard Entertainment) C:\Users\Fendrepans0\Downloads\Hearthstone-Setup-enGB.exe 2015-01-04 20:05 - 2015-01-04 20:06 - 00000005 _____ () C:\Users\Fendrepans0\Desktop\New Text Document.txt 2015-01-02 18:20 - 2015-01-05 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps 2015-01-02 18:18 - 2015-01-02 18:19 - 05063653 _____ () C:\Users\Fendrepans0\Downloads\Fraps 3.5.9 Full.rar 2015-01-02 18:15 - 2015-01-02 18:15 - 02886452 _____ () C:\Users\Fendrepans0\Downloads\Fraps 3.5.9.rar 2015-01-01 21:37 - 2015-01-01 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2 2015-01-01 18:33 - 2015-01-01 18:33 - 00000000 ____D () C:\Users\Ziggy\Documents\Battlefield 3 2015-01-01 18:28 - 2015-01-01 18:28 - 00000000 ____D () C:\Users\Ziggy\AppData\Local\ESN 2014-12-31 09:40 - 2014-12-31 09:40 - 00000000 ____D () C:\Users\Fendrepans0\Documents\Battlefield 3 2014-12-31 09:40 - 2014-12-31 09:40 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Local\PunkBuster 2014-12-31 09:39 - 2014-12-31 09:39 - 01534736 _____ () C:\Users\Fendrepans0\Downloads\battlelog-web-plugins_2.6.2_154.exe 2014-12-31 09:39 - 2014-12-31 09:39 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Local\ESN 2014-12-31 09:39 - 2014-12-31 09:39 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-12-31 09:36 - 2014-12-31 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 2014-12-31 09:36 - 2014-12-31 09:36 - 00000000 ____D () C:\ProgramData\EA Core ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 11:57 - 2014-07-03 19:54 - 01788579 _____ () C:\Windows\WindowsUpdate.log 2015-01-30 11:56 - 2009-07-14 05:45 - 00028544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-30 11:56 - 2009-07-14 05:45 - 00028544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-30 11:50 - 2014-07-08 20:03 - 00000000 ____D () C:\ProgramData\VMware 2015-01-30 11:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-30 11:49 - 2014-07-03 14:50 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-29 22:59 - 2014-07-03 15:52 - 00000000 ____D () C:\ProgramData\Origin 2015-01-29 22:52 - 2014-07-03 21:24 - 00000000 ____D () C:\Users\Ziggy\AppData\Local\CrashDumps 2015-01-29 21:07 - 2014-12-07 15:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-29 20:51 - 2014-08-24 20:16 - 00000408 _____ () C:\Windows\system32\checkdnsid.xml 2015-01-29 20:14 - 2014-10-22 17:25 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-29 16:53 - 2014-07-20 07:06 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Roaming\Skype 2015-01-29 16:26 - 2014-07-11 11:18 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-01-29 16:26 - 2014-07-11 11:18 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-01-29 16:26 - 2014-07-11 11:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2015-01-29 15:59 - 2014-10-28 13:55 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Local\Battle.net 2015-01-29 14:23 - 2014-09-22 15:13 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Roaming\ipla 2015-01-29 14:23 - 2014-07-05 15:05 - 00000000 ____D () C:\Users\Ziggy\AppData\Roaming\uTorrent 2015-01-28 22:41 - 2014-07-23 06:15 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Local\CrashDumps 2015-01-28 22:41 - 2014-07-22 10:40 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Roaming\.minecraft 2015-01-28 22:41 - 2014-07-03 16:22 - 00000000 ____D () C:\Windows\pss 2015-01-28 22:00 - 2014-07-03 22:08 - 00781312 _____ () C:\Windows\system32\perfh015.dat 2015-01-28 22:00 - 2014-07-03 22:08 - 00170322 _____ () C:\Windows\system32\perfc015.dat 2015-01-28 22:00 - 2009-07-14 06:13 - 01758938 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-28 17:18 - 2014-07-03 19:31 - 00000000 ____D () C:\Users\Ziggy\AppData\Roaming\Opera Software 2015-01-28 17:18 - 2014-07-03 19:31 - 00000000 ____D () C:\Users\Ziggy\AppData\Local\Opera Software 2015-01-28 17:16 - 2014-07-24 13:12 - 00000000 ____D () C:\Users\Ziggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo 2015-01-27 14:30 - 2014-07-29 20:00 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Roaming\Origin 2015-01-26 13:45 - 2014-07-03 21:48 - 00000000 ____D () C:\ProgramData\ProductData 2015-01-25 21:50 - 2014-09-18 17:28 - 00000000 ____D () C:\Users\Ziggy\AppData\Local\LeagueSharp 2015-01-25 14:49 - 2014-07-03 19:48 - 00000000 ___RD () C:\Users\Ziggy\Desktop\  2015-01-23 13:42 - 2014-09-22 15:13 - 00000000 ____D () C:\ProgramData\ipla 2015-01-23 06:57 - 2014-07-16 16:26 - 78823424 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2015-01-23 06:57 - 2014-07-16 16:26 - 53411840 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak 2015-01-23 06:57 - 2014-07-16 16:26 - 00278528 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2015-01-23 06:57 - 2014-07-16 16:26 - 00102400 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2015-01-23 06:57 - 2014-07-16 16:26 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2015-01-22 16:00 - 2014-10-22 18:26 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2015-01-17 19:12 - 2014-12-17 16:41 - 00000000 ____D () C:\Users\Fendrepans0\Documents\FIFA World 2015-01-17 13:37 - 2014-07-04 05:38 - 00000000 ____D () C:\Windows.old 2015-01-17 11:00 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-15 07:24 - 2014-07-03 21:55 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 07:17 - 2014-07-03 21:55 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 07:15 - 2014-12-14 12:19 - 00000000 ____D () C:\Users\Fendrepans0\Desktop\Moje skiny 2015-01-14 13:59 - 2014-08-26 11:06 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409047593 2015-01-14 13:59 - 2014-08-26 11:06 - 00000000 ____D () C:\Program Files\Opera Next 2015-01-10 20:33 - 2014-12-27 13:04 - 00000000 ____D () C:\Users\Ziggy\AppData\Roaming\CodeBlocks 2015-01-09 16:11 - 2014-08-26 20:07 - 00000000 ____D () C:\Users\Ziggy\AppData\Local\Adobe 2015-01-09 16:10 - 2014-07-03 22:59 - 00000000 ____D () C:\Users\Ziggy\AppData\Roaming\Adobe 2015-01-09 16:09 - 2014-07-07 11:17 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-09 16:09 - 2014-07-03 14:26 - 00000000 ____D () C:\ProgramData\Google 2015-01-09 16:09 - 2014-07-03 14:25 - 00000000 ____D () C:\Users\Ziggy\AppData\Local\Google 2015-01-07 15:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-06 04:36 - 2014-10-09 19:01 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-05 14:46 - 2014-07-04 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2015-01-05 07:28 - 2014-10-28 13:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-01-04 13:06 - 2014-07-03 14:20 - 00000000 ____D () C:\Users\Ziggy 2015-01-03 13:19 - 2014-07-03 16:41 - 00000000 ____D () C:\ProgramData\Skype 2015-01-01 18:33 - 2014-07-05 19:26 - 00000000 ____D () C:\Users\Ziggy\AppData\Local\PunkBuster 2015-01-01 17:31 - 2014-09-05 14:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit 2015-01-01 17:31 - 2014-09-05 14:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit 2015-01-01 11:35 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-31 09:45 - 2014-07-11 11:17 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-12-31 09:36 - 2014-07-29 20:00 - 00000000 ____D () C:\Users\Fendrepans0\AppData\Local\Origin ==================== Files in the root of some directories ======= 2014-07-11 15:02 - 2014-10-15 13:02 - 0007604 _____ () C:\Users\Ziggy\AppData\Local\Resmon.ResmonCfg 2014-07-04 00:09 - 2014-07-04 00:09 - 0275020 _____ () C:\ProgramData\1404428700.bdinstall.bin 2014-07-04 00:10 - 2014-07-04 00:10 - 0061981 _____ () C:\ProgramData\1404428996.bdinstall.bin 2014-07-04 11:36 - 2014-07-04 11:36 - 0939019 _____ () C:\ProgramData\1404468294.bdinstall.bin 2014-07-04 11:38 - 2014-07-04 11:38 - 0061354 _____ () C:\ProgramData\1404470239.bdinstall.bin 2014-07-04 11:49 - 2014-07-04 11:49 - 0450890 _____ () C:\ProgramData\1404470626.bdinstall.bin 2014-07-29 13:26 - 2014-07-29 13:26 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-07-03 14:39 - 2014-07-03 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Fendrepans0\AppData\Local\Temp\ipl75EA.tmp.exe C:\Users\Fendrepans0\AppData\Local\Temp\ipl9C9C.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-27 21:48 ==================== End Of Log ============================