Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 01 Ran by eafae (administrator) on EQWDFWA on 15-04-2015 14:59:31 Running from C:\Users\eafae\Desktop\frst Loaded Profiles: eafae & UpdatusUser (Available profiles: eafae & UpdatusUser) Platform: Windows 8.1 Pro (X64) OS Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-08] (Power Software Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) HKU\S-1-5-21-4040340981-3488949422-2698820681-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-4040340981-3488949422-2698820681-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation) HKU\S-1-5-21-4040340981-3488949422-2698820681-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-4040340981-3488949422-2698820681-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4040340981-3488949422-2698820681-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp URLSearchHook: [S-1-5-21-4040340981-3488949422-2698820681-1002] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\S-1-5-21-4040340981-3488949422-2698820681-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] () R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.) R3 ip100Avista; C:\Windows\system32\DRIVERS\ipfnd51.sys [37888 2009-03-18] (IC Plus Corp. ) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 14:52 - 2015-04-15 14:52 - 00000000 _____ () C:\Users\eafae\Desktop\Nowy dokument tekstowy.txt 2015-04-15 14:46 - 2015-04-15 14:48 - 00000000 ____D () C:\ProgramData\68929000000011f8 2015-04-13 21:02 - 2015-04-13 21:02 - 00031985 _____ () C:\Users\eafae\Desktop\FRST.txt 2015-04-13 20:52 - 2015-04-15 14:59 - 00000000 ____D () C:\Users\eafae\Desktop\frst 2015-04-02 20:20 - 2015-04-02 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-04-02 20:20 - 2015-04-02 20:20 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-04-02 18:51 - 2015-04-02 18:51 - 00000000 ____D () C:\Users\eafae\AppData\Local\NVIDIA 2015-04-02 17:01 - 2006-06-21 17:43 - 110172804 _____ () C:\Users\eafae\Desktop\IntroTDU.bik 2015-04-02 16:56 - 2015-04-15 14:49 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics 2015-04-02 14:21 - 2015-04-02 17:23 - 00000000 ____D () C:\Users\eafae\Desktop\[R.G. Mechanics] Test Drive Unlimited Gold 2015-04-02 14:20 - 2015-04-02 14:20 - 00011802 _____ () C:\Users\eafae\Downloads\[kickass.to]test.drive.unlimited.gold.r.g.mechanics.torrent 2015-04-01 20:55 - 2015-04-01 20:55 - 00000123 _____ () C:\Windows\wininit.ini 2015-03-30 15:28 - 2015-03-30 15:28 - 00044296 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2015-03-29 17:14 - 2015-03-29 17:14 - 00001742 _____ () C:\Users\eafae\Desktop\Fallout3.exe — skrót.lnk 2015-03-29 16:57 - 2015-03-29 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace 2015-03-29 16:57 - 2015-03-29 16:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2015-03-29 16:54 - 2015-03-29 16:54 - 00642712 _____ (Microsoft Corporation) C:\Users\eafae\Downloads\gfwlivesetup.exe 2015-03-29 16:52 - 2015-04-15 14:50 - 00000000 ____D () C:\Users\eafae\Documents\My Games 2015-03-29 16:52 - 2015-03-29 16:52 - 00000000 ____D () C:\Users\eafae\AppData\Local\Fallout3 2015-03-29 16:43 - 2015-03-29 16:44 - 00055057 _____ () C:\Windows\DirectX.log 2015-03-29 16:43 - 2015-03-29 16:43 - 00000000 ____D () C:\Windows\SysWOW64\xlive 2015-03-29 16:40 - 2015-03-29 16:41 - 03429109 _____ () C:\Users\eafae\Downloads\Fallout_3_spolszczenie_napisy.rar 2015-03-29 16:36 - 2015-03-29 16:41 - 00000000 ____D () C:\Users\eafae\Desktop\f3 2015-03-29 12:24 - 2015-03-29 12:24 - 00009634 _____ () C:\Users\eafae\Downloads\Addition (1).txt 2015-03-28 19:19 - 2015-03-28 23:25 - 00000000 ____D () C:\Users\eafae\Downloads\Fallout 3 - Game of the Year Edition [Final]-RELOADED 2015-03-28 19:11 - 2015-03-28 19:15 - 00000000 ____D () C:\Users\eafae\Downloads\Fallout.3.Game.of.the.Year.Edition.GOTY.(Bethesda.Softworks)-WWW 2015-03-28 00:01 - 2015-03-28 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-03-28 00:01 - 2015-03-28 00:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-03-28 00:01 - 2015-03-28 00:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-03-27 23:58 - 2015-03-27 23:59 - 13087456 _____ (Microsoft Corporation) C:\Users\eafae\Downloads\Silverlight_x64.exe 2015-03-25 21:50 - 2015-03-25 21:50 - 00000000 ____D () C:\Users\eafae\AppData\Local\Activision 2015-03-25 21:00 - 2015-03-29 11:32 - 00002216 _____ () C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk 2015-03-25 21:00 - 2015-03-25 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision 2015-03-25 20:55 - 2015-03-25 20:55 - 00000000 ____D () C:\Program Files (x86)\Activision 2015-03-25 20:51 - 2015-03-25 21:32 - 56578224 _____ () C:\Users\eafae\Downloads\Spolszczenie do Call of Duty - Black Ops (1).rar 2015-03-25 20:45 - 2015-03-25 20:54 - 00000000 ____D () C:\Users\eafae\Desktop\cod bo 2015-03-25 20:44 - 2015-03-25 20:44 - 00000000 ____D () C:\Users\eafae\AppData\Roaming\PowerISO 2015-03-25 20:16 - 2015-03-25 20:16 - 00001023 _____ () C:\Users\Public\Desktop\PowerISO.lnk 2015-03-25 20:16 - 2015-03-25 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2015-03-25 20:16 - 2014-10-08 15:13 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys 2015-03-25 20:06 - 2015-03-25 20:16 - 02962832 _____ (Power Software Ltd) C:\Users\eafae\Downloads\PowerISO6.exe 2015-03-25 14:08 - 2015-04-02 18:31 - 00000000 ____D () C:\Users\eafae\AppData\Local\Unity 2015-03-25 14:08 - 2015-03-25 14:08 - 01088544 _____ (Unity Technologies ApS) C:\Users\eafae\Downloads\UnityWebPlayer.exe 2015-03-25 13:51 - 2015-03-25 16:41 - 00000000 ____D () C:\Users\eafae\Downloads\Call of Duty Black Ops-SKIDROW 2015-03-22 22:57 - 2015-03-22 22:57 - 00023776 _____ () C:\Users\eafae\Downloads\Addition.txt 2015-03-22 21:49 - 2015-04-15 14:56 - 00020724 _____ () C:\Windows\PFRO.log 2015-03-22 19:06 - 2015-03-22 19:06 - 00039238 _____ () C:\Users\eafae\Downloads\gemr.txt 2015-03-22 15:47 - 2015-03-22 15:47 - 00370943 _____ () C:\Users\eafae\Downloads\gmer.zip 2015-03-22 15:40 - 2015-04-15 14:59 - 00000000 ____D () C:\FRST 2015-03-22 15:39 - 2015-03-22 15:39 - 01135104 _____ (Farbar) C:\Users\eafae\Downloads\FRST.exe 2015-03-22 15:06 - 2015-03-22 15:06 - 00000385 _____ () C:\Windows\system32\user_gensett.xml 2015-03-22 15:06 - 2015-03-22 15:06 - 00000385 _____ () C:\Users\eafae\AppData\Roaminguser_gensett.xml 2015-03-22 15:05 - 2015-04-15 14:56 - 00009298 _____ () C:\Windows\setupact.log 2015-03-22 15:05 - 2015-03-22 15:05 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-22 15:05 - 2007-04-11 12:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll 2015-03-22 14:46 - 2015-03-22 14:46 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-03-22 14:46 - 2015-03-22 14:46 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-03-22 14:46 - 2015-03-22 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-03-22 14:46 - 2015-03-22 14:46 - 00000000 ____D () C:\Program Files\CCleaner 2015-03-22 14:40 - 2015-03-22 14:41 - 05325696 _____ (Piriform Ltd) C:\Users\eafae\Downloads\ccsetup503.exe 2015-03-22 14:30 - 2015-03-22 14:42 - 275921960 _____ () C:\Users\eafae\Downloads\bitdefender_av_18_32b.exe 2015-03-22 14:30 - 2015-03-22 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-21 15:18 - 2015-03-21 15:18 - 00000361 _____ () C:\Users\eafae\Downloads\SholeRecoilReducer.rar 2015-03-21 15:08 - 2015-03-21 15:09 - 02784484 _____ () C:\Users\eafae\Downloads\AutoHotkey112003_Install.exe 2015-03-18 17:44 - 2015-03-18 17:44 - 00006532 _____ () C:\Users\eafae\Downloads\items.rar ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-15 14:57 - 2015-01-29 17:22 - 00000000 ____D () C:\Users\eafae\AppData\Roaming\Skype 2015-04-15 14:57 - 2015-01-13 05:34 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-04-15 14:57 - 2015-01-13 05:15 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{31FC1C9C-7A86-47FF-81DD-80D814602890} 2015-04-15 14:56 - 2015-01-13 05:20 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-15 14:56 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-15 14:55 - 2015-01-12 09:47 - 01956197 _____ () C:\Windows\WindowsUpdate.log 2015-04-15 14:54 - 2015-01-12 09:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4040340981-3488949422-2698820681-1001 2015-04-14 19:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-13 20:58 - 2015-01-12 09:48 - 00001454 _____ () C:\Users\eafae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-13 20:56 - 2015-02-02 19:27 - 00000000 ____D () C:\Users\eafae\AppData\Local\LogMeIn Hamachi 2015-04-13 20:56 - 2015-01-21 18:55 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-04-13 20:55 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-04-13 20:55 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2015-04-13 20:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-11 21:52 - 2015-01-13 08:37 - 00000000 ____D () C:\ProgramData\Origin 2015-04-02 20:20 - 2015-02-02 19:27 - 00000938 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2015-04-02 18:51 - 2015-01-27 22:19 - 00000000 ____D () C:\Users\eafae\AppData\Roaming\uTorrent 2015-04-02 18:51 - 2015-01-13 05:19 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-04-02 17:31 - 2015-01-12 09:48 - 00000000 ____D () C:\Users\eafae\AppData\Local\VirtualStore 2015-04-02 16:35 - 2015-01-14 09:50 - 00805892 _____ () C:\Windows\system32\perfh015.dat 2015-04-02 16:35 - 2015-01-14 09:50 - 00163272 _____ () C:\Windows\system32\perfc015.dat 2015-04-02 16:35 - 2014-03-18 12:02 - 01825074 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-30 23:42 - 2015-02-08 19:09 - 00000000 ____D () C:\Users\eafae\AppData\Roaming\TS3Client 2015-03-29 13:30 - 2015-01-12 09:48 - 00000000 ____D () C:\Users\eafae 2015-03-26 00:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-03-25 20:16 - 2015-01-13 05:29 - 00000000 ____D () C:\Program Files (x86)\PowerISO 2015-03-22 15:00 - 2015-01-12 09:39 - 00000000 ____D () C:\Windows\Panther 2015-03-22 14:32 - 2015-02-21 11:47 - 00000000 ____D () C:\Program Files (x86)\The Witcher 2 2015-03-22 14:32 - 2015-01-14 20:36 - 00000000 ____D () C:\Users\eafae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-03-22 14:15 - 2014-03-18 11:43 - 00000000 ____D () C:\Windows\ShellNew 2015-03-22 14:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-03-22 14:10 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-17 20:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-13 21:27 ==================== End Of Log ============================