Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016 Ran by STEVE (administrator) on STEVE-PC (29-06-2016 12:34:03) Running from C:\Users\STEVE\Desktop\FRST Loaded Profiles: STEVE (Available Profiles: STEVE) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-24] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1169880 2014-09-03] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8897712 2016-06-25] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [Dare-U Keyboard] => C:\Program Files (x86)\Gaming Keyboard\Monitor.exe [745472 2013-05-15] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.) HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation) HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2197288 2015-01-20] (Palit Microsystems Ltd.) HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\...\MountPoints2: E - E:\setup.exe HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\...\MountPoints2: {12e4d83c-2c69-11e5-b4e7-d8cb8a523c54} - E:\setup.exe HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\...\MountPoints2: {57b05f45-969e-11e5-91be-d8cb8a523c54} - E:\Setup.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-25] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-06-24] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254 Tcpip\..\Interfaces\{ACCC225D-8D55-4C9A-B638-25C2783327FE}: [DhcpNameServer] 37.8.214.2 31.11.202.254 Tcpip\..\Interfaces\{D45B56E5-110C-49FD-9EA6-8B33FEB09C06}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-25] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-26] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-25] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-26] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\xdt2bnbq.default-1457814960153 FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-20] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-20] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3752283675-2823485076-2424835410-1000: @my.com/Games -> C:\Users\STEVE\AppData\Local\MyComGames\NPMyComDetector.dll [2016-04-14] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-3752283675-2823485076-2424835410-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\STEVE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS) FF Extension: Browser-Security - C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\xdt2bnbq.default-1457814960153\Extensions\firefox@browser-security.de.xpi [2016-06-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-25] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-25] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-24] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-24] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-06-25] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-04-07] () S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-12-26] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-05-02] (NVIDIA Corporation) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-03-27] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [386560 2015-02-05] (Rivet Networks) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-29] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-05-29] () S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [800208 2015-08-27] (Tunngle.net GmbH) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-25] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-06-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-25] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-06-27] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-06-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-06-25] (AVAST Software) R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [100400 2015-01-29] (Rivet Networks, LLC.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-30] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2015-11-30] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] () R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2014-03-27] (Qualcomm Atheros, Inc.) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-28 12:10 - 2016-06-28 12:33 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\Running with rifles 2016-06-25 17:57 - 2016-06-29 12:24 - 00000000 ____D C:\Users\STEVE\Desktop\FRST 2016-06-25 17:45 - 2016-06-29 12:34 - 00000000 ____D C:\FRST 2016-06-25 17:28 - 2016-06-25 17:28 - 160871320 _____ C:\Users\STEVE\Downloads\Emsisoft Emergency Kit 10.0.0.5488 [1].exe 2016-06-25 17:28 - 2016-06-25 17:28 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\Browser-Security 2016-06-25 16:41 - 2016-06-25 16:41 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-06-25 16:41 - 2016-06-25 16:41 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-06-25 16:41 - 2016-06-25 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-25 16:41 - 2016-06-25 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-25 16:40 - 2016-06-25 16:40 - 00242328 _____ C:\Users\STEVE\Downloads\Firefox Setup Stub 47.0.exe 2016-06-25 16:29 - 2016-06-25 16:29 - 06995720 _____ (Piriform Ltd) C:\Users\STEVE\Downloads\ccsetup519 (1).exe 2016-06-25 15:26 - 2016-06-25 15:26 - 06995720 _____ (Piriform Ltd) C:\Users\STEVE\Downloads\ccsetup519.exe 2016-06-25 15:20 - 2016-06-25 15:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-06-25 15:19 - 2016-06-25 15:20 - 22851472 _____ (Malwarebytes ) C:\Users\STEVE\Downloads\mbam-setup-2.2.1.1043.exe 2016-06-25 15:04 - 2016-06-25 15:04 - 03703360 _____ C:\Users\STEVE\Downloads\adwcleaner.pl 5.200.exe 2016-06-25 15:02 - 2016-06-25 15:02 - 00987328 _____ ( ) C:\Users\STEVE\Downloads\Emsisoft Emergency Kit 10.0.0.5488.exe 2016-06-25 14:11 - 2016-06-25 17:47 - 00037610 _____ C:\Users\STEVE\Downloads\FRST.txt 2016-06-25 09:41 - 2016-06-25 09:41 - 00007416 _____ C:\Users\STEVE\Desktop\zakładki.html 2016-06-25 09:41 - 2016-06-25 09:41 - 00000575 _____ C:\Users\STEVE\Desktop\zakładki.lnk 2016-06-25 02:13 - 2016-06-25 17:04 - 00001165 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-06-25 02:13 - 2016-06-25 02:13 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1466813623 2016-06-25 02:13 - 2016-06-25 02:13 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-06-25 02:11 - 2016-06-25 02:11 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-06-25 02:11 - 2016-06-25 02:10 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-06-25 02:10 - 2016-06-25 02:10 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-06-24 23:49 - 2016-06-24 23:49 - 00000000 _____ C:\autoexec.bat 2016-06-24 23:40 - 2016-06-25 16:34 - 00000000 ____D C:\AdwCleaner 2016-06-24 23:39 - 2016-06-24 23:39 - 03703360 _____ C:\Users\STEVE\Downloads\adwcleaner_5.200.exe 2016-06-18 14:18 - 2016-06-18 14:18 - 00000000 ____D C:\ProgramData\Gaijin 2016-06-12 20:39 - 2016-06-12 20:39 - 00000000 ____D C:\Users\STEVE\AppData\Local\UnrealEngine 2016-06-12 20:39 - 2016-06-12 20:39 - 00000000 ____D C:\Users\STEVE\AppData\Local\DeadByDaylight 2016-06-10 18:10 - 2016-06-10 18:10 - 00007505 _____ C:\Users\STEVE\AppData\Local\recently-used.xbel 2016-06-10 18:01 - 2011-04-26 20:27 - 00022624 _____ C:\Users\STEVE\Downloads\NFS_by_JLTV.ttf 2016-06-10 18:00 - 2016-06-10 18:00 - 00012185 _____ C:\Users\STEVE\Downloads\nfs_font.zip 2016-06-09 16:34 - 2016-06-09 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-06-09 16:34 - 2016-06-09 16:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2016-06-07 16:57 - 2016-06-07 16:58 - 57017640 _____ (Rockstar Games) C:\Users\STEVE\Downloads\Social Club Latest Setup.exe 2016-06-07 16:57 - 2016-06-07 16:57 - 19908928 _____ (Rockstar Games.) C:\Users\STEVE\Downloads\GTA_V_Launcher_1_0_757_3.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-29 12:34 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-29 12:34 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-29 12:30 - 2015-06-24 14:32 - 00000000 ____D C:\Program Files (x86)\Steam 2016-06-29 12:28 - 2015-10-11 21:31 - 00000000 ____D C:\Users\STEVE\AppData\Local\LogMeIn Hamachi 2016-06-29 12:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-29 12:25 - 2015-07-17 11:47 - 00000000 ____D C:\ProgramData\NVIDIA 2016-06-29 00:59 - 2016-01-13 11:38 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-29 00:58 - 2015-06-24 14:46 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\TS3Client 2016-06-29 00:01 - 2016-05-03 00:00 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\obs-studio 2016-06-28 21:18 - 2015-10-09 17:14 - 00000000 ____D C:\Users\STEVE\AppData\Local\Arma 3 2016-06-28 21:17 - 2016-03-23 16:01 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\Stan Lakeside 2016-06-28 20:34 - 2016-03-23 16:00 - 00000000 ____D C:\Users\STEVE\AppData\Local\Deployment 2016-06-28 12:10 - 2016-05-26 01:09 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2016-06-28 12:10 - 2016-05-26 01:09 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2016-06-28 12:10 - 2016-05-26 01:09 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2016-06-28 12:10 - 2016-05-26 01:09 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2016-06-28 12:10 - 2016-05-26 01:09 - 00000000 ____D C:\Program Files (x86)\OpenAL 2016-06-27 19:34 - 2015-06-24 14:11 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-27 19:22 - 2015-07-17 13:59 - 00000000 ____D C:\Users\STEVE\AppData\Local\CrashDumps 2016-06-27 18:03 - 2015-06-24 20:36 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-06-25 17:04 - 2015-11-30 01:01 - 00001817 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2016-06-25 17:04 - 2015-08-30 03:05 - 00000926 _____ C:\Users\Public\Desktop\GIMP 2.lnk 2016-06-25 17:04 - 2015-08-24 03:46 - 00000913 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2016-06-25 17:04 - 2015-06-24 20:36 - 00001966 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-06-25 17:04 - 2015-06-24 14:35 - 00000974 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2016-06-25 17:04 - 2015-06-24 14:32 - 00001011 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2016-06-25 16:41 - 2015-06-24 13:55 - 00000000 ____D C:\Program Files (x86)\Google 2016-06-25 16:40 - 2015-06-24 13:16 - 00001455 _____ C:\Users\STEVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-06-25 16:40 - 2015-06-24 13:16 - 00001421 _____ C:\Users\STEVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-06-25 15:37 - 2015-07-17 19:34 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\DAEMON Tools Lite 2016-06-25 15:37 - 2015-07-17 18:35 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\uTorrent 2016-06-25 15:36 - 2015-07-10 10:09 - 00000000 ____D C:\Windows\Minidump 2016-06-25 15:36 - 2015-06-24 23:08 - 00000000 ____D C:\Windows\Panther 2016-06-25 15:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-06-25 11:02 - 2016-02-13 13:28 - 00000000 ___SD C:\Users\STEVE\AppData\LocalLow\Temp 2016-06-25 02:11 - 2015-06-24 20:36 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-06-25 02:11 - 2015-06-24 20:36 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-06-25 02:11 - 2015-06-24 20:36 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-06-25 02:11 - 2015-06-24 20:36 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-06-25 02:11 - 2015-06-24 20:36 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-06-25 02:11 - 2015-06-24 20:36 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-06-25 02:11 - 2015-06-24 20:36 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-06-25 02:11 - 2015-06-24 20:28 - 00000000 ____D C:\ProgramData\AVAST Software 2016-06-25 02:10 - 2015-06-24 20:35 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-06-25 02:10 - 2015-06-24 20:30 - 00000000 ____D C:\Program Files\AVAST Software 2016-06-21 18:40 - 2015-06-24 15:11 - 00000000 ____D C:\Program Files\Rockstar Games 2016-06-21 18:40 - 2015-06-24 15:11 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2016-06-21 17:51 - 2015-06-24 14:25 - 00741748 _____ C:\Windows\system32\perfh015.dat 2016-06-21 17:51 - 2015-06-24 14:25 - 00156332 _____ C:\Windows\system32\perfc015.dat 2016-06-21 17:51 - 2009-07-14 07:13 - 01671560 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-18 13:33 - 2015-12-04 00:43 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\Skype 2016-06-18 13:08 - 2015-12-04 00:43 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-06-18 13:08 - 2015-12-04 00:42 - 00000000 ____D C:\ProgramData\Skype 2016-06-16 18:59 - 2016-01-13 11:38 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-06-16 18:59 - 2015-06-24 21:00 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-06-16 18:59 - 2015-06-24 21:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-11 11:12 - 2015-06-24 13:59 - 00063584 _____ C:\Users\STEVE\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-11 11:11 - 2009-07-14 06:45 - 00291368 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-10 18:10 - 2015-07-12 04:06 - 00000000 ____D C:\Users\STEVE\AppData\Local\gtk-2.0 2016-06-10 18:10 - 2015-07-12 04:02 - 00000000 ____D C:\Users\STEVE\.gimp-2.8 2016-06-09 16:34 - 2015-10-11 21:31 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2016-06-08 10:56 - 2015-10-30 15:34 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2016-06-07 17:03 - 2016-03-27 03:49 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\discord 2016-06-05 17:09 - 2015-07-16 22:31 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\SpaceEngineers 2016-06-05 11:55 - 2016-05-29 16:45 - 00000000 ____D C:\Users\STEVE\AppData\Local\wf-launcher 2016-06-05 11:53 - 2016-05-29 16:45 - 00000000 ____D C:\ProgramData\GFACE 2016-06-05 11:52 - 2016-03-27 03:49 - 00002164 _____ C:\Users\STEVE\Desktop\Discord.lnk 2016-06-05 11:52 - 2016-03-27 03:49 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2016-06-05 11:52 - 2016-03-27 03:49 - 00000000 ____D C:\Users\STEVE\AppData\Local\SquirrelTemp 2016-06-05 11:52 - 2016-03-27 03:49 - 00000000 ____D C:\Users\STEVE\AppData\Local\Discord 2016-06-02 20:50 - 2015-06-24 13:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-06-02 20:49 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-06-02 18:50 - 2015-07-13 00:37 - 00000000 ____D C:\Users\STEVE\Desktop\twarze kyca 2016-06-02 16:57 - 2015-08-30 15:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2016-04-14 18:02 - 2016-04-14 19:39 - 0000043 _____ () C:\Users\STEVE\AppData\Roaming\prio.ini 2015-09-12 04:46 - 2016-04-04 17:22 - 0005120 _____ () C:\Users\STEVE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-24 13:50 - 2015-06-24 13:50 - 0000000 _____ () C:\Users\STEVE\AppData\Local\Driver_LOM_8161Present.flag 2016-06-10 18:10 - 2016-06-10 18:10 - 0007505 _____ () C:\Users\STEVE\AppData\Local\recently-used.xbel 2015-06-24 14:21 - 2016-04-14 16:37 - 0007614 _____ () C:\Users\STEVE\AppData\Local\resmon.resmoncfg 2015-08-21 00:33 - 2015-08-21 00:33 - 0000000 ___SH () C:\ProgramData\.rdata ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-27 18:18 ==================== End of FRST.txt ============================