Jarek

September 28, 2017

Thanks for the help Valinorum! My laptop looks free of that drive.bat virus. I'll take it from here. Thanks again!

September 25, 2017

Its quite good now and I think its gone already since I can open Malwarebytes and anti-viruses now in which It wont let me do it in the past weeks

September 20, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by jarek (20-09-2017 20:30:11) Run:1
Running from C:\Users\jarek\Downloads
Loaded Profiles: jarek (Available Profiles: jarek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Task: {1F4086CB-014B-4385-80EB-AF197C5DBF82} - System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => D:\GTA Vice City\gta-vc.exe
Task: {22E9DD43-D662-4141-A44E-641D28BD876C} - System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => C:\Windows\system32\pcalua.exe -a "C:\Users\jarek\Downloads\Gta VC\gta Vice City full!!!! working version.exe" -d "C:\Users\jarek\Downloads\Gta VC"
Task: {5167994A-7659-46B0-A701-B6D85575EC3F} - System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => D:\GTA Vice City\gta-vc.exe
Task: {B80145A9-991F-4F09-93C3-EF32485922FD} - System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => D:\GTA 4 Vice City\Tecsetup.exe
Task: {BE953FB7-D6F5-4112-B890-55E74D782AE8} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
C:\Program Files\KMSpico\
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {00b85262-3cdd-11e7-b506-001f16da4c70} - V:\Install.exe
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {5e5660ef-8ec2-11e7-a081-001f16da4c70} - V:\Setup.exe
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {67d08722-3772-11e7-ba21-001f16da4c70} - V:\setup.exe
Handler: WSKVAllmytubechrome - No CLSID Value
CHR HomePage: Default -> hxxp://www.search.ask.com/?p2=%5EB7N%5EYYYYYY%5EYY%5EPH&gct=hp&o=APN11293cr&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5EPH&tpid=CME-V7&apn_dbr=iexplore.exe_6_10.0.9200.16537&trgb=CR&apn_uid=6FC8EF5B-A7F5-4524-9574-3BC0A49BC51E&itbv=12.3.0.861&doi=2013-09-11&psv=barid%253D%257B33B8CB3A%252D1A7F%252D11E3%252DBE96%252D2C59E5A4AACA%257D%2526cargo%253DCME%252DV7%2526spr%253Da
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1399637750&from=amt&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-05 09:07:58&v=18.1.8.643&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-08-05 09:07:58&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.mystartsearch.com/?type=hp&ts=1443225501&z=9c851e1fe15cc700785b812g2zaz8c3o6oew0c5g1w&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxps://www.google.com/?trackid=sp-006","hxxp://www.mystartsearch.com/?type=hp&ts=1443434260&z=380852f09fa076ba0a3b0b7g7z1z2c3z7c4zee9q8t&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://www.mystartsearch.com/?type=hp&ts=1443522904&z=58b2ca7e4846b7f5a18c3fagdz3zcccwfo9o3wbzft&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX"
File: D:\Garena Plus\ggdllhost.exe
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F4086CB-014B-4385-80EB-AF197C5DBF82} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F4086CB-014B-4385-80EB-AF197C5DBF82} => key removed successfully
C:\Windows\System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22E9DD43-D662-4141-A44E-641D28BD876C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22E9DD43-D662-4141-A44E-641D28BD876C} => key removed successfully
C:\Windows\System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5167994A-7659-46B0-A701-B6D85575EC3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5167994A-7659-46B0-A701-B6D85575EC3F} => key removed successfully
C:\Windows\System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B80145A9-991F-4F09-93C3-EF32485922FD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B80145A9-991F-4F09-93C3-EF32485922FD} => key removed successfully
C:\Windows\System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE953FB7-D6F5-4112-B890-55E74D782AE8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE953FB7-D6F5-4112-B890-55E74D782AE8} => key removed successfully
C:\Windows\System32\Tasks\AutoPico Daily Restart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully
C:\Program Files\KMSpico => moved successfully
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00b85262-3cdd-11e7-b506-001f16da4c70} => key removed successfully
HKLM\Software\Classes\CLSID\{00b85262-3cdd-11e7-b506-001f16da4c70} => key not found.
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5660ef-8ec2-11e7-a081-001f16da4c70} => key removed successfully
HKLM\Software\Classes\CLSID\{5e5660ef-8ec2-11e7-a081-001f16da4c70} => key not found.
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67d08722-3772-11e7-ba21-001f16da4c70} => key removed successfully
HKLM\Software\Classes\CLSID\{67d08722-3772-11e7-ba21-001f16da4c70} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully

========================= File: D:\Garena Plus\ggdllhost.exe ========================

File is digitally signed
MD5: 92E3B9223934E3A632FF9A2DAB7E87C5
Creation and modification date: 2017-05-12 15:44 - 2016-02-22 19:24
Size: 000174632
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description: Garena+ Plugin Host Service
File Version: 2.1.6.0
Product Version: 2.1.6.0
Copyright: Copyright (C) 2013
VirusTotal: https://www.virustotal.com/file/195cd629a7e218fb510976aca807beae4a878d32a9409bc6523b60a1e6fdf2e2/analysis/1502424247/

====== End of File: ======

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13197547 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 233075395 B
Edge => 0 B
Chrome => 506987651 B
Firefox => 10663792 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83391 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 66228 B
jarek => 437179883 B

RecycleBin => 2404890955 B
EmptyTemp: => 3.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:31:06 ====

September 14, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2017 02
Ran by jarek (administrator) on JAREK (14-09-2017 16:06:34)
Running from C:\Users\jarek\Downloads
Loaded Profiles: jarek (Available Profiles: jarek)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() D:\Garena Plus\ggdllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() D:\Garena Plus\GarenaMessenger.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() D:\Garena Plus\ggdllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() D:\Garena Plus\bbtalk\BBTalk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\Run: [GarenaPlus] => D:\Garena Plus\GarenaMessenger.exe [9183064 2017-09-11] ()
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {00b85262-3cdd-11e7-b506-001f16da4c70} - V:\Install.exe
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {5e5660ef-8ec2-11e7-a081-001f16da4c70} - V:\Setup.exe
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {67d08722-3772-11e7-ba21-001f16da4c70} - V:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{278E98EB-612A-4C27-851A-7A55D5B16E50}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - No CLSID Value
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: i2mie363.default
FF ProfilePath: C:\Users\jarek\AppData\Roaming\Mozilla\Firefox\Profiles\i2mie363.default [2017-09-03]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-12] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?p2=%5EB7N%5EYYYYYY%5EYY%5EPH&gct=hp&o=APN11293cr&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5EPH&tpid=CME-V7&apn_dbr=iexplore.exe_6_10.0.9200.16537&trgb=CR&apn_uid=6FC8EF5B-A7F5-4524-9574-3BC0A49BC51E&itbv=12.3.0.861&doi=2013-09-11&psv=barid%253D%257B33B8CB3A%252D1A7F%252D11E3%252DBE96%252D2C59E5A4AACA%257D%2526cargo%253DCME%252DV7%2526spr%253Da
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1399637750&from=amt&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-05 09:07:58&v=18.1.8.643&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-08-05 09:07:58&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.mystartsearch.com/?type=hp&ts=1443225501&z=9c851e1fe15cc700785b812g2zaz8c3o6oew0c5g1w&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxps://www.google.com/?trackid=sp-006","hxxp://www.mystartsearch.com/?type=hp&ts=1443434260&z=380852f09fa076ba0a3b0b7g7z1z2c3z7c4zee9q8t&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://www.mystartsearch.com/?type=hp&ts=1443522904&z=58b2ca7e4846b7f5a18c3fagdz3zcccwfo9o3wbzft&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (Google Slides) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-12]
CHR Extension: (Google Docs) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-12]
CHR Extension: (Google Drive) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-12]
CHR Extension: (YouTube) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-12]
CHR Extension: (Google Sheets) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-12]
CHR Extension: (AdBlock) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-07]
CHR HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-01-20] (SHAREit Technologies Co.Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-14] (Malwarebytes)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va064; \??\C:\Windows\SysWOW64\Drivers\X6va064 [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys 09391BA416AA29682298A612FDFDD7B8
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 4FC8D35A60FD9D989AF412EA2AEDF8C0
C:\Program Files (x86)\BlueStacks\BstkDrv.sys 7DB8EE09821A6D81A19A6591C9B8AA3A
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\MBAMSwissArmy.sys 94FCA94EE7937EA3ED75F39DE4C8E292
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D
C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692
C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-14 16:06 - 2017-09-14 16:07 - 000027656 _____ C:\Users\jarek\Downloads\FRST.txt
2017-09-14 16:06 - 2017-09-14 16:06 - 000000000 ____D C:\Users\jarek\Downloads\FRST-OlderVersion
2017-09-12 21:09 - 2017-09-12 21:09 - 000000000 ____D C:\Program Files (x86)\ESET
2017-09-12 20:46 - 2017-09-12 21:09 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-12 20:43 - 2017-09-12 20:43 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-09-12 20:42 - 2017-09-12 21:09 - 000000000 ____D C:\Users\jarek\Desktop\mbar
2017-09-12 20:42 - 2017-09-12 20:50 - 002870984 _____ (ESET) C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe
2017-09-12 20:41 - 2017-09-12 20:42 - 016563352 _____ (Malwarebytes Corp.) C:\Users\jarek\Downloads\mbar-1.09.3.1001.exe
2017-09-09 11:19 - 2017-09-09 11:19 - 000021333 _____ C:\Users\jarek\Downloads\Application Form.html
2017-09-09 10:38 - 2017-09-09 11:54 - 000000000 ____D C:\Users\jarek\Downloads\Application Form_files
2017-09-07 19:12 - 2017-09-08 18:53 - 000000176 _____ C:\Users\jarek\Documents\yulex scoreboard (dont delete...).txt
2017-09-06 19:05 - 2017-09-07 18:15 - 000000135 _____ C:\Users\jarek\Documents\scoreboard (alexa) (do not delete).txt
2017-09-02 11:14 - 2017-09-02 11:14 - 000000641 _____ C:\Users\jarek\Desktop\GTA Vice City.lnk
2017-09-01 21:16 - 2017-09-01 21:16 - 000002190 _____ C:\Users\jarek\Documents\Malware report.txt
2017-09-01 20:56 - 2017-09-14 14:39 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-01 20:56 - 2017-09-01 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-01 20:55 - 2017-09-14 16:06 - 000000000 ____D C:\FRST
2017-09-01 20:48 - 2017-09-01 20:56 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-01 20:48 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-01 20:43 - 2017-09-01 20:46 - 066347240 _____ (Malwarebytes ) C:\Users\jarek\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-01 20:40 - 2017-09-14 16:06 - 002398208 _____ (Farbar) C:\Users\jarek\Downloads\FRST64.exe
2017-09-01 13:30 - 2017-09-01 13:30 - 000000000 _____ C:\autoexec.bat
2017-08-30 20:56 - 2017-08-30 21:01 - 000000000 ____D C:\Users\jarek\AppData\LocalLow\Mozilla
2017-08-30 20:51 - 2017-08-30 21:01 - 000000000 ____D C:\Users\jarek\AppData\Local\Mozilla
2017-08-30 20:51 - 2017-08-30 20:51 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-30 20:51 - 2017-08-30 20:51 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-30 20:51 - 2017-08-30 20:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-30 20:51 - 2017-08-30 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-30 20:39 - 2017-08-30 20:39 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Google
2017-08-20 18:30 - 2017-08-20 18:31 - 000000000 ____D C:\Users\Public\Documents\GTA Vice City User Files
2017-08-20 18:26 - 2017-08-20 18:26 - 000002922 ____N C:\Windows\System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37}
2017-08-20 18:26 - 2017-08-20 18:26 - 000002922 ____N C:\Windows\System32\Tasks\{603B553D-3644-412E-A9AE-6006B763455F}
2017-08-20 18:14 - 2017-09-02 14:08 - 000000000 ____D C:\Users\jarek\Documents\GTA Vice City User Files
2017-08-20 08:30 - 2017-09-13 20:59 - 000000000 ___HD C:\Users\jarek\AppData\Roaming\ohrakfvy
2017-08-18 07:45 - 2017-08-18 07:45 - 000000000 ____D C:\Users\jarek\AppData\Local\ASHelper
2017-08-17 20:13 - 2017-08-17 20:13 - 000000000 ____D C:\Users\jarek\AppData\Local\ElevatedDiagnostics
2017-08-16 11:54 - 2017-08-16 11:54 - 3730374656 ____N C:\Users\jarek\Downloads\Call of Duty 3 (USA).iso
2017-08-16 07:21 - 2017-08-20 18:56 - 000000000 ____D C:\Users\jarek\Documents\PCSX2
2017-08-15 21:18 - 2017-08-15 21:20 - 000000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2017-08-15 21:18 - 2017-08-15 21:18 - 000001939 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2017-08-15 21:18 - 2017-08-15 21:18 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-15 21:18 - 2017-08-15 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-08-15 21:16 - 2017-08-15 21:17 - 017837152 _____ C:\Users\jarek\Downloads\pcsx2-1.4.0-setup.exe
2017-08-13 12:59 - 2017-08-13 13:08 - 000000000 ____D C:\Users\jarek\Documents\GTA3 User Files
2017-08-13 12:25 - 2017-08-13 12:25 - 000002926 ____N C:\Windows\System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD}
2017-08-13 12:25 - 2017-08-13 12:25 - 000002926 ____N C:\Windows\System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14}
2017-08-13 12:21 - 2017-08-13 12:21 - 000003226 ____N C:\Windows\System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413}
2017-08-12 18:28 - 2017-08-12 18:28 - 000000012 _____ C:\Users\jarek\Documents\aw.txt
2017-08-06 18:00 - 2017-08-06 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Vice City [Full]
2017-08-02 21:35 - 2017-08-05 11:12 - 000000000 ____D C:\Users\jarek\Downloads\Linkin Park
2017-07-28 23:38 - 2017-09-02 11:00 - 000000000 ____D C:\Users\jarek\Downloads\Games
2017-07-28 23:37 - 2017-08-16 20:24 - 000000000 ____D C:\Users\jarek\Downloads\UE
2017-07-26 18:21 - 2017-09-12 20:46 - 000000000 ____D C:\ProgramData\MALWAREBYTES
2017-07-26 18:15 - 2017-07-26 18:15 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-26 07:20 - 2017-07-26 07:23 - 000000000 ____D C:\Users\jarek\Downloads\SHAREit
2017-07-26 07:20 - 2017-07-26 07:20 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Umeng
2017-07-26 07:20 - 2017-07-26 07:20 - 000000000 ____D C:\Users\jarek\AppData\Local\SHAREit Technologies
2017-07-26 07:19 - 2017-07-26 07:19 - 000001206 _____ C:\Users\Public\Desktop\SHAREit.lnk
2017-07-26 07:19 - 2017-07-26 07:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2017-07-26 07:19 - 2017-07-26 07:19 - 000000000 ____D C:\Program Files (x86)\SHAREit Technologies
2017-07-25 14:42 - 2017-07-25 16:04 - 000000000 ____D C:\Users\jarek\AppData\Roaming\audacity
2017-07-25 14:42 - 2017-07-25 14:42 - 000000544 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-07-25 14:42 - 2017-07-25 14:42 - 000000544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-07-25 14:42 - 2017-07-25 14:42 - 000000000 ____D C:\Users\jarek\AppData\Local\Audacity
2017-07-24 13:42 - 2017-09-13 20:59 - 000000000 ____D C:\Users\jarek\AppData\Roaming\lnjbt
2017-07-23 10:24 - 2017-07-23 10:24 - 000000932 ____N C:\Users\jarek\Desktop\PPSSPP.lnk
2017-07-19 21:37 - 2017-07-19 21:42 - 000000000 ____D C:\Users\jarek\Documents\Biology
2017-07-03 16:41 - 2017-07-03 16:41 - 000000000 ____D C:\Windows\system32\appmgmt
2017-07-02 09:16 - 2017-07-02 09:16 - 000000000 ____D C:\Users\jarek\AppData\LocalLow\Critical Force
2017-07-02 08:52 - 2017-07-02 08:52 - 000000000 ____D C:\Users\Public\Facebook Games
2017-06-30 20:12 - 2017-07-03 16:41 - 000000000 ____D C:\Users\jarek\AppData\Local\Facebook
2017-06-24 09:27 - 2017-08-23 18:47 - 000000000 ____D C:\Users\jarek\Documents\PPSSPP
2017-06-24 09:27 - 2017-06-24 09:27 - 000000547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPSSPP.lnk
2017-06-20 18:02 - 2017-06-20 18:02 - 000000000 ____D C:\Users\jarek\Documents\Custom Office Templates
2017-06-17 09:44 - 2017-08-26 16:18 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForjarek.job
2017-06-17 09:44 - 2017-08-26 11:03 - 000003186 ____N C:\Windows\System32\Tasks\HPCeeScheduleForjarek
2017-06-17 09:44 - 2017-06-17 09:44 - 000000000 ____D C:\Users\jarek\AppData\Local\HP_Inc

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-14 14:46 - 2009-07-14 12:45 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-14 14:46 - 2009-07-14 12:45 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-14 14:42 - 2017-05-12 15:44 - 000000000 ____D C:\Users\jarek\AppData\Roaming\GarenaPlus
2017-09-14 14:42 - 2017-05-12 15:44 - 000000000 ____D C:\ProgramData\GarenaMessenger
2017-09-14 14:39 - 2017-05-20 05:50 - 000003356 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2017-09-14 14:38 - 2017-05-12 15:36 - 000000000 ____D C:\Program Files\KMSpico
2017-09-14 14:38 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-13 20:59 - 2017-05-12 15:35 - 000000000 ____D C:\ProgramData\KMSAuto
2017-09-13 19:58 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-13 19:58 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-09-12 20:59 - 2017-05-12 16:28 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-12 20:59 - 2017-05-12 16:28 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-12 20:59 - 2017-05-12 16:28 - 000004468 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-12 20:59 - 2017-05-12 16:28 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-12 20:59 - 2017-05-12 16:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-12 20:59 - 2017-05-12 16:28 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-10 10:30 - 2017-05-13 19:58 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-09-06 16:48 - 2017-05-12 14:28 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-06 16:48 - 2017-05-12 14:28 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-02 23:58 - 2017-05-12 16:31 - 000002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-01 22:50 - 2017-05-12 16:31 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-01 22:50 - 2017-05-12 16:26 - 000000000 ____D C:\Users\jarek\AppData\Local\Adobe
2017-09-01 13:50 - 2017-05-20 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-09-01 13:50 - 2017-05-12 15:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-30 20:56 - 2017-05-13 20:12 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Mozilla
2017-08-27 21:01 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-26 12:07 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\rescache
2017-08-17 20:15 - 2017-05-12 14:25 - 000000000 ____D C:\Users\jarek
2017-08-17 20:14 - 2017-05-21 12:32 - 000000000 ____D C:\Windows\Minidump
2017-08-17 20:14 - 2017-05-12 14:44 - 000000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-08-17 20:14 - 2017-05-12 14:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-17 20:14 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2017-08-15 21:19 - 2017-05-13 12:40 - 000000000 ____D C:\Windows\SysWOW64\directx

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {04bc70dd-35ae-11e7-8e6c-f6e1b3d3e45e}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-gb
inherit {bootloadersettings}
custom:15000065 3
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e}
systemroot \windows
nx OptIn
custom:250000c2 1
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e}
nx OptIn

Windows Boot Loader
-------------------
identifier {04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e}
device ramdisk=[C:]\Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\Winre.wim,{04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\Winre.wim,{04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\boot.sdi

LastRegBack: 2017-06-12 15:56

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by jarek (14-09-2017 16:07:38)
Running from C:\Users\jarek\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-05-12 06:25:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2947266498-225611615-1475648406-500 - Administrator - Disabled)
Guest (S-1-5-21-2947266498-225611615-1475648406-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2947266498-225611615-1475648406-1002 - Limited - Enabled)
jarek (S-1-5-21-2947266498-225611615-1475648406-1001 - Administrator - Enabled) => C:\Users\jarek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Crossfire PH version 1231 (HKLM-x32\...\{816BF8B4-A8BA-41EC-9ABB-6498E2AFF574}_is1) (Version: 1231 - Gameclub)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GameClub Launcher PH (Remove only) (HKLM-x32\...\{BBD9FAD7-F782-4548-B00F-E612322950F6}) (Version: 20111202 - GameClub)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.7.27.15 - HP Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
PPSSPP version 1.4.2 (HKLM-x32\...\PPSSPP_is1) (Version: 1.4.2 - )
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.5.171 - SHAREit Technologies Co.Ltd)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A847D5-C8C6-4014-ABAE-C78E0A0D1212} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {0C91F2AC-A18C-46B6-8C6E-44F0F7206600} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {17611FD0-936E-424B-9EEF-A5D2048D74C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.)
Task: {1F4086CB-014B-4385-80EB-AF197C5DBF82} - System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => D:\GTA Vice City\gta-vc.exe
Task: {22E9DD43-D662-4141-A44E-641D28BD876C} - System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => C:\Windows\system32\pcalua.exe -a "C:\Users\jarek\Downloads\Gta VC\gta Vice City full!!!! working version.exe" -d "C:\Users\jarek\Downloads\Gta VC"
Task: {24533488-5CC9-4FCD-9275-5454307F388F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation)
Task: {40C82AF3-43CC-48FA-A31D-FE819FEC2B8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-12] (Google Inc.)
Task: {47F32EBE-FB3B-4517-B5C2-D4C10010EE39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation)
Task: {486A9A18-FF5B-45C7-9CBF-9DC6AB0682A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {5167994A-7659-46B0-A701-B6D85575EC3F} - System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => D:\GTA Vice City\gta-vc.exe
Task: {5455D43A-5DA9-4CC9-A1B2-1325841119A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-04-06] (HP Inc.)
Task: {5A2B8F31-8538-4A83-84DC-39CF17D26647} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {66B92E7F-97E0-4355-9A1B-82E9669FF428} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-04-06] (HP Inc.)
Task: {80CF7596-E6D2-4B37-8937-8E41D8443B07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {82C13354-39BE-4B94-ADA2-45B41E69C926} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {85EDD8D6-23CC-4584-AC0F-6D2251B66D06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {884A0A81-6E23-458E-84FF-978CC8C923D9} - System32\Tasks\Garena+ Plugin Host Service => D:\Garena Plus\ggdllhost.exe [2016-02-22] ()
Task: {910D1E07-4596-42C8-809A-EC2E216DFC41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-12] (Google Inc.)
Task: {B80145A9-991F-4F09-93C3-EF32485922FD} - System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => D:\GTA 4 Vice City\Tecsetup.exe
Task: {BCA2321A-9C6B-436B-8E67-1AFDCF741720} - System32\Tasks\HPCeeScheduleForjarek => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {BE953FB7-D6F5-4112-B890-55E74D782AE8} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {C33B11FB-E581-4BD1-B6AF-94C0C67F9468} - System32\Tasks\{603B553D-3644-412E-A9AE-6006B763455F} => D:\GTA 4 Vice City\Tecsetup.exe
Task: {C4C8DF7E-39C3-4FD3-9BBB-3E9420C94ED9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {D45FED2C-FEC2-49F9-A031-E7F45C47F1AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation)
Task: {E190336B-92F1-4101-93BC-5A3169809F95} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation)
Task: {ED1C5487-4ACD-4BD4-97A2-821703CFB82A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {F77AC097-9A59-48F1-96F2-A018796AA140} - System32\Tasks\{0F76952C-8374-46E8-A855-566EE328DEC7} => G:\Drive\GAMES\Assassin's Creed\Assassin's Creed Brotherhood\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForjarek.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-12 14:35 - 2017-05-12 14:35 - 008901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-12 14:31 - 2015-08-16 00:21 - 000162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2017-05-12 15:44 - 2016-02-22 19:24 - 000174632 _____ () D:\Garena Plus\ggdllhost.exe
2017-05-12 15:44 - 2017-09-11 21:02 - 009183064 _____ () D:\Garena Plus\GarenaMessenger.exe
2017-05-12 15:44 - 2017-06-09 18:51 - 007334400 _____ () D:\Garena Plus\bbtalk\BBtalk.exe
2017-09-06 16:48 - 2017-09-04 16:12 - 002692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\swiftshader\libglesv2.dll
2017-09-06 16:48 - 2017-09-04 16:12 - 000138584 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\swiftshader\libegl.dll
2017-05-12 15:44 - 2017-06-23 18:10 - 002737384 _____ () D:\Garena Plus\ggspawn.dll
2017-05-12 15:44 - 2016-02-22 19:24 - 000116776 _____ () D:\Garena Plus\CommonLib.dll
2017-05-12 15:44 - 2017-09-11 21:02 - 000045392 _____ () D:\Garena Plus\DibModule.dll
2017-05-12 15:44 - 2017-09-12 13:21 - 000046928 _____ () D:\Garena Plus\VersionModule.dll
2017-05-12 15:44 - 2016-02-22 19:24 - 000063528 _____ () D:\Garena Plus\FileLoader.dll
2017-05-12 15:44 - 2016-02-22 19:25 - 000099368 _____ () D:\Garena Plus\PluginKernel.dll
2017-05-12 15:44 - 2016-02-22 19:24 - 000499240 _____ () D:\Garena Plus\CxImage.dll
2017-05-12 15:44 - 2016-02-22 19:25 - 000037416 _____ () D:\Garena Plus\PluginModule.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 000182824 _____ () D:\Garena Plus\lib\fs\YYFileSystem.dll
2017-05-12 15:44 - 2016-06-24 20:05 - 000379744 _____ () D:\Garena Plus\lib\Http.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 000196648 _____ () D:\Garena Plus\lib\MP3Module.dll
2017-05-12 15:44 - 2012-02-22 16:52 - 000162304 _____ () D:\Garena Plus\lame_enc.DLL
2017-05-12 15:44 - 2016-03-03 21:58 - 000231976 _____ () D:\Garena Plus\lib\TaskManagerLib.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 000164392 _____ () D:\Garena Plus\lib\UILayout.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 000970280 _____ () D:\Garena Plus\lib\XLL.dll
2017-05-12 15:44 - 2017-09-11 21:03 - 000066904 _____ () D:\Garena Plus\lib\XmlUIModule.dll
2017-05-12 15:44 - 2012-02-22 16:52 - 000573100 _____ () D:\Garena Plus\sqlite3.dll
2017-05-12 15:44 - 2016-02-22 19:25 - 000237608 _____ () D:\Garena Plus\Plugins\StatsPlugin.dll
2017-05-12 15:44 - 2017-09-11 21:03 - 002178896 _____ () D:\Garena Plus\Plugins\ggplugin.dll
2017-05-12 15:44 - 2017-09-11 21:02 - 000204632 _____ () D:\Garena Plus\ImageModule.dll
2017-05-12 15:44 - 2016-02-22 19:25 - 000167464 _____ () D:\Garena Plus\libmpg123.dll
2017-05-12 15:44 - 2016-08-29 15:48 - 004892664 _____ () D:\Garena Plus\ggdownloader.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 000077864 _____ () D:\Garena Plus\lib\delay_load\AudioMixerLib.dll
2017-05-12 15:44 - 2017-09-11 21:03 - 000028504 _____ () D:\Garena Plus\lib\delay_load\ClientTcp.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 001557544 _____ () D:\Garena Plus\lib\delay_load\FileSender.dll
2017-05-12 15:44 - 2013-02-01 13:42 - 000153088 _____ () D:\Garena Plus\libzmq.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 000968232 _____ () D:\Garena Plus\lib\delay_load\GaFileTransfer.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 000257064 _____ () D:\Garena Plus\lib\delay_load\MediaEngine.dll
2017-05-12 15:44 - 2016-02-22 19:25 - 000038440 _____ () D:\Garena Plus\ServerMemAlloc.dll
2017-05-12 15:44 - 2016-03-03 21:58 - 000528936 _____ () D:\Garena Plus\lib\delay_load\RSALib.dll
2017-05-12 15:44 - 2017-09-11 21:03 - 000080208 _____ () D:\Garena Plus\lib\delay_load\UdtLib.dll
2017-05-12 15:44 - 2016-03-17 21:18 - 000113192 _____ () D:\Garena Plus\Plugins\PlatformPlugin.dll
2017-05-12 15:44 - 2016-11-30 21:35 - 000242680 _____ () D:\Garena Plus\Plugins\PluginNews.dll
2017-05-12 15:44 - 2016-03-17 21:18 - 000410152 _____ () D:\Garena Plus\Plugins\GarenaTalkPlugin.dll
2017-05-12 15:44 - 2017-09-11 21:03 - 000236888 _____ () D:\Garena Plus\Plugins\GameSalePlugin.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000116264 _____ () D:\Garena Plus\bbtalk\CommonLib.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000075304 _____ () D:\Garena Plus\bbtalk\PluginKernel.dll
2017-05-12 15:44 - 2016-09-23 19:05 - 000046032 _____ () D:\Garena Plus\bbtalk\DibModule.dll
2017-05-12 15:44 - 2017-01-13 21:16 - 000394744 _____ () D:\Garena Plus\bbtalk\ImageModule.dll
2017-05-12 15:44 - 2016-09-23 19:05 - 000053752 _____ () D:\Garena Plus\bbtalk\lollauncher.dll
2017-05-12 15:44 - 2017-06-09 19:07 - 000026112 _____ () D:\Garena Plus\bbtalk\VersionModule.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000460184 _____ () D:\Garena Plus\bbtalk\sqlite3.dll
2017-05-12 15:44 - 2017-05-25 16:47 - 002499024 _____ () D:\Garena Plus\bbtalk\Overlay.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000120872 _____ () D:\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000042024 _____ () D:\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000436776 _____ () D:\Garena Plus\bbtalk\lib\exchndl.dll
2017-05-12 15:44 - 2016-09-23 19:06 - 000089592 _____ () D:\Garena Plus\bbtalk\lib\FileManager.dll
2017-05-12 15:44 - 2016-10-25 21:05 - 000065064 _____ () D:\Garena Plus\bbtalk\FileSystem.dll
2017-05-12 15:44 - 2016-10-13 16:41 - 000387024 _____ () D:\Garena Plus\bbtalk\lib\Http.dll
2017-05-12 15:44 - 2016-10-13 16:41 - 000059856 _____ () D:\Garena Plus\bbtalk\lib\InputHookLib.dll
2017-05-12 15:44 - 2016-10-25 21:05 - 000079824 _____ () D:\Garena Plus\bbtalk\InputHook.dll
2017-05-12 15:44 - 2016-09-23 19:06 - 000054736 _____ () D:\Garena Plus\bbtalk\lib\IPCLib.dll
2017-05-12 15:44 - 2016-09-23 19:06 - 000067624 _____ () D:\Garena Plus\bbtalk\lib\LangLib.dll
2017-05-12 15:44 - 2016-09-23 19:05 - 000102864 _____ () D:\Garena Plus\bbtalk\audiohost.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000146984 _____ () D:\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000042536 _____ () D:\Garena Plus\bbtalk\lib\MP3Saver.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000250408 _____ () D:\Garena Plus\bbtalk\libmp3lame.DLL
2017-05-12 15:44 - 2016-09-23 19:06 - 001060344 _____ () D:\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2017-05-12 15:44 - 2016-09-23 19:06 - 000068648 _____ () D:\Garena Plus\bbtalk\lib\ResLib.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000111144 _____ () D:\Garena Plus\bbtalk\PngModule.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000139816 _____ () D:\Garena Plus\bbtalk\lib\TcpClient.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000149544 _____ () D:\Garena Plus\bbtalk\lib\UdpClient.dll
2017-05-12 15:44 - 2016-03-02 21:20 - 000122920 _____ () D:\Garena Plus\bbtalk\lib\UILayout.dll
2017-05-12 15:44 - 2017-06-09 18:53 - 000868904 _____ () D:\Garena Plus\bbtalk\lib\UILib.dll
2017-05-12 15:44 - 2016-09-23 19:06 - 000068560 _____ () D:\Garena Plus\bbtalk\lib\XmlUIModule.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2947266498-225611615-1475648406-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: KeepVidProUpdateHelper.exe => C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D17D47BA-86AF-4062-B50F-00332781C0F0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8A170E17-A7CC-4383-9AC1-106AACD75B36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4F667105-194C-42E5-92E3-2CDEA35CD541}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{84E59EF1-402B-445E-80E0-E18E337B7575}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9366F3BA-16EB-445A-8AEF-E0DB17BB8AFC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F6C8413C-7526-43E8-9353-BAE5302FDAC6}] => (Allow) C:\Users\jarek\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{2E9408BA-0A56-4294-BA6B-52E448FEEDFA}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{DF4C4EF9-2792-4C46-951E-7DB444BCEDDD}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{8D7A6EA7-3530-4A8B-9D78-26EE08EB7913}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{D6C0B2E0-3718-426B-A608-237CF4E71709}] => (Allow) LPort=8370
FirewallRules: [{8115AA1A-A3A5-4FDC-8EF8-9967265D0A20}] => (Allow) LPort=8370
FirewallRules: [{763DC8B6-20D3-4258-BC04-1923495FD0CD}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{7D35D09A-31E8-4338-996C-71024BA2E97B}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{C880E837-9389-471F-93A1-96C40C859130}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{DCB79C30-E7E8-46F9-85C5-C6146F52D6D8}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [TCP Query User{BB00C0FF-55D2-4CB6-8DE0-40AE189A1EC3}G:\drive\left4dead 2 2013\left4dead2.exe] => (Allow) G:\drive\left4dead 2 2013\left4dead2.exe
FirewallRules: [UDP Query User{6DEC2523-1E03-4A72-BB63-CA4CD6CE0992}G:\drive\left4dead 2 2013\left4dead2.exe] => (Allow) G:\drive\left4dead 2 2013\left4dead2.exe
FirewallRules: [TCP Query User{95E61927-A0E8-48EA-A830-9C685E1F8C9D}G:\drive\games\call of duty\call of duty - world at war\codwaw.exe] => (Allow) G:\drive\games\call of duty\call of duty - world at war\codwaw.exe
FirewallRules: [UDP Query User{EA68048E-07B3-4C73-985E-5CED073459EB}G:\drive\games\call of duty\call of duty - world at war\codwaw.exe] => (Allow) G:\drive\games\call of duty\call of duty - world at war\codwaw.exe
FirewallRules: [{C20CCBD6-20C3-4B54-8FD3-DF0E981282D2}] => (Allow) LPort=1689
FirewallRules: [TCP Query User{017D7C5A-1252-4E29-9C24-71B6EFFFCE55}D:\garena plus\garenamessenger.exe] => (Allow) D:\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{D27A24E2-A12F-4333-B11D-276F5C671C4A}D:\garena plus\garenamessenger.exe] => (Allow) D:\garena plus\garenamessenger.exe
FirewallRules: [{1FB96FDD-CAD2-490F-986D-B79400C701AB}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71BCCA2E-D91C-42F0-94C3-49F7A62E83B1}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63D2FF4D-33F8-4B51-BC98-113489BD5232}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE2E0FFE-389B-4157-BF9A-458E9D542188}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED1235EC-F65C-4F87-8006-A8BDD5EF2D2C}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{954DE557-13A2-45C0-911F-FC72F234FDF5}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B2D37D98-071F-45A5-ACA1-01736857F20A}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{294A749B-7020-4009-A9F3-0C1632B0F4F3}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{A77EA475-694A-4939-B194-22378F64A3DE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{12857F06-F9DB-4D02-896A-DE0954B13F51}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8D8E0D67-C04A-45BC-8258-5451E50C6194}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-08-2017 12:05:15 Scheduled Checkpoint
01-09-2017 13:50:11 Installed Grand Theft Auto Vice City
09-09-2017 21:59:25 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2017 03:59:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/14/2017 03:59:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/14/2017 02:40:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/13/2017 09:11:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/13/2017 08:11:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/13/2017 07:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/13/2017 07:33:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/13/2017 07:33:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/13/2017 07:33:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (09/14/2017 02:38:49 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (09/13/2017 09:00:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/13/2017 09:00:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\jarek\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/13/2017 09:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/13/2017 09:00:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\jarek\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/13/2017 09:00:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/13/2017 09:00:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\jarek\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/13/2017 09:00:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/13/2017 09:00:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\jarek\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/13/2017 09:00:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 3999.19 MB
Available physical RAM: 1844.37 MB
Total Virtual: 7996.58 MB
Available Virtual: 5759.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:102.05 GB) (Free:42.12 GB) NTFS
Drive d: () (Fixed) (Total:195.55 GB) (Free:170.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AA0A7A18)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Users shortcut scan result (x64) Version: 13-09-2017 02
Ran by jarek (14-09-2017 16:08:01)
Running from C:\Users\jarek\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\BlueStacks.exe (BlueStack Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> D:\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire PH.lnk -> D:\Crossfire PH\CFLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPSSPP.lnk -> D:\ppsspp\PPSSPPWindows.exe (Henrik Rydgård)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit\SHAREit.lnk -> C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Play GTA San Andreas.lnk -> D:\GTA San Andreas\gta_sa.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\README.lnk -> D:\GTA San Andreas\ReadMe\Readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\Play GTA Vice City.lnk -> D:\gta-vc.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\ReadMe.lnk -> D:\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Frequently Asked Questions.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\Docs\PCSX2_FAQ.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\PCSX2 1.4.0.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\pcsx2.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Readme.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\Docs\PCSX2_Readme.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Uninstall PCSX2 1.4.0.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\Uninst-pcsx2 1.4.0.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk -> C:\Program Files\KMSpico\AutoPico.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk -> C:\Program Files\KMSpico\KMSELDI.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk -> C:\Program Files\KMSpico\scripts\Log.cmd ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 2.0\Crossfire 2.0.lnk -> D:\Crossfire 2.0\CFLauncher.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\Links\OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\Links\Desktop.lnk -> C:\Users\jarek\Desktop ()
Shortcut: C:\Users\jarek\Links\Downloads.lnk -> C:\Users\jarek\Downloads ()
Shortcut: C:\Users\jarek\Links\OneDrive.lnk -> C:\Users\jarek\OneDrive ()
Shortcut: C:\Users\jarek\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\jarek\Desktop\Garena +.lnk -> D:\Garena Plus\GarenaMessenger.exe ()
Shortcut: C:\Users\jarek\Desktop\GTA Vice City.lnk -> D:\Games\GTA Vice City\gta-vc.exe ()
Shortcut: C:\Users\jarek\Desktop\PPSSPP.lnk -> D:\ppsspp\PPSSPPWindows64.exe (Henrik Rydgård)
Shortcut: C:\Users\jarek\Desktop\µTorrent.lnk -> C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Users\jarek\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto San Andreas™.lnk -> [LF6"pH,R GFSIBIA8"Grand Theft Auto: San Andreas"!(1SPSXFL8C&m]
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto™ 3.lnk -> [LF6"pH,R GFSI+~CSqrIbGrand Theft Auto"! 3(1SPSXFL8C&m]
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto™ Vice City.lnk -> [LF6"pH,R GFSIijNH3+Grand Theft Auto"!: Vice City(1SPSXFL8C&m]
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Garena +.lnk -> D:\Garena Plus\GarenaMessenger.exe ()
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\jarek\AppData\Local\Microsoft\Windows\GameExplorer\{95C5F9AB-6C7B-44B4-9942-0DE98995A721}\PlayTasks\0\Play.lnk -> D:\Games\GTA Vice City\gta-vc.exe ()
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> D:\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Public\Desktop\BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\BlueStacks.exe (BlueStack Systems, Inc.)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Crossfire PH.lnk -> D:\Crossfire PH\CFLauncher.exe ()
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\PCSX2 1.4.0.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\pcsx2.exe ()
Shortcut: C:\Users\Public\Desktop\SHAREit.lnk -> C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu\WinCDEmu Settings.lnk -> C:\Program Files (x86)\WinCDEmu\vmnt64.exe (Sysprogs OU) -> /settings
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Uninstall GTA San Andreas.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\Uninstall GTA Vice City.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe (InstallShield Software Corporation) -> -l0009
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins001.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk -> C:\Program Files\KMSpico\UninsHs.exe (Han-soft) -> /u0=KMSpico
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc.) -> /p 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Clash of Clans.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.supercell.clashofclans -a com.supercell.clashofclans.GameApp -v Android
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\fakelocation.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.location.providerV33 -a .Main -vmname:
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Garena.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.garena.gas -a com.garena.gxx.splash.GGSplashActivity -v Android
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Location Provider.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.location.provider -a com.location.provider.MapsActivity -v Android
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Photos.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.google.android.apps.photos -a com.google.android.apps.photos.home.HomeActivity -v Android
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Play Games.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.google.android.play.games -a com.google.android.gms.games.ui.destination.main.MainActivity -v Android
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Register Online.url -> URL: hxxp://www.rockstargames.com/register/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Rockstar Games.url -> URL: hxxp://www.rockstargames.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Rockstar North Ltd.url -> URL: hxxp://www.RockstarNorth.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\Rockstar Games.url -> URL: hxxp://www.rockstargames.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\Rockstar North Ltd.url -> URL: hxxp://www.rockstarnorth.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\jarek\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\jarek\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\jarek\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\jarek\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\jarek\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\jarek\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\jarek\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\jarek\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\jarek\Desktop\Gameclub Philippines.url -> URL: hxxp://ph.gameclub.com/

==================== End of Shortcut.txt =============================

September 13, 2017

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1
# end=init
# utc_time=2017-09-12 01:22:17
# local_time=2017-09-12 09:22:17 (+0800, China Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Finalize
Updated modules version: 34714
Update Init
Update Download
Update Finalize
Updated modules version: 34714
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1
# end=updated
# utc_time=2017-09-12 01:49:45
# local_time=2017-09-12 09:49:45 (+0800, China Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1
# engine=34714
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-09-12 02:26:52
# local_time=2017-09-12 10:26:52 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 260813 256856262 0 0
# scanned=38042
# found=11
# cleaned=0
# scan_time=2226
sh=41F15B900A5900DF198B13F880B55FFD9F57BF9A ft=1 fh=472a2c58ae44d803 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\Program Files\KMSpico\Service_KMS.exe"
sh=9AD987AED677A595CB6CB507A12A014989D4E597 ft=1 fh=3db0605f8b34f591 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll"
sh=426DC93FA10D28CA6B93F851300026C0F58128C5 ft=1 fh=83535894ac5fb546 vn="a variant of MSIL/HackKMS.I potentially unsafe application" ac=I fn="C:\ProgramData\KMSAuto\KMSAuto Net.exe"
sh=1788775E01C6A73349BBC28708CD7227FC605E88 ft=1 fh=7b79c2527e515632 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\ProgramData\KMSAuto\bin\TunMirror.exe"
sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=5c5ffac21db3a4d7 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\ProgramData\KMSAuto\bin\TunMirror2.exe"
sh=426DC93FA10D28CA6B93F851300026C0F58128C5 ft=1 fh=83535894ac5fb546 vn="a variant of MSIL/HackKMS.I potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\KMSAuto Net.exe"
sh=1788775E01C6A73349BBC28708CD7227FC605E88 ft=1 fh=7b79c2527e515632 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\bin\TunMirror.exe"
sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=5c5ffac21db3a4d7 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\bin\TunMirror2.exe"
sh=E6566643A5B6632FBC46D810AABC2196A88C8342 ft=0 fh=0000000000000000 vn="JS/Bondat.AN worm" ac=I fn="C:\Users\jarek\AppData\Roaming\lnjbt\jdjucfy.js"
sh=E6566643A5B6632FBC46D810AABC2196A88C8342 ft=0 fh=0000000000000000 vn="JS/Bondat.AN worm" ac=I fn="C:\Users\jarek\AppData\Roaming\ohrakfvy\qutdnd.js"
sh=C705C0B0210EBDA6A3301C6CA9C6091B2EE11D5B ft=1 fh=7ec746d6559b765e vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\jarek\Downloads\ccsetup533.exe"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1
# end=init
# utc_time=2017-09-13 11:34:15
# local_time=2017-09-13 07:34:15 (+0800, China Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 34728
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1
# end=updated
# utc_time=2017-09-13 11:35:26
# local_time=2017-09-13 07:35:26 (+0800, China Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1
# engine=34728
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-09-13 01:00:37
# local_time=2017-09-13 09:00:37 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 342038 256937487 0 0
# scanned=129492
# found=12
# cleaned=9
# scan_time=5111
sh=426DC93FA10D28CA6B93F851300026C0F58128C5 ft=1 fh=83535894ac5fb546 vn="a variant of MSIL/HackKMS.I potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\KMSAuto Net.exe"
sh=1788775E01C6A73349BBC28708CD7227FC605E88 ft=1 fh=7b79c2527e515632 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\bin\TunMirror.exe"
sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=5c5ffac21db3a4d7 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\bin\TunMirror2.exe"
sh=41F15B900A5900DF198B13F880B55FFD9F57BF9A ft=1 fh=472a2c58ae44d803 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application (cleaned by deleting (after the next restart))" ac=C fn="C:\Program Files\KMSpico\Service_KMS.exe"
sh=9AD987AED677A595CB6CB507A12A014989D4E597 ft=1 fh=3db0605f8b34f591 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll"
sh=426DC93FA10D28CA6B93F851300026C0F58128C5 ft=1 fh=83535894ac5fb546 vn="a variant of MSIL/HackKMS.I potentially unsafe application (cleaned by deleting)" ac=C fn="C:\ProgramData\KMSAuto\KMSAuto Net.exe"
sh=1788775E01C6A73349BBC28708CD7227FC605E88 ft=1 fh=7b79c2527e515632 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\ProgramData\KMSAuto\bin\TunMirror.exe"
sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=5c5ffac21db3a4d7 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\ProgramData\KMSAuto\bin\TunMirror2.exe"
sh=E6566643A5B6632FBC46D810AABC2196A88C8342 ft=0 fh=0000000000000000 vn="JS/Bondat.AN worm (cleaned by deleting)" ac=C fn="C:\Users\jarek\AppData\Roaming\lnjbt\jdjucfy.js"
sh=E6566643A5B6632FBC46D810AABC2196A88C8342 ft=0 fh=0000000000000000 vn="JS/Bondat.AN worm (cleaned by deleting)" ac=C fn="C:\Users\jarek\AppData\Roaming\ohrakfvy\qutdnd.js"
sh=C705C0B0210EBDA6A3301C6CA9C6091B2EE11D5B ft=1 fh=7ec746d6559b765e vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\jarek\Downloads\ccsetup533.exe"
sh=3B6BDCA414A53DF7C8C5096B953C4DF87A1091C7 ft=1 fh=55ca6504931631dc vn="Win32/HackTool.WinActivator.I potentially unsafe application (cleaned by deleting)" ac=C fn="D:\Windows 7 Loader\Windows Loader\Windows Loader\Windows Loader.exe"

September 12, 2017

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2017.09.12.05
rootkit: v2017.08.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
jarek :: JAREK [administrator]

9/12/2017 8:46:34 PM
mbar-log-2017-09-12 (20-46-34).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
--------------------------------------------------------

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 4193456128, free: 1464090624

Downloaded database version: v2017.09.12.05
Downloaded database version: v2017.08.02.01
Downloaded database version: v2017.09.01.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
09/12/2017 20:46:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\BazisVirtualCDBus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\VSTAZL6.SYS
\SystemRoot\system32\DRIVERS\VSTDPV6.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\normaliz.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2017.09.12.05
rootkit: v2017.08.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c39060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c38410, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c39060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046c7060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AA0A7A18

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 1024000
Partition is bootable
Partition file system is NTFS

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1026048 Numsec = 214016000
Partition is not bootable
Partition file system is NTFS

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 215042048 Numsec = 410097664
Partition is not bootable
Partition file system is NTFS

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8005a58790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005a57b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005a58790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005a3eb60, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.83" is compressed (flags = 1)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1026048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-215042048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

September 10, 2017

Its been a while....And I still don't know if my laptop is clean or not

September 1, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by jarek (administrator) on JAREK (01-09-2017 21:27:10)
Running from C:\Users\jarek\Downloads
Loaded Profiles: jarek (Available Profiles: jarek)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() D:\Garena Plus\ggdllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() D:\Garena Plus\ggdllhost.exe
() D:\Garena Plus\GarenaMessenger.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Garena Plus\bbtalk\BBTalk.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\Run: [GarenaPlus] => D:\Garena Plus\GarenaMessenger.exe [9184272 2017-08-10] ()
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {00b85262-3cdd-11e7-b506-001f16da4c70} - V:\Install.exe
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {5e5660ef-8ec2-11e7-a081-001f16da4c70} - V:\Setup.exe
HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {67d08722-3772-11e7-ba21-001f16da4c70} - V:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{278E98EB-612A-4C27-851A-7A55D5B16E50}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - No CLSID Value
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: i2mie363.default
FF ProfilePath: C:\Users\jarek\AppData\Roaming\Mozilla\Firefox\Profiles\i2mie363.default [2017-09-01]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-12] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?p2=%5EB7N%5EYYYYYY%5EYY%5EPH&gct=hp&o=APN11293cr&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5EPH&tpid=CME-V7&apn_dbr=iexplore.exe_6_10.0.9200.16537&trgb=CR&apn_uid=6FC8EF5B-A7F5-4524-9574-3BC0A49BC51E&itbv=12.3.0.861&doi=2013-09-11&psv=barid%253D%257B33B8CB3A%252D1A7F%252D11E3%252DBE96%252D2C59E5A4AACA%257D%2526cargo%253DCME%252DV7%2526spr%253Da
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1399637750&from=amt&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-05 09:07:58&v=18.1.8.643&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-08-05 09:07:58&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.mystartsearch.com/?type=hp&ts=1443225501&z=9c851e1fe15cc700785b812g2zaz8c3o6oew0c5g1w&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxps://www.google.com/?trackid=sp-006","hxxp://www.mystartsearch.com/?type=hp&ts=1443434260&z=380852f09fa076ba0a3b0b7g7z1z2c3z7c4zee9q8t&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://www.mystartsearch.com/?type=hp&ts=1443522904&z=58b2ca7e4846b7f5a18c3fagdz3zcccwfo9o3wbzft&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default [2017-09-01]
CHR Extension: (Google Slides) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-12]
CHR Extension: (Google Docs) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-12]
CHR Extension: (Google Drive) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-12]
CHR Extension: (YouTube) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-12]
CHR Extension: (Google Sheets) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-12]
CHR Extension: (AdBlock) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [743616 2015-12-02] (@ByELDI) [File not signed]
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-01-20] (SHAREit Technologies Co.Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-01] (Malwarebytes)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys 09391BA416AA29682298A612FDFDD7B8
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 4FC8D35A60FD9D989AF412EA2AEDF8C0
C:\Program Files (x86)\BlueStacks\BstkDrv.sys 7DB8EE09821A6D81A19A6591C9B8AA3A
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MBAMSwissArmy.sys 94FCA94EE7937EA3ED75F39DE4C8E292
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D
C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692
C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-01 21:24 - 2017-09-01 21:24 - 000002105 _____ C:\Users\jarek\Downloads\Malwarebytes.txt
2017-09-01 21:16 - 2017-09-01 21:16 - 000002190 _____ C:\Users\jarek\Documents\Malware report.txt
2017-09-01 20:56 - 2017-09-01 21:20 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-01 20:56 - 2017-09-01 20:56 - 000035701 _____ C:\Users\jarek\Downloads\Shortcut.txt
2017-09-01 20:56 - 2017-09-01 20:56 - 000029169 _____ C:\Users\jarek\Downloads\Addition.txt
2017-09-01 20:56 - 2017-09-01 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-01 20:55 - 2017-09-01 21:27 - 000028421 _____ C:\Users\jarek\Downloads\FRST.txt
2017-09-01 20:55 - 2017-09-01 21:27 - 000000000 ____D C:\FRST
2017-09-01 20:48 - 2017-09-01 20:56 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-01 20:48 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-01 20:43 - 2017-09-01 20:46 - 066347240 _____ (Malwarebytes ) C:\Users\jarek\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-01 20:40 - 2017-09-01 20:43 - 002395648 _____ (Farbar) C:\Users\jarek\Downloads\FRST64.exe
2017-09-01 13:30 - 2017-09-01 13:30 - 000000000 _____ C:\autoexec.bat
2017-08-30 20:56 - 2017-08-30 21:01 - 000000000 ____D C:\Users\jarek\AppData\LocalLow\Mozilla
2017-08-30 20:51 - 2017-08-30 21:01 - 000000000 ____D C:\Users\jarek\AppData\Local\Mozilla
2017-08-30 20:51 - 2017-08-30 20:51 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-30 20:51 - 2017-08-30 20:51 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-30 20:51 - 2017-08-30 20:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-30 20:51 - 2017-08-30 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-30 20:39 - 2017-08-30 20:39 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Google
2017-08-23 19:34 - 2017-08-23 19:34 - 000220423 _____ C:\Users\jarek\Downloads\tf03895499.potx
2017-08-22 19:19 - 2017-08-22 19:44 - 541968498 _____ C:\Users\jarek\Downloads\SOCOM_US_Navy_SEALs_Fireteam_Bravo_2_USA_PSP-pSyPSP.rar
2017-08-20 19:29 - 2017-08-20 19:45 - 306190401 _____ C:\Users\jarek\Downloads\SOCOM_US_Navy_Seals_Fireteam_Bravo_USA_PSP-ARTiSAN.rar
2017-08-20 18:46 - 2017-09-01 21:16 - 000392630 _____ C:\Windows\ntbtlog.txt
2017-08-20 18:30 - 2017-08-20 18:31 - 000000000 ____D C:\Users\Public\Documents\GTA Vice City User Files
2017-08-20 18:26 - 2017-08-20 18:26 - 000002922 ____N C:\Windows\System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37}
2017-08-20 18:26 - 2017-08-20 18:26 - 000002922 ____N C:\Windows\System32\Tasks\{603B553D-3644-412E-A9AE-6006B763455F}
2017-08-20 18:14 - 2017-09-01 15:33 - 000000000 ____D C:\Users\jarek\Documents\GTA Vice City User Files
2017-08-20 08:30 - 2017-09-01 20:46 - 000000000 ___HD C:\Users\jarek\AppData\Roaming\ohrakfvy
2017-08-18 07:45 - 2017-08-18 07:45 - 000000000 ____D C:\Users\jarek\AppData\Local\ASHelper
2017-08-17 20:13 - 2017-08-17 20:13 - 000000000 ____D C:\Users\jarek\AppData\Local\ElevatedDiagnostics
2017-08-16 11:54 - 2017-08-16 11:54 - 3730374656 ____N C:\Users\jarek\Downloads\Call of Duty 3 (USA).iso
2017-08-16 09:42 - 2017-08-16 11:51 - 2480861087 _____ C:\Users\jarek\Downloads\Call of Duty 3 (USA).7z
2017-08-16 07:26 - 2017-08-16 07:26 - 001895923 _____ C:\Users\jarek\Downloads\Handouts.zip
2017-08-16 07:21 - 2017-08-20 18:56 - 000000000 ____D C:\Users\jarek\Documents\PCSX2
2017-08-15 21:18 - 2017-08-15 21:20 - 000000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2017-08-15 21:18 - 2017-08-15 21:18 - 000001939 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2017-08-15 21:18 - 2017-08-15 21:18 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-15 21:18 - 2017-08-15 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-08-15 21:16 - 2017-08-15 21:17 - 017837152 _____ C:\Users\jarek\Downloads\pcsx2-1.4.0-setup.exe
2017-08-14 19:41 - 2017-08-14 19:41 - 000739551 _____ C:\Users\jarek\Downloads\MODULE-special-products.pdf
2017-08-13 12:59 - 2017-08-13 13:08 - 000000000 ____D C:\Users\jarek\Documents\GTA3 User Files
2017-08-13 12:25 - 2017-08-13 12:25 - 000002926 ____N C:\Windows\System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD}
2017-08-13 12:25 - 2017-08-13 12:25 - 000002926 ____N C:\Windows\System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14}
2017-08-13 12:21 - 2017-08-13 12:21 - 000003226 ____N C:\Windows\System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413}
2017-08-12 18:28 - 2017-08-12 18:28 - 000000012 _____ C:\Users\jarek\Documents\aw.txt
2017-08-06 18:00 - 2017-08-06 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Vice City [Full]
2017-08-02 21:35 - 2017-08-05 11:12 - 000000000 ____D C:\Users\jarek\Downloads\Linkin Park
2017-07-28 23:38 - 2017-08-23 18:48 - 000000000 ____D C:\Users\jarek\Downloads\Games
2017-07-28 23:37 - 2017-08-16 20:24 - 000000000 ____D C:\Users\jarek\Downloads\UE
2017-07-26 18:21 - 2017-09-01 20:56 - 000000000 ____D C:\ProgramData\MALWAREBYTES
2017-07-26 18:15 - 2017-07-26 18:15 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-26 07:20 - 2017-07-26 07:23 - 000000000 ____D C:\Users\jarek\Downloads\SHAREit
2017-07-26 07:20 - 2017-07-26 07:20 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Umeng
2017-07-26 07:20 - 2017-07-26 07:20 - 000000000 ____D C:\Users\jarek\AppData\Local\SHAREit Technologies
2017-07-26 07:19 - 2017-07-26 07:19 - 000001206 _____ C:\Users\Public\Desktop\SHAREit.lnk
2017-07-26 07:19 - 2017-07-26 07:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2017-07-26 07:19 - 2017-07-26 07:19 - 000000000 ____D C:\Program Files (x86)\SHAREit Technologies
2017-07-25 14:42 - 2017-07-25 16:04 - 000000000 ____D C:\Users\jarek\AppData\Roaming\audacity
2017-07-25 14:42 - 2017-07-25 14:42 - 000000544 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-07-25 14:42 - 2017-07-25 14:42 - 000000544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-07-25 14:42 - 2017-07-25 14:42 - 000000000 ____D C:\Users\jarek\AppData\Local\Audacity
2017-07-24 13:42 - 2017-08-20 00:11 - 000000000 ____D C:\Users\jarek\AppData\Roaming\lnjbt
2017-07-23 10:24 - 2017-07-23 10:24 - 000000932 ____N C:\Users\jarek\Desktop\PPSSPP.lnk
2017-07-19 21:37 - 2017-07-19 21:42 - 000000000 ____D C:\Users\jarek\Documents\Biology
2017-07-03 16:41 - 2017-07-03 16:41 - 000000000 ____D C:\Windows\system32\appmgmt
2017-07-02 09:16 - 2017-07-02 09:16 - 000000000 ____D C:\Users\jarek\AppData\LocalLow\Critical Force
2017-07-02 08:52 - 2017-07-02 08:52 - 000000000 ____D C:\Users\Public\Facebook Games
2017-06-30 20:12 - 2017-07-03 16:41 - 000000000 ____D C:\Users\jarek\AppData\Local\Facebook
2017-06-24 09:27 - 2017-08-23 18:47 - 000000000 ____D C:\Users\jarek\Documents\PPSSPP
2017-06-24 09:27 - 2017-06-24 09:27 - 000000547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPSSPP.lnk
2017-06-20 18:02 - 2017-06-20 18:02 - 000000000 ____D C:\Users\jarek\Documents\Custom Office Templates
2017-06-17 09:44 - 2017-08-26 16:18 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForjarek.job
2017-06-17 09:44 - 2017-08-26 11:03 - 000003186 ____N C:\Windows\System32\Tasks\HPCeeScheduleForjarek
2017-06-17 09:44 - 2017-06-17 09:44 - 000000000 ____D C:\Users\jarek\AppData\Local\HP_Inc

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-01 21:26 - 2009-07-14 12:45 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-01 21:26 - 2009-07-14 12:45 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-01 21:22 - 2017-05-12 15:44 - 000000000 ____D C:\Users\jarek\AppData\Roaming\GarenaPlus
2017-09-01 21:22 - 2017-05-12 15:44 - 000000000 ____D C:\ProgramData\GarenaMessenger
2017-09-01 21:20 - 2017-05-20 05:50 - 000003356 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2017-09-01 21:20 - 2017-05-12 16:31 - 000002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-01 21:20 - 2017-05-12 15:36 - 000000000 ____D C:\Program Files\KMSpico
2017-09-01 21:20 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-01 13:50 - 2017-05-20 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-09-01 13:50 - 2017-05-12 15:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-01 12:55 - 2009-07-14 13:13 - 000781298 ____N C:\Windows\system32\PerfStringBackup.INI
2017-09-01 12:55 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-08-30 20:56 - 2017-05-13 20:12 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Mozilla
2017-08-30 20:36 - 2017-05-13 19:58 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-08-27 21:01 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-26 12:07 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\rescache
2017-08-26 09:39 - 2017-05-12 14:28 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-26 09:39 - 2017-05-12 14:28 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-17 20:15 - 2017-05-12 14:25 - 000000000 ____D C:\Users\jarek
2017-08-17 20:14 - 2017-05-21 12:32 - 000000000 ____D C:\Windows\Minidump
2017-08-17 20:14 - 2017-05-12 14:44 - 000000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-08-17 20:14 - 2017-05-12 14:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-17 20:14 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2017-08-15 21:19 - 2017-05-13 12:40 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-08-13 12:59 - 2017-05-20 19:41 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-08-08 19:59 - 2017-05-12 16:28 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 19:59 - 2017-05-12 16:28 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 19:59 - 2017-05-12 16:28 - 000004480 ____N C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 19:59 - 2017-05-12 16:28 - 000004324 ____N C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-08 19:59 - 2017-05-12 16:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-08 19:59 - 2017-05-12 16:28 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-06 18:01 - 2017-05-12 14:26 - 000000000 ____D C:\Users\jarek\AppData\Local\VirtualStore

Some files in TEMP:
====================
2017-08-13 12:38 - 2017-08-13 12:39 - 007850088 _____ (Microsoft Corporation) C:\Users\jarek\AppData\Local\Temp\BingBarSetup-Partner.exe
2017-07-13 18:45 - 2017-07-13 18:45 - 000460984 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170629to20170712.exe
2017-07-14 20:11 - 2017-07-14 20:11 - 000455912 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170712to20170714.exe
2017-07-27 10:01 - 2017-07-27 10:01 - 000462544 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170714to20170727_1.exe
2017-08-10 17:23 - 2017-08-10 17:23 - 000461432 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170727to20170810_2.exe
2017-08-24 19:19 - 2017-08-24 19:20 - 000465712 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170810to20170824.exe