Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by nikodem (administrator) on MISTPC (09-09-2017 17:16:17) Running from C:\Users\nikodem\Downloads Loaded Profiles: nikodem (Available Profiles: nikodem) Platform: Windows 8.1 Pro (Update) (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\LogonScreenService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Flux Software LLC) C:\Users\nikodem\AppData\Local\FluxSoftware\Flux\flux.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Spotify Ltd) C:\Users\nikodem\AppData\Roaming\Spotify\SpotifyWebHelper.exe (ShareX Team) C:\Program Files\ShareX\ShareX.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe (Slack Technologies) C:\Users\nikodem\AppData\Local\slack\app-2.7.1\slack.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Slack Technologies) C:\Users\nikodem\AppData\Local\slack\app-2.7.1\slack.exe (Slack Technologies) C:\Users\nikodem\AppData\Local\slack\app-2.7.1\slack.exe (Slack Technologies) C:\Users\nikodem\AppData\Local\slack\app-2.7.1\slack.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Slack Technologies) C:\Users\nikodem\AppData\Local\slack\app-2.7.1\slack.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Slack Technologies) C:\Users\nikodem\AppData\Local\slack\app-2.7.1\slack.exe (Slack Technologies) C:\Users\nikodem\AppData\Local\slack\app-2.7.1\slack.exe (BattlEye Innovations) C:\Users\nikodem\AppData\Local\Tibia\packages\Tibia\bin\client_launcher.exe () C:\Program Files (x86)\Common Files\BattlEye\BEService.exe () C:\Users\nikodem\AppData\Local\Tibia\packages\Tibia\bin\client.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated) HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [136992 2015-07-11] (Intel Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd) HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [f.lux] => C:\Users\nikodem\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [Spotify Web Helper] => C:\Users\nikodem\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-06-10] (Spotify Ltd) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [Spotify] => C:\Users\nikodem\AppData\Roaming\Spotify\Spotify.exe [6949488 2017-06-10] (Spotify Ltd) HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\...\Run: [com.squirrel.slack.slack] => "C:\Users\nikodem\AppData\Local\slack\Update.exe" --processStart "slack.exe" --process-start-args "--startup" IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe Startup: C:\Users\nikodem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-08-11] ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) Startup: C:\Users\nikodem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XenoSuite.lnk [2017-07-31] ShortcutTarget: XenoSuite.lnk -> C:\Program Files (x86)\XenoBot\XenoSuite.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 217.113.224.36 217.113.224.134 Tcpip\..\Interfaces\{14FAD402-FD83-4163-980F-12328FA0C01D}: [DhcpNameServer] 217.113.224.36 217.113.224.134 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-01] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-01] (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07] (Microsoft Corporation) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab FireFox: ======== FF DefaultProfile: x5pju775.default FF ProfilePath: C:\Users\nikodem\AppData\Roaming\Mozilla\Firefox\Profiles\x5pju775.default [2017-09-09] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-01] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-01] (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-2243841881-2731580477-2253573762-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nikodem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-02] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpGvurF9zzOIyDLu5uOmkinzBq1bnef-187MIGsU70JH1D5wQ8I1HPbbgiU8eHg-HfpJ0HIqMd_gZGn8-WAp3VhEmC5jRDLM2fUkqlmJ-GJD9msztx10H29dePQibZsKT_lE7bwv8xRM_Zb83FdFuNYrCecXQcI, CHR StartupUrls: Default -> "hxxp://www.istartpageing.com/?type=hp&ts=1451928047&z=4d8f4b76957462447566824gbz9wag6t3o7b1eaz9m&from=cor&uid=st250dm000-1bd141_5vy93k1pxxxx5vy93k1p" CHR NewTab: Default -> Active:"chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html" CHR DefaultSearchURL: Default -> hxxps://d78fikflryjgj.cloudfront.net/images/ios/8de2074e8a785dd5d498f8f956267478/apple-touch-icon-precomposed.png CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default [2017-09-09] CHR Extension: (Postman Interceptor) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicmkgpgakddgnaphhhpliifpcfhicfo [2017-07-07] CHR Extension: (Dysk Google) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-04] CHR Extension: (YouTube) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04] CHR Extension: (Slinky Elegancki) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2017-09-09] CHR Extension: (Adblock Plus) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12] CHR Extension: (Google Search) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-04] CHR Extension: (Video Downloader professional) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-03] CHR Extension: (Postman) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-09-01] CHR Extension: (AdBlock) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-10] CHR Extension: (Mistgun Scripts) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijaagjohabaehjbebmlilbijlladjad [2016-07-05] CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2017-08-27] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-06-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-04] CHR Extension: (Chrome Media Router) - C:\Users\nikodem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09] CHR HKU\S-1-5-21-2243841881-2731580477-2253573762-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 amm_LSService; C:\Program Files (x86)\Actual Multiple Monitors\LogonScreenService.exe [95768 2016-03-31] (Actual Tools) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-21] () S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-05-15] (Microsoft Corporation) S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-05-21] (EasyAntiCheat Ltd) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-27] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2157456 2017-06-17] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3127192 2017-06-17] (Electronic Arts) R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [1493224 2016-02-18] () R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-06-29] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-06-29] () S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed] S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2016-10-13] (Microsoft Corporation) S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 ksaud; C:\Windows\system32\drivers\ksaud.sys [1588480 2013-04-08] (Creative Technology Ltd.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation) R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-10-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-09 16:57 - 2017-09-09 16:59 - 000016537 _____ C:\Users\nikodem\Downloads\Fixlog.txt 2017-09-07 13:59 - 2017-09-07 14:04 - 000000000 ____D C:\KVRT_Data 2017-09-07 13:38 - 2017-09-07 13:38 - 128273848 _____ (Kaspersky Lab ZAO) C:\Users\nikodem\Downloads\KVRT.exe 2017-09-06 23:17 - 2017-09-09 17:16 - 000022107 _____ C:\Users\nikodem\Downloads\FRST.txt 2017-09-06 22:48 - 2017-09-09 17:16 - 000000000 ____D C:\FRST 2017-09-06 22:47 - 2017-09-06 22:47 - 002395648 _____ (Farbar) C:\Users\nikodem\Downloads\FRST64.exe 2017-09-05 14:05 - 2017-08-02 05:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-09-05 14:05 - 2017-07-21 15:40 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll 2017-09-05 14:05 - 2017-07-21 15:40 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll 2017-09-05 14:05 - 2017-07-15 12:10 - 000536688 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2017-09-05 14:05 - 2017-07-15 12:10 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2017-09-05 14:05 - 2017-07-15 12:06 - 000449840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2017-09-05 14:05 - 2017-07-15 12:06 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2017-09-05 14:05 - 2017-07-14 22:08 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2017-09-05 14:05 - 2017-07-14 20:44 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2017-09-05 14:05 - 2017-07-14 08:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-09-05 14:05 - 2017-07-14 08:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-09-05 14:05 - 2017-07-14 08:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-09-05 14:05 - 2017-07-14 07:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-09-05 14:05 - 2017-07-14 07:26 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-09-05 14:05 - 2017-07-14 07:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-09-05 14:05 - 2017-07-14 06:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-09-05 14:05 - 2017-07-14 06:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-09-05 14:05 - 2017-07-14 06:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-09-05 14:05 - 2017-07-14 05:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-09-05 14:05 - 2017-07-14 04:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-09-05 14:05 - 2017-07-14 04:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-09-05 14:05 - 2017-07-14 04:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-09-05 14:05 - 2017-07-14 04:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-09-05 14:05 - 2017-07-14 04:17 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2017-09-05 14:05 - 2017-07-14 04:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-09-05 14:05 - 2017-07-14 04:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-09-05 14:05 - 2017-07-14 03:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-09-05 14:05 - 2017-07-14 03:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-09-05 14:05 - 2017-07-14 03:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-09-05 14:05 - 2017-07-08 22:14 - 000376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2017-09-05 14:05 - 2017-07-08 21:12 - 004169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-09-05 14:05 - 2017-07-08 21:10 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys 2017-09-05 14:05 - 2017-07-08 19:45 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2017-09-05 14:05 - 2017-07-08 19:29 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\vid.dll 2017-09-05 14:05 - 2017-07-08 19:05 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-09-05 14:05 - 2017-07-08 18:39 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2017-09-05 14:05 - 2017-07-08 18:37 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-09-05 14:05 - 2017-07-08 18:23 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-09-05 14:05 - 2017-07-08 17:59 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-09-05 14:05 - 2017-07-08 05:46 - 000377688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys 2017-09-05 14:05 - 2017-07-08 05:16 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-09-05 14:05 - 2017-07-08 05:16 - 001674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2017-09-05 14:05 - 2017-07-08 05:16 - 001534072 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2017-09-05 14:05 - 2017-07-08 05:16 - 001499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2017-09-05 14:05 - 2017-07-08 05:16 - 001370328 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2017-09-05 14:05 - 2017-07-08 05:16 - 000086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2017-09-05 14:05 - 2017-07-01 15:47 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-09-05 14:05 - 2017-07-01 15:47 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll 2017-09-05 14:05 - 2017-06-24 18:46 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll 2017-09-05 14:05 - 2017-06-24 18:16 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll 2017-09-05 14:05 - 2017-06-16 00:02 - 000990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2017-09-05 14:05 - 2017-06-15 16:17 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-09-05 14:05 - 2017-06-15 16:16 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-09-05 14:05 - 2017-06-15 16:14 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll 2017-09-05 14:05 - 2017-06-15 16:14 - 000580608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll 2017-09-05 14:05 - 2017-06-13 19:51 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-09-05 14:05 - 2017-06-13 19:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2017-09-05 14:05 - 2017-06-13 19:19 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll 2017-09-05 14:05 - 2017-06-13 19:16 - 000024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll 2017-09-05 14:05 - 2017-06-13 19:11 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2017-09-05 14:05 - 2017-06-13 19:07 - 000304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll 2017-09-05 14:05 - 2017-06-13 16:17 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2017-09-05 14:05 - 2017-06-13 16:16 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2017-09-05 14:05 - 2017-06-13 11:47 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2017-09-05 14:05 - 2017-06-13 11:09 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-09-05 14:05 - 2017-06-13 10:22 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-09-05 14:05 - 2017-06-13 10:16 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2017-09-05 14:05 - 2017-06-13 10:10 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll 2017-09-05 14:05 - 2017-06-13 10:07 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll 2017-09-05 14:05 - 2017-06-13 10:03 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2017-09-05 14:05 - 2017-06-13 09:54 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2017-09-05 14:05 - 2017-06-13 09:50 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2017-09-05 14:05 - 2017-06-12 02:14 - 000276320 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2017-09-05 14:05 - 2017-06-12 00:21 - 000590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll 2017-09-05 14:05 - 2017-06-11 23:43 - 000371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe 2017-09-05 14:05 - 2017-06-11 23:25 - 000478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll 2017-09-05 14:05 - 2017-06-11 23:15 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2017-09-05 14:05 - 2017-06-11 23:08 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2017-09-05 14:05 - 2017-06-11 23:07 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx 2017-09-05 14:05 - 2017-06-11 23:00 - 000962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-09-05 14:05 - 2017-06-11 22:58 - 000334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe 2017-09-05 14:05 - 2017-06-11 22:40 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2017-09-05 14:05 - 2017-06-11 22:35 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2017-09-05 14:05 - 2017-06-11 22:31 - 000781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-09-05 14:05 - 2017-06-11 22:13 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll 2017-09-05 14:05 - 2017-06-11 22:11 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll 2017-09-05 14:05 - 2017-06-11 22:02 - 002778112 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2017-09-05 14:05 - 2017-06-11 22:02 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll 2017-09-05 14:05 - 2017-06-11 21:52 - 002463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2017-09-05 14:05 - 2017-06-11 17:15 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-09-05 14:05 - 2017-06-09 15:47 - 000448629 _____ C:\Windows\system32\ApnDatabase.xml 2017-09-05 14:05 - 2017-06-08 19:01 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-09-05 14:05 - 2017-06-08 19:01 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-09-05 14:05 - 2017-06-08 03:48 - 002457936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-09-05 14:05 - 2017-06-07 06:25 - 000428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2017-09-05 14:05 - 2017-06-06 22:52 - 003120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2017-09-05 14:05 - 2017-06-06 22:42 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe 2017-09-05 14:05 - 2017-06-06 22:38 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll 2017-09-05 14:05 - 2017-06-06 22:36 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll 2017-09-05 14:05 - 2017-06-06 22:36 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe 2017-09-05 14:05 - 2017-06-06 22:35 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll 2017-09-05 14:05 - 2017-06-06 21:13 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll 2017-09-05 14:05 - 2017-06-06 21:11 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2017-09-05 14:05 - 2017-06-06 21:11 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll 2017-09-05 14:05 - 2017-06-06 21:11 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll 2017-09-05 14:05 - 2017-06-06 21:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll 2017-09-05 14:05 - 2017-06-06 21:08 - 002712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2017-09-05 14:05 - 2017-06-06 21:03 - 000837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe 2017-09-05 14:05 - 2017-06-06 20:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll 2017-09-05 14:05 - 2017-06-06 20:57 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll 2017-09-05 14:05 - 2017-06-06 20:56 - 000375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll 2017-09-05 14:05 - 2017-06-06 20:38 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2017-09-05 14:05 - 2017-06-06 20:03 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll 2017-09-05 14:05 - 2017-06-06 20:02 - 000513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2017-09-05 14:05 - 2017-06-06 20:02 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll 2017-09-05 14:05 - 2017-06-06 20:02 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll 2017-09-05 14:05 - 2017-06-06 20:02 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll 2017-09-05 14:05 - 2017-06-06 19:44 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2017-09-05 14:05 - 2017-06-03 18:27 - 002346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2017-09-05 14:05 - 2017-06-03 18:03 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2017-09-05 14:05 - 2017-05-31 23:20 - 000470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2017-09-05 14:05 - 2017-05-27 18:42 - 001115136 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2017-09-05 14:05 - 2017-05-27 18:38 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll 2017-09-05 14:05 - 2017-05-16 00:09 - 000057688 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys 2017-09-05 14:05 - 2017-05-15 22:03 - 000379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2017-09-05 14:05 - 2017-05-09 16:37 - 000658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2017-09-05 14:05 - 2017-05-09 16:35 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2017-09-05 14:05 - 2017-05-09 16:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll 2017-09-05 14:05 - 2017-05-09 16:29 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe 2017-09-05 14:05 - 2017-05-09 16:28 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll 2017-09-05 14:05 - 2017-05-09 16:28 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll 2017-09-05 14:05 - 2017-05-02 22:09 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-09-05 14:05 - 2017-05-02 22:08 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-09-05 14:05 - 2017-05-02 22:08 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-09-05 14:05 - 2017-05-02 20:41 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll 2017-09-05 14:05 - 2017-05-02 20:31 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2017-09-05 14:05 - 2017-05-02 20:31 - 000207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll 2017-09-05 14:05 - 2017-05-02 19:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll 2017-09-05 14:05 - 2017-04-30 18:48 - 000080078 _____ C:\Windows\system32\normidna.nls 2017-09-05 14:05 - 2017-04-28 03:13 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2017-09-05 14:05 - 2017-04-28 03:11 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2017-09-05 14:05 - 2016-05-18 23:54 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2017-09-05 14:05 - 2016-05-18 23:15 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2017-09-04 20:07 - 2017-09-04 20:07 - 000036792 _____ C:\Users\nikodem\Documents\cc_20170904_200721.reg 2017-08-28 17:08 - 2017-08-27 20:38 - 000001507 _____ C:\Users\nikodem\Desktop\Visual Studio 2017.lnk 2017-08-27 21:23 - 2017-08-27 21:23 - 000000000 ____D C:\ProgramData\Windows App Certification Kit 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\3082 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\2052 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1055 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1049 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1046 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1045 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1042 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1041 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1040 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1036 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1031 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1029 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\SysWOW64\1028 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\3082 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\2052 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1055 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1049 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1046 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1045 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1042 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1041 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1040 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1036 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1031 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1029 2017-08-27 21:01 - 2017-08-27 21:27 - 000000000 ____D C:\Windows\system32\1028 2017-08-27 21:01 - 2017-08-27 21:02 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools 2017-08-27 20:54 - 2017-08-27 20:54 - 000001714 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk 2017-08-27 20:49 - 2017-08-27 20:49 - 000000000 ____D C:\Users\nikodem\AppData\Local\.IdentityService 2017-08-27 20:39 - 2017-09-05 12:51 - 000000000 ____D C:\Users\nikodem\Documents\Visual Studio 2017 2017-08-27 20:39 - 2017-08-27 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 2017-08-27 20:38 - 2017-08-27 20:38 - 000001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk 2017-08-27 20:34 - 2017-08-27 21:13 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\Visual Studio Setup 2017-08-27 20:34 - 2017-08-27 21:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2017-08-27 20:34 - 2017-08-27 20:34 - 000001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2017-08-27 20:34 - 2017-08-27 20:34 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\vstelemetry 2017-08-27 20:34 - 2017-08-27 20:34 - 000000000 ____D C:\Users\nikodem\AppData\Local\ServiceHub 2017-08-25 22:49 - 2017-08-25 22:51 - 000000000 ____D C:\Users\nikodem\Downloads\Santigold-Master Of My Make Believe (2012) 320Kbit(mp3) DMT 2017-08-25 22:49 - 2017-08-25 22:50 - 000000000 ____D C:\Users\nikodem\Downloads\Santigold - Master of My Make-Believe {2012-Album}[NL] 2017-08-13 14:07 - 2017-08-13 14:07 - 005207101 _____ C:\Users\nikodem\Downloads\Codzienna dawka czarnego humoru - strona 13065 - Sadisticpl.mp4 2017-08-11 14:48 - 2017-08-11 14:48 - 000183658 _____ C:\Users\nikodem\Downloads\przelew (2).pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-09 17:05 - 2016-06-14 19:01 - 000000000 ___RD C:\Users\nikodem\Dysk Google 2017-09-09 17:05 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF 2017-09-09 17:04 - 2016-10-29 21:54 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-09 17:02 - 2016-10-11 23:36 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\Slack 2017-09-09 17:01 - 2015-06-27 12:54 - 000000008 __RSH C:\ProgramData\ntuser.pol 2017-09-09 17:01 - 2015-05-15 19:18 - 000000000 __RDO C:\Users\nikodem\SkyDrive 2017-09-09 17:00 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-09 16:59 - 2016-10-08 22:27 - 000000000 ____D C:\Users\nikodem\AppData\LocalLow\Temp 2017-09-09 16:57 - 2016-12-04 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena 2017-09-09 16:57 - 2015-07-21 14:35 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Gothic 2017-09-09 16:57 - 2015-07-13 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic II 2017-09-09 16:57 - 2015-05-17 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WindBot 2017-09-09 16:57 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-09-09 16:57 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2017-09-09 16:40 - 2015-05-15 22:05 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\TS3Client 2017-09-09 16:07 - 2016-07-10 22:41 - 000000000 ____D C:\Users\nikodem\Documents\ShareX 2017-09-09 12:17 - 2015-05-16 12:40 - 000003984 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5595DAA8-2F69-497A-8036-BFDAD7778823} 2017-09-09 12:17 - 2015-05-15 22:51 - 000000000 ____D C:\Users\nikodem\AppData\Local\Adobe 2017-09-09 12:14 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness 2017-09-09 00:36 - 2015-06-04 15:36 - 000000000 ____D C:\Program Files (x86)\Steam 2017-09-08 21:47 - 2015-05-20 19:59 - 011654144 ___SH C:\Users\nikodem\Downloads\Thumbs.db 2017-09-08 18:54 - 2016-07-06 21:51 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\obs-studio 2017-09-08 15:43 - 2016-06-09 15:07 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\AIMP 2017-09-07 19:51 - 2016-09-08 18:18 - 000072208 _____ C:\Users\nikodem\Documents\windbot.sublime-workspace 2017-09-07 16:21 - 2015-08-10 13:04 - 000000000 ____D C:\Users\nikodem\AppData\Local\CrashDumps 2017-09-07 15:57 - 2013-08-22 16:44 - 005148984 _____ C:\Windows\system32\FNTCACHE.DAT 2017-09-07 15:56 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2017-09-07 15:54 - 2017-05-19 14:22 - 000000000 ____D C:\otserv 2017-09-07 02:35 - 2015-05-15 21:58 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\Skype 2017-09-06 20:27 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache 2017-09-06 14:02 - 2015-05-15 19:22 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2243841881-2731580477-2253573762-1001 2017-09-05 21:23 - 2016-07-11 20:21 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\TeamViewer 2017-09-05 21:23 - 2015-08-30 20:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-09-05 16:21 - 2015-07-24 19:16 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-05 16:21 - 2015-07-24 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-09-05 16:21 - 2015-07-24 19:15 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-09-05 14:31 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2017-09-05 14:09 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp 2017-09-05 14:08 - 2015-05-17 11:59 - 000000000 ____D C:\Windows\system32\MRT 2017-09-05 14:06 - 2015-05-17 11:59 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-09-05 13:55 - 2015-05-15 23:13 - 000000000 ____D C:\Program Files\Cheat Engine 6.4 2017-09-05 13:16 - 2015-12-05 23:29 - 000003884 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449350943 2017-09-05 13:16 - 2015-12-05 23:28 - 000000000 ____D C:\Program Files (x86)\Opera 2017-09-05 13:15 - 2016-12-07 18:49 - 000000000 ____D C:\Users\nikodem\AppData\Local\Tibia 2017-09-04 20:05 - 2015-05-15 20:32 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\uTorrent 2017-09-02 16:10 - 2016-01-10 19:56 - 000000000 ____D C:\Users\nikodem\Desktop\Tools 2017-08-31 20:30 - 2015-08-19 18:45 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-28 22:14 - 2015-05-15 19:20 - 000002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-27 22:38 - 2017-01-15 22:41 - 000000000 ____D C:\Users\nikodem\Source 2017-08-27 22:15 - 2015-06-06 13:53 - 000000000 ____D C:\thirdparty 2017-08-27 21:32 - 2015-05-15 20:13 - 000903380 _____ C:\Windows\system32\perfh015.dat 2017-08-27 21:32 - 2015-05-15 20:13 - 000203630 _____ C:\Windows\system32\perfc015.dat 2017-08-27 21:28 - 2015-05-15 22:27 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-27 21:27 - 2015-05-15 22:30 - 000000000 ____D C:\Windows\SysWOW64\1033 2017-08-27 21:27 - 2015-05-15 22:28 - 000000000 ____D C:\Windows\system32\1033 2017-08-27 21:23 - 2015-05-15 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2017-08-27 21:23 - 2015-05-15 22:36 - 000000000 ____D C:\Program Files\Application Verifier 2017-08-27 21:23 - 2015-05-15 22:36 - 000000000 ____D C:\Program Files (x86)\Application Verifier 2017-08-27 21:12 - 2015-05-15 22:42 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\NuGet 2017-08-27 21:01 - 2015-05-15 22:28 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2017-08-27 21:00 - 2015-05-15 22:33 - 000000000 ____D C:\Program Files (x86)\NuGet 2017-08-27 20:57 - 2015-05-15 22:30 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2017-08-27 20:39 - 2015-05-15 21:47 - 000000000 ____D C:\Program Files (x86)\MSBuild 2017-08-27 20:34 - 2016-10-08 22:10 - 000000000 ____D C:\Users\nikodem\Documents\Visual Studio 2015 2017-08-22 17:15 - 2016-06-14 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2017-08-20 19:52 - 2015-05-15 21:46 - 000000000 ____D C:\Users\nikodem\AppData\Local\TeamSpeak 3 Client 2017-08-18 16:26 - 2017-02-12 01:29 - 000000000 ____D C:\Users\nikodem\Documents\MediviaBotter 2017-08-18 12:39 - 2016-10-11 23:36 - 000000000 ____D C:\Users\nikodem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies 2017-08-18 12:39 - 2016-10-11 23:35 - 000000000 ____D C:\Users\nikodem\AppData\Local\slack 2017-08-18 12:39 - 2015-09-26 22:31 - 000000000 ____D C:\Users\nikodem\AppData\Local\SquirrelTemp 2017-08-11 12:53 - 2016-07-10 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX 2017-08-11 12:53 - 2016-07-10 22:41 - 000000000 ____D C:\Program Files\ShareX 2017-08-10 00:01 - 2015-08-19 18:45 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2015-05-20 19:59 - 2016-11-01 00:49 - 000000132 _____ () C:\Users\nikodem\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe 2016-01-03 17:32 - 2016-01-03 17:32 - 000000047 _____ () C:\Users\nikodem\AppData\Roaming\WB.CFG 2016-03-07 12:26 - 2016-03-07 18:08 - 000001496 _____ () C:\Users\nikodem\AppData\Local\Adobe Zapisz dla Internetu 13.0 Prefs 2016-03-07 19:01 - 2017-01-10 19:19 - 000000600 _____ () C:\Users\nikodem\AppData\Local\PUTTY.RND 2015-10-21 17:32 - 2015-10-21 17:32 - 000002293 _____ () C:\Users\nikodem\AppData\Local\recently-used.xbel 2015-05-21 20:54 - 2016-10-11 23:48 - 000007609 _____ () C:\Users\nikodem\AppData\Local\Resmon.ResmonCfg 2016-03-11 20:34 - 2010-06-29 09:04 - 000001772 _____ () C:\ProgramData\cfSB1095.ini 2016-03-11 20:34 - 2013-04-03 06:50 - 000001772 _____ () C:\ProgramData\cfSB1095A.ini 2016-12-20 14:08 - 2017-01-22 21:35 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log 2016-12-20 14:08 - 2017-01-19 03:40 - 011200463 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 Files to move or delete: ==================== C:\Users\nikodem\policy.2.0.taglib-sharp.dll C:\Users\nikodem\taglib-sharp.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-01 18:20 ==================== End of FRST.txt ============================