Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2018 Ran by janek (administrator) on DESKTOP-L0T2OMH (28-02-2018 20:59:38) Running from C:\Users\janek\Desktop Loaded Profiles: janek (Available Profiles: janek) Platform: Windows 10 Home Version 1511 10586.218 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files\KIANO USB modem\WCDMA_Eject.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (LULU Software Limited) C:\Program Files (x86)\Soda PDF Desktop Manager\Soda PDF Desktop\Soda Manager.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Solid Documents, LLC) C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe (© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (LULU Software) C:\Program Files\Soda PDF Desktop\creator\common\creator-ws.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (McAfee, Inc.) C:\Program Files\mcafee\VUL\McVulCtr.exe (Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe (AMD) C:\Windows\System32\atieclxx.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\mcsync.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\WssNgmAmbassador\WssNgmAmbassador.exe (Farbar) C:\Users\janek\Desktop\FRST64(1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5753112 2015-05-05] (Dell Inc.) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-01-30] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [161336 2017-08-16] (BlueStack Systems, Inc.) HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net) HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd) HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\MountPoints2: {0106dad9-5733-11e5-9bc2-806e6f6e6963} - "D:\Autorun.exe" HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\MountPoints2: {4fb681b4-1ab0-11e6-9bda-4cbb58f143b7} - "I:\Setup.exe" HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\MountPoints2: {851463ae-f817-11e5-9bd1-4cbb58f143b7} - "E:\_AUTORUN\AUTORUN.EXE" HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\MountPoints2: {851463c1-f817-11e5-9bd1-4cbb58f143b7} - "G:\_AUTORUN\AUTORUN.EXE" HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0 Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 Tcpip\..\Interfaces\{0d424083-b2ac-40a3-83ad-559e55e71d31}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2b6ee96f-2f85-4547-8d21-05279ec708d6}: [DhcpNameServer] 192.168.1.20 Internet Explorer: ================== HKU\S-1-5-21-1608297646-3217866677-88377970-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ SearchScopes: HKU\S-1-5-21-1608297646-3217866677-88377970-1002 -> DefaultScope {3A23CA94-BD84-4AAE-ADBC-1CD741400ED2} URL = SearchScopes: HKU\S-1-5-21-1608297646-3217866677-88377970-1002 -> {3A23CA94-BD84-4AAE-ADBC-1CD741400ED2} URL = SearchScopes: HKU\S-1-5-21-1608297646-3217866677-88377970-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10041_spdf_all_organic_all_all_all_all_170819__yaie&p={searchTerms} BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-04-14] (Oracle Corporation) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-04-14] (Oracle Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security) BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation) BHO-x32: Soda PDF Desktop Helper -> {A2792EEC-6618-4C4C-8ECF-B51ECB5DC2A1} -> C:\Program Files (x86)\Soda PDF Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2017-08-02] (LULU Software) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security) Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH) Toolbar: HKLM-x32 - Soda PDF Desktop Toolbar - {D53D09FE-B1AC-4EE8-AE26-FD43D8B4B62F} - C:\Program Files (x86)\Soda PDF Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2017-08-02] (LULU Software) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-12-21] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-12-21] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: qq8asgdw.default FF ProfilePath: C:\Users\janek\AppData\Roaming\Mozilla\Firefox\Profiles\qq8asgdw.default [2018-02-28] FF Homepage: Mozilla\Firefox\Profiles\qq8asgdw.default -> about:home FF NewTab: Mozilla\Firefox\Profiles\qq8asgdw.default -> hxxps://pl.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10041_spdf_all_organic_all_all_all_all_170819__yaff FF NewTabOverride: Mozilla\Firefox\Profiles\qq8asgdw.default -> Enabled: uBlock0@raymondhill.net FF Extension: (Avira Browser Safety) - C:\Users\janek\AppData\Roaming\Mozilla\Firefox\Profiles\qq8asgdw.default\Extensions\abs@avira.com.xpi [2017-12-13] FF Extension: (uBlock Origin) - C:\Users\janek\AppData\Roaming\Mozilla\Firefox\Profiles\qq8asgdw.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-20] FF SearchPlugin: C:\Users\janek\AppData\Roaming\Mozilla\Firefox\Profiles\qq8asgdw.default\searchplugins\yahoo-lavasoft.xml [2017-08-19] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-08-28] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-02-12] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-15] () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-04-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-15] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH) FF Plugin-x32: Soda PDF Desktop -> C:\Program Files (x86)\Soda PDF Desktop\np-previewer.dll [2017-08-02] (LULU Software) Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-07] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-07] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-16] () [File not signed] R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-16] (Advanced Micro Devices, Inc.) [File not signed] S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-16] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [325600 2016-05-20] (Windows (R) Win 7 DDK provider) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [445112 2018-01-30] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-04-16] () S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-08-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-16] (BlueStack Systems, Inc.) R2 CDROM_Detect; C:\Program Files\KIANO USB modem\WCDMA_Eject.exe [325632 2013-08-15] () [File not signed] U3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (Intel Security) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.) S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-20] (McAfee, Inc.) R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-04] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Microsoft) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH) S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH) R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH) R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.) R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-15] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor) S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2712824 2017-08-02] (LULU Software) R2 Soda PDF Desktop Creator; C:\Program Files\Soda PDF Desktop\creator\common\creator-ws.exe [756992 2017-08-02] (LULU Software) R2 Soda PDF Desktop Manager; C:\Program Files (x86)\Soda PDF Desktop Manager\Soda PDF Desktop\Soda Manager.exe [961568 2017-06-23] (LULU Software Limited) R2 SPDFCreatorReadSpool; C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe [193832 2014-06-03] (Solid Documents, LLC) R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [25736 2016-05-02] (Avira Operations GmbH & Co. KG) R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60432 2015-06-24] (Advanced Micro Devices, Inc.) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-09-21] (McAfee, Inc.) S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-09-21] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-09-21] (McAfee, Inc.) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [18968 2015-05-12] (Advanced Micro Devices, INC.) R3 AmdGpio2; C:\WINDOWS\System32\drivers\AmdGpio2.sys [26136 2015-05-13] (Advanced Micro Devices, INC.) R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [40984 2015-05-12] (Advanced Micro Devices, INC.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2016-03-08] (Advanced Micro Devices, Inc.) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-24] (Advanced Micro Devices, Inc. ) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2015-06-24] (Advanced Micro Devices, Inc. ) R3 amduart; C:\WINDOWS\System32\drivers\amduart.sys [76304 2015-05-12] (Advanced Micro Devices, INC.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4317112 2016-05-27] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-29] (Advanced Micro Devices) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2016-05-13] () R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-18] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2017-12-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-02-08] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. ) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S3 CT_QUALCOMM_U_drv; C:\WINDOWS\system32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-04-03] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-03] (Disc Soft Ltd) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [File not signed] R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2016-05-13] () R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation) S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [27440 2016-12-30] () [File not signed] R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [211704 2018-01-15] (Oracle Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-28 21:02 - 2018-02-28 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2018-02-28 20:59 - 2018-02-28 21:01 - 000028915 _____ C:\Users\janek\Desktop\FRST.txt 2018-02-28 20:55 - 2018-02-28 20:56 - 002403840 _____ (Farbar) C:\Users\janek\Desktop\FRST64(1).exe 2018-02-23 22:20 - 2018-02-28 20:59 - 000000000 ____D C:\FRST 2018-02-20 17:50 - 2018-02-20 18:55 - 000000000 ____D C:\Users\janek\VirtualBox VMs 2018-02-19 22:05 - 2018-02-20 20:03 - 000000000 ____D C:\Users\janek\.VirtualBox 2018-02-19 20:11 - 2018-02-19 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2018-02-19 20:11 - 2018-02-19 20:11 - 000000000 ____D C:\Program Files\Oracle 2018-02-19 20:11 - 2018-01-15 15:59 - 000972192 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2018-02-19 20:11 - 2018-01-15 15:59 - 000157672 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2018-02-18 18:41 - 2018-02-18 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2018-02-18 13:16 - 2018-02-18 13:16 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-02-18 13:16 - 2018-02-18 13:16 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2018-02-18 13:16 - 2018-02-18 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-02-18 13:16 - 2018-02-18 13:16 - 000000000 ____D C:\Program Files\CCleaner 2018-02-17 18:35 - 2018-02-20 18:51 - 000000000 ____D C:\Users\janek\Documents\Max Payne Savegames 2018-02-16 21:00 - 2018-02-16 21:06 - 000135591 _____ C:\Program Files (x86)\aaa.h4s 2018-02-12 18:28 - 2018-02-12 18:31 - 000000000 ____D C:\Users\janek\AppData\Roaming\vlc 2018-02-12 18:21 - 2018-02-12 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2018-02-12 18:20 - 2018-02-12 18:20 - 000000000 ____D C:\Program Files (x86)\VideoLAN 2018-02-11 20:40 - 2018-02-18 18:37 - 000000000 ____D C:\Program Files (x86)\Heroes of Might & Magic IV Platinum 2018-02-10 21:00 - 2018-02-10 21:00 - 000000000 ____D C:\Users\janek\AppData\Roaming\11bitstudios 2018-02-10 17:18 - 2018-02-18 18:41 - 000000000 ____D C:\Program Files (x86)\Ubisoft 2018-02-10 17:18 - 2018-02-10 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Settlers IV - Złota Edycja 2018-02-09 19:58 - 2018-02-09 19:58 - 000000000 ____D C:\Users\janek\AppData\Local\DOSBox 2018-02-09 19:58 - 2018-02-09 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 2018-02-09 19:58 - 2018-02-09 19:58 - 000000000 ____D C:\Program Files (x86)\DOSBox-0.74 2018-02-08 21:40 - 2018-02-08 21:57 - 000000000 ____D C:\dsj 2018-02-08 21:38 - 2018-02-08 21:38 - 000000000 ____D C:\dsj 2(dosbox) ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-28 20:56 - 2016-07-03 16:34 - 000000000 ____D C:\Users\janek\Desktop\NeverSink-Filter-3.301a 2018-02-28 20:45 - 2016-11-19 08:23 - 000000000 ____D C:\Users\janek\AppData\LocalLow\Mozilla 2018-02-24 18:36 - 2015-10-30 08:24 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-02-20 20:12 - 2016-03-17 08:06 - 000000000 ____D C:\Users\janek\AppData\Roaming\foobar2000 2018-02-20 17:50 - 2016-03-18 09:52 - 000000000 ____D C:\Users\janek 2018-02-19 20:12 - 2015-10-30 08:21 - 000000000 ____D C:\WINDOWS\INF 2018-02-18 18:41 - 2015-09-09 21:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2018-02-18 18:38 - 2016-04-03 20:20 - 000000000 ____D C:\Users\janek\AppData\Roaming\DAEMON Tools Lite 2018-02-18 18:32 - 2017-08-02 21:01 - 000000000 ____D C:\Users\janek\Desktop\Nick Cave 2018-02-18 18:12 - 2015-09-09 21:57 - 000005650 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-02-18 18:07 - 2017-04-25 19:52 - 000000000 ____D C:\Users\janek\AppData\Local\HTC MediaHub 2018-02-18 18:06 - 2015-09-09 22:06 - 004873315 _____ C:\WINDOWS\SysWOW64\rootpa.e2e 2018-02-18 18:04 - 2016-02-13 14:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-02-18 14:00 - 2016-03-18 18:43 - 000000000 ___DC C:\WINDOWS\Panther 2018-02-18 14:00 - 2015-10-30 08:24 - 000000000 ____D C:\WINDOWS\ModemLogs 2018-02-18 13:59 - 2016-03-28 16:54 - 000000000 ____D C:\WINDOWS\Minidump 2018-02-18 13:18 - 2016-03-18 20:06 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-02-18 02:50 - 2016-03-18 09:48 - 000065536 _____ C:\WINDOWS\psp_storage.bin 2018-02-18 02:50 - 2015-10-30 07:28 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2018-02-17 00:10 - 2015-10-30 07:28 - 000032768 ___SH C:\WINDOWS\system32\config\ELAM 2018-02-17 00:07 - 2015-09-09 22:13 - 000000000 ____D C:\Program Files (x86)\McAfee 2018-02-17 00:06 - 2016-11-18 21:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-02-17 00:06 - 2016-06-02 17:44 - 000000000 ____D C:\Program Files\TrueKey 2018-02-17 00:06 - 2016-03-11 20:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-02-16 20:59 - 2016-03-18 20:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-02-16 20:54 - 2017-07-03 21:30 - 000000000 ____D C:\Users\janek\.gimp-2.8 2018-02-14 20:02 - 2016-04-30 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-02-14 20:02 - 2015-09-09 21:58 - 000000000 ____D C:\ProgramData\Package Cache 2018-02-13 18:45 - 2016-06-02 18:06 - 000001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2018-02-08 20:37 - 2016-03-11 20:41 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-02-08 18:04 - 2016-04-30 17:06 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2018-02-03 19:51 - 2015-09-09 22:20 - 000000000 ____D C:\ProgramData\Dell 2018-02-03 19:51 - 2015-09-09 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2018-02-03 19:51 - 2015-09-09 21:59 - 000000000 ____D C:\Program Files\Dell ==================== Files in the root of some directories ======= 2018-02-16 21:00 - 2018-02-16 21:06 - 000135591 _____ () C:\Program Files (x86)\aaa.h4s 2016-10-17 20:34 - 2016-10-17 20:34 - 000085873 _____ () C:\Users\janek\AppData\Roaming\icarus-dxdiag.xml 2017-10-18 18:17 - 2017-10-18 18:17 - 000001730 _____ () C:\Users\janek\AppData\Local\recently-used.xbel 2017-04-16 20:21 - 2017-04-16 20:21 - 000007605 _____ () C:\Users\janek\AppData\Local\Resmon.ResmonCfg 2017-04-23 18:26 - 2017-04-23 18:26 - 000003228 _____ () C:\Users\janek\AppData\Local\unins000.dat 2017-04-23 18:26 - 2017-04-23 18:26 - 000011761 _____ () C:\Users\janek\AppData\Local\unins000.msg Some files in TEMP: ==================== 2018-02-19 18:50 - 2018-02-19 18:50 - 000910080 _____ (Microsoft Corporation) C:\Users\janek\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-21 16:10 ==================== End of FRST.txt ============================