Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01 Ran by bonczo1 (administrator) on BONCZO on 14-08-2014 20:14:34 Running from F:\Pobrane Platform: Windows 8.1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (MSI) C:\Program Files (x86)\SCM\Radio Manager.exe (MSI) C:\Program Files (x86)\SCM\SCM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\bonczo1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\bonczo1\AppData\Local\Akamai\netsession_win.exe (GG Network S.A.) C:\Users\bonczo1\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) C:\Users\bonczo1\AppData\Local\GG\Application\ggapp.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Autodesk Inc.) C:\Users\bonczo1\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TeamSpeak Systems GmbH) F:\Teamspeak\ts3client_win64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) F:\Pobrane\FRST64 (1).exe (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-09-26] (MSI) HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [408232 2013-09-26] (MSI) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2013-08-23] (ELAN Microelectronics Corp.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-21] (Autodesk Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4274012512-4237671526-699371079-1001\...\Run: [Akamai NetSession Interface] => C:\Users\bonczo1\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-4274012512-4237671526-699371079-1001\...\Run: [uTorrent] => C:\Users\bonczo1\AppData\Roaming\uTorrent\uTorrent.exe [1270864 2014-05-23] (BitTorrent Inc.) HKU\S-1-5-21-4274012512-4237671526-699371079-1001\...\Run: [GG] => C:\Users\bonczo1\AppData\Local\GG\Application\gghub.exe [4023360 2014-07-09] (GG Network S.A.) HKU\S-1-5-21-4274012512-4237671526-699371079-1001\...\Policies\Explorer: [] AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-10-31] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastosearch.info/?pid=34&r=2014/06/08&hid=3021747045306607032&lg=EN&cc=PL&unqvl=55 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x026CED633D82CF01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastosearch.info/?pid=34&r=2014/06/08&hid=3021747045306607032&lg=EN&cc=PL&unqvl=55 SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=34&r=2014/06/08&hid=3021747045306607032&lg=EN&cc=PL&unqvl=55 SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=34&r=2014/06/08&hid=3021747045306607032&lg=EN&cc=PL&unqvl=55 SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=34&r=2014/06/08&hid=3021747045306607032&lg=EN&cc=PL&unqvl=55 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.100 FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> F:\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-08-14] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HomePage: hxxp://websearch.fastosearch.info/?pid=34&r=2014/06/08&hid=3021747045306607032&lg=EN&cc=PL&unqvl=55 CHR StartupUrls: "hxxp://google.pl/" CHR Extension: (Dokumenty Google) - C:\Users\bonczo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-16] CHR Extension: (Dysk Google) - C:\Users\bonczo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-16] CHR Extension: (YouTube) - C:\Users\bonczo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-16] CHR Extension: (Adblock Plus) - C:\Users\bonczo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-17] CHR Extension: (Szukaj w Google) - C:\Users\bonczo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-16] CHR Extension: (Auto Replay for YouTube™) - C:\Users\bonczo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-06-16] CHR Extension: (Google Wallet) - C:\Users\bonczo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-16] CHR Extension: (Gmail) - C:\Users\bonczo1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-16] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-21] (Autodesk Inc.) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [69120 2013-10-21] () [File not signed] R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-08-23] (ELAN Microelectronics Corp.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-09-26] (Micro-Star International Co., Ltd.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) S2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.) S3 BFN7x64; C:\Windows\System32\drivers\Xeno7x64.sys [157288 2012-09-25] (Bigfoot Networks, Inc.) S3 BFNVis64; C:\Windows\System32\drivers\XenoVa64.sys [157288 2012-09-25] (Bigfoot Networks, Inc.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [554712 2013-10-09] (Realtek Semiconductor Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation ) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 20:12 - 2014-08-14 20:14 - 00000000 ____D () C:\FRST 2014-08-14 19:54 - 2014-08-14 19:54 - 00000000 ____D () C:\Users\bonczo1\AppData\Local\ESET 2014-08-14 19:41 - 2014-08-14 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-08-14 19:41 - 2014-08-14 19:41 - 00000000 ____D () C:\ProgramData\ESET 2014-08-14 19:41 - 2014-08-14 19:41 - 00000000 ____D () C:\Program Files\ESET 2014-08-10 23:04 - 2014-08-10 23:04 - 00000000 ____D () C:\Users\bonczo1\Desktop\s 2014-08-09 17:22 - 2014-08-07 21:15 - 55632167 _____ () C:\Users\bonczo1\Desktop\MOV_0693.mp4 2014-08-09 17:19 - 2014-08-09 17:19 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-09 17:19 - 2014-08-09 17:19 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-09 17:19 - 2014-08-09 17:19 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-09 17:19 - 2014-08-09 17:19 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-02 00:28 - 2014-08-02 00:28 - 00000448 _____ () C:\Users\bonczo1\Desktop\Ten komputer.lnk 2014-08-01 19:31 - 2014-07-26 03:12 - 45324413 _____ () C:\Users\bonczo1\Desktop\MOV_0682.mp4 2014-07-31 14:05 - 2014-07-31 14:05 - 00000219 _____ () C:\Users\bonczo1\Desktop\Dota 2.url 2014-07-29 22:42 - 2014-07-25 15:50 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-07-29 22:42 - 2014-07-25 15:50 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-07-23 12:23 - 2014-07-23 12:26 - 00000000 ____D () C:\Users\bonczo1\Desktop\filmy telefon 2014-07-23 12:09 - 2014-07-23 12:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-07-22 21:21 - 2014-07-22 21:21 - 00001204 _____ () C:\Users\bonczo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-07-22 21:21 - 2014-07-22 21:21 - 00001196 _____ () C:\Users\bonczo1\Desktop\OpenFM.lnk 2014-07-22 21:21 - 2014-07-22 21:21 - 00001165 _____ () C:\Users\bonczo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk 2014-07-22 21:21 - 2014-07-22 21:21 - 00001157 _____ () C:\Users\bonczo1\Desktop\GG.lnk 2014-07-17 22:53 - 2014-07-17 22:53 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-16 14:57 - 2014-05-17 01:34 - 01270864 _____ (BitTorrent Inc.) C:\Users\bonczo1\Desktop\uTorrent.exe 2014-07-16 14:03 - 2014-07-16 14:33 - 00000000 ____D () C:\Users\bonczo1\Desktop\Gify ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 20:14 - 2014-08-14 20:12 - 00000000 ____D () C:\FRST 2014-08-14 20:03 - 2014-05-16 15:56 - 01464191 _____ () C:\Windows\WindowsUpdate.log 2014-08-14 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2014-08-14 19:59 - 2014-05-16 17:18 - 00003984 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3237A3E9-0D8E-4EDB-85C3-0459AE3FF52E} 2014-08-14 19:54 - 2014-08-14 19:54 - 00000000 ____D () C:\Users\bonczo1\AppData\Local\ESET 2014-08-14 19:54 - 2014-06-09 01:19 - 00000000 ____D () C:\ProgramData\SNT 2014-08-14 19:48 - 2014-05-19 00:04 - 00000000 ____D () C:\Users\bonczo1\AppData\Roaming\TS3Client 2014-08-14 19:47 - 2014-05-16 16:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4274012512-4237671526-699371079-1001 2014-08-14 19:45 - 2014-06-09 01:19 - 00000000 ____D () C:\Program Files (x86)\SNT 2014-08-14 19:41 - 2014-08-14 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-08-14 19:41 - 2014-08-14 19:41 - 00000000 ____D () C:\ProgramData\ESET 2014-08-14 19:41 - 2014-08-14 19:41 - 00000000 ____D () C:\Program Files\ESET 2014-08-14 19:28 - 2014-05-16 17:18 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-14 18:04 - 2014-05-17 13:29 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-14 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-08-14 13:05 - 2014-05-25 20:53 - 00000000 ____D () C:\Users\bonczo1\AppData\Roaming\GG 2014-08-14 13:05 - 2014-05-17 01:51 - 00171297 _____ () C:\Users\bonczo1\AppData\Local\BTServer.log 2014-08-14 13:05 - 2014-05-17 01:05 - 00000000 ___RD () C:\Users\bonczo1\SkyDrive 2014-08-14 13:05 - 2014-05-16 17:18 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-14 08:53 - 2014-05-17 12:08 - 00000000 ____D () C:\Users\bonczo1\AppData\Local\CrashDumps 2014-08-13 15:08 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-08-12 21:06 - 2013-10-25 18:11 - 01828496 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-12 21:06 - 2013-08-23 01:12 - 00808198 _____ () C:\Windows\system32\perfh015.dat 2014-08-12 21:06 - 2013-08-23 01:12 - 00164014 _____ () C:\Windows\system32\perfc015.dat 2014-08-12 17:44 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-12 17:43 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-08-12 00:45 - 2014-05-17 01:34 - 00000000 ____D () C:\Users\bonczo1\AppData\Roaming\uTorrent 2014-08-11 00:41 - 2014-05-17 02:42 - 00000000 ____D () C:\Users\bonczo1\AppData\Roaming\vlc 2014-08-10 23:04 - 2014-08-10 23:04 - 00000000 ____D () C:\Users\bonczo1\Desktop\s 2014-08-09 17:19 - 2014-08-09 17:19 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-09 17:19 - 2014-08-09 17:19 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-09 17:19 - 2014-08-09 17:19 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-09 17:19 - 2014-08-09 17:19 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-09 17:19 - 2014-08-09 17:19 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-09 17:19 - 2014-07-03 03:02 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-09 03:23 - 2014-05-16 17:18 - 00004036 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-08-09 03:23 - 2014-05-16 17:18 - 00003800 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-08-07 21:15 - 2014-08-09 17:22 - 55632167 _____ () C:\Users\bonczo1\Desktop\MOV_0693.mp4 2014-08-04 02:02 - 2014-05-16 15:56 - 00000000 ____D () C:\Users\bonczo1 2014-08-02 00:28 - 2014-08-02 00:28 - 00000448 _____ () C:\Users\bonczo1\Desktop\Ten komputer.lnk 2014-07-31 16:04 - 2014-05-17 11:10 - 00030723 _____ () C:\Windows\DirectX.log 2014-07-31 14:05 - 2014-07-31 14:05 - 00000219 _____ () C:\Users\bonczo1\Desktop\Dota 2.url 2014-07-31 02:49 - 2013-10-25 18:01 - 00898486 _____ () C:\Windows\PFRO.log 2014-07-29 22:42 - 2014-05-16 15:56 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-07-29 22:42 - 2013-08-22 16:46 - 00021132 _____ () C:\Windows\setupact.log 2014-07-26 03:12 - 2014-08-01 19:31 - 45324413 _____ () C:\Users\bonczo1\Desktop\MOV_0682.mp4 2014-07-25 15:50 - 2014-07-29 22:42 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-07-25 15:50 - 2014-07-29 22:42 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-07-25 15:50 - 2014-05-16 15:59 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-07-25 15:50 - 2014-05-16 15:59 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-07-23 12:26 - 2014-07-23 12:23 - 00000000 ____D () C:\Users\bonczo1\Desktop\filmy telefon 2014-07-23 12:09 - 2014-07-23 12:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-07-22 21:21 - 2014-07-22 21:21 - 00001204 _____ () C:\Users\bonczo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2014-07-22 21:21 - 2014-07-22 21:21 - 00001196 _____ () C:\Users\bonczo1\Desktop\OpenFM.lnk 2014-07-22 21:21 - 2014-07-22 21:21 - 00001165 _____ () C:\Users\bonczo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk 2014-07-22 21:21 - 2014-07-22 21:21 - 00001157 _____ () C:\Users\bonczo1\Desktop\GG.lnk 2014-07-22 21:21 - 2014-05-25 20:52 - 00000000 ____D () C:\Users\bonczo1\AppData\Local\OpenFM 2014-07-22 21:21 - 2014-05-25 20:52 - 00000000 ____D () C:\Users\bonczo1\AppData\Local\GG 2014-07-22 17:43 - 2014-05-17 01:51 - 00000000 ____D () C:\Users\bonczo1\Documents\My Bluetooth 2014-07-19 21:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-07-19 20:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-17 22:53 - 2014-07-17 22:53 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-16 14:34 - 2014-05-21 00:26 - 00000000 ____D () C:\Users\bonczo1\Desktop\Stacja 2014-07-16 14:33 - 2014-07-16 14:03 - 00000000 ____D () C:\Users\bonczo1\Desktop\Gify 2014-07-16 14:30 - 2014-05-25 17:18 - 00000000 ____D () C:\Users\bonczo1\Desktop\Studia 2014-07-16 13:29 - 2014-05-17 12:03 - 00000000 ____D () C:\Users\bonczo1\Documents\Autodesk Application Manager Some content of TEMP: ==================== C:\Users\bonczo1\AppData\Local\Temp\18be6784_.exe C:\Users\bonczo1\AppData\Local\Temp\1vnt54ap.kt1.exe C:\Users\bonczo1\AppData\Local\Temp\a0qn12j4.sin.exe C:\Users\bonczo1\AppData\Local\Temp\AcDeltree.exe C:\Users\bonczo1\AppData\Local\Temp\azfotnqf.0sw.exe C:\Users\bonczo1\AppData\Local\Temp\FastDownload.exe C:\Users\bonczo1\AppData\Local\Temp\ggdrive-menu.exe C:\Users\bonczo1\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\bonczo1\AppData\Local\Temp\go0ds0jl.ymf.exe C:\Users\bonczo1\AppData\Local\Temp\installstats.exe C:\Users\bonczo1\AppData\Local\Temp\InstHelper.exe C:\Users\bonczo1\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\bonczo1\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\bonczo1\AppData\Local\Temp\utt9495.tmp.exe C:\Users\bonczo1\AppData\Local\Temp\_isCF87.exe C:\Users\bonczo1\AppData\Local\Temp\_isD69C.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-09 17:28 ==================== End Of Log ============================