Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by User (administrator) on PANDA296 on 23-01-2015 15:38:17 Running from C:\Users\User\Downloads Loaded Profiles: User (Available profiles: User & Administrator) Platform: Windows 8.1 Pro (X64) OS Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe () C:\Program Files (x86)\Opera\25.0.1614.50\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe (Opera Software) C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-2861025251-1746614414-2761470792-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21437568 2014-05-08] (Skype Technologies S.A.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2861025251-1746614414-2761470792-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/ BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-13] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-13] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-13] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-13] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-13] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-27] (Kaspersky Lab ZAO) S4 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-06] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-13] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-12] (Disc Soft Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-27] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-27] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-05-27] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-27] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-27] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-27] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-27] (Kaspersky Lab ZAO) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows (R) Win 7 DDK provider) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 20:35 - 2014-04-15 23:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-01-21 20:35 - 2014-04-15 23:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 00153339 _____ () C:\Users\User\Downloads\gmer 15-01-2015.txt 2015-01-15 18:19 - 2015-01-15 18:19 - 00380416 _____ () C:\Users\User\Downloads\rl6jt5r5.exe 2015-01-15 18:14 - 2015-01-15 18:14 - 00050966 _____ () C:\Users\User\Downloads\Shortcut.txt 2015-01-15 18:14 - 2015-01-15 18:14 - 00033691 _____ () C:\Users\User\Downloads\Addition.txt 2015-01-15 18:03 - 2015-01-23 15:38 - 00014370 _____ () C:\Users\User\Downloads\FRST.txt 2015-01-14 23:27 - 2015-01-14 23:27 - 00000000 _____ () C:\Recovery.txt 2015-01-14 17:32 - 2015-01-14 17:33 - 00000000 ____D () C:\Users\User\Downloads\dmde 2015-01-14 17:31 - 2015-01-14 17:31 - 00845486 _____ () C:\Users\User\Downloads\dmde-free-2.10.2.564-win32-gui.zip 2015-01-14 15:37 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 15:37 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 15:37 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 15:37 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 15:37 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 15:37 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 15:37 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 15:37 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 15:37 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 15:37 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 15:37 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 15:37 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 15:37 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 15:37 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 15:37 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 15:37 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 15:37 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 15:37 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 15:37 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 15:37 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 15:37 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 15:37 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 15:37 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 15:37 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 15:37 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 15:37 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 15:37 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 15:37 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 15:37 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 15:37 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-14 15:37 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-07 17:47 - 2015-01-23 14:53 - 00000000 ____D () C:\Users\User\Downloads\FRST-OlderVersion 2015-01-07 17:35 - 2015-01-23 15:38 - 00000000 ____D () C:\FRST 2015-01-07 17:35 - 2015-01-23 14:53 - 02126848 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-01-07 17:30 - 2015-01-07 17:30 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software 2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software 2015-01-06 18:00 - 2015-01-06 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe 2015-01-06 16:15 - 2015-01-06 16:15 - 02173952 _____ () C:\Users\User\Downloads\AdwCleaner (1).exe 2015-01-06 16:03 - 2015-01-06 16:09 - 00000000 ____D () C:\AdwCleaner 2015-01-06 16:02 - 2015-01-06 16:03 - 02173952 _____ () C:\Users\User\Downloads\AdwCleaner.exe 2015-01-05 21:02 - 2015-01-05 21:02 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{254B4EDA-D7C5-404E-A9C9-E6485D90A057} 2015-01-05 21:01 - 2015-01-05 21:01 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2015-01-05 21:01 - 2015-01-05 21:01 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2015-01-05 21:01 - 2015-01-05 21:01 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList 2015-01-05 20:42 - 2015-01-07 17:16 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2861025251-1746614414-2761470792-500 2015-01-05 20:38 - 2015-01-05 20:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation 2015-01-05 20:37 - 2015-01-05 20:37 - 00002346 _____ () C:\Users\Administrator\Desktop\Safe Money.lnk 2015-01-05 20:36 - 2015-01-05 20:37 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages 2015-01-05 20:36 - 2015-01-05 20:37 - 00000000 ____D () C:\Users\Administrator 2015-01-05 20:36 - 2015-01-05 20:36 - 00001402 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-05 20:36 - 2015-01-05 20:36 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2015-01-05 20:36 - 2015-01-05 20:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2015-01-05 20:36 - 2015-01-05 20:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA 2015-01-05 20:36 - 2014-11-13 06:22 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-05 20:36 - 2014-09-23 15:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-05 20:36 - 2014-06-14 16:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2015-01-05 20:36 - 2014-02-22 04:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-05 20:36 - 2014-02-22 04:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-05 20:36 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-05 20:36 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-05 19:08 - 2015-01-05 21:00 - 00000000 ____D () C:\Users\User\Downloads\Autoruns 2015-01-05 19:08 - 2015-01-05 19:08 - 00511633 _____ () C:\Users\User\Downloads\Autoruns.zip 2015-01-04 08:57 - 2015-01-04 08:57 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-04 08:56 - 2015-01-04 08:56 - 05317104 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup501.exe 2015-01-04 08:38 - 2015-01-05 19:13 - 00000000 ____D () C:\Windows\SysWOW64\NV 2015-01-04 08:38 - 2015-01-04 21:46 - 00000000 ____D () C:\Windows\system32\NV 2015-01-04 08:38 - 2015-01-04 08:38 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-04 08:38 - 2014-12-13 08:03 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-01-04 08:38 - 2014-12-13 08:03 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-01-04 08:38 - 2014-12-13 08:03 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-01-04 08:38 - 2014-12-13 08:03 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2015-01-04 08:38 - 2014-12-13 08:03 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-01-04 08:38 - 2014-12-13 08:03 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-01-04 08:38 - 2014-12-13 08:03 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2015-01-04 08:38 - 2014-12-13 08:03 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-01-04 08:38 - 2014-12-12 23:11 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin 2015-01-04 08:36 - 2014-12-13 10:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-01-04 08:36 - 2014-12-13 10:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-01-04 08:36 - 2014-12-13 10:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2015-01-04 08:36 - 2014-12-13 10:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 15:33 - 2014-06-28 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent 2015-01-23 15:33 - 2014-06-22 08:21 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-23 15:05 - 2014-07-13 10:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-23 15:04 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-23 15:04 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-01-23 15:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru 2015-01-23 14:43 - 2014-06-14 17:57 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-23 12:17 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-01-23 12:16 - 2014-06-14 15:09 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2861025251-1746614414-2761470792-1001 2015-01-22 20:43 - 2014-06-14 17:57 - 00003818 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-22 20:07 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-19 21:32 - 2014-06-16 06:49 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-19 21:32 - 2014-06-16 06:49 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-14 20:39 - 2014-06-14 17:01 - 00811416 _____ () C:\Windows\system32\perfh015.dat 2015-01-14 20:39 - 2014-06-14 17:01 - 00167568 _____ () C:\Windows\system32\perfc015.dat 2015-01-14 20:39 - 2014-06-14 15:06 - 01825074 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-14 15:50 - 2014-06-14 15:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 15:47 - 2014-06-14 15:26 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-06 18:01 - 2014-06-14 17:35 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-01-06 16:09 - 2014-10-26 18:24 - 00001116 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2015-01-05 21:05 - 2014-06-14 17:32 - 00003874 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1402767116 2015-01-05 21:01 - 2014-10-12 13:22 - 00003760 _____ () C:\Windows\System32\Tasks\AutoKMS 2015-01-05 20:37 - 2014-06-14 15:04 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-01-04 08:57 - 2014-06-14 17:35 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-04 08:38 - 2014-06-16 06:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-01-04 08:38 - 2014-06-16 06:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-01-04 08:38 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Help 2015-01-04 08:37 - 2014-06-16 06:54 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-01-04 08:28 - 2014-06-14 17:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-01-03 22:02 - 2014-08-01 18:34 - 00000000 ____D () C:\The KMPlayer 2015-01-02 18:35 - 2014-11-27 17:24 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-29 21:22 - 2014-08-01 18:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\DivX 2014-12-29 19:46 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\User\Desktop\zdięcia 2014-12-26 22:32 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2014-06-27 21:26 - 2014-06-30 19:00 - 0000308 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.Exception.log 2014-06-27 21:24 - 2014-06-27 21:24 - 0001111 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-06-27 21:26 - 2014-06-30 19:00 - 0000308 _____ () C:\Users\User\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-09-18 18:34 - 2014-09-18 18:34 - 0000268 ___RH () C:\Users\User\AppData\Roaming\Trance Pad 2014-09-18 18:35 - 2014-09-18 18:35 - 0000268 ___RH () C:\Users\User\AppData\Roaming\Transportation 2014-09-18 18:34 - 2014-09-18 18:34 - 0000268 ___RH () C:\Users\User\AppData\Roaming\Treble Reduction 2014-09-18 18:33 - 2014-09-18 18:33 - 0000268 ___RH () C:\Users\User\AppData\Roaming\WebServer 2014-09-18 18:35 - 2014-09-18 18:35 - 0000012 ___RH () C:\ProgramData\business-inkjet 2014-09-18 18:34 - 2014-09-18 18:34 - 0000012 ___RH () C:\ProgramData\deskjet 2014-09-18 18:33 - 2014-09-18 18:33 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2014-09-18 18:35 - 2014-09-18 18:35 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-09-18 18:34 - 2014-10-04 18:39 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-09-18 18:34 - 2014-11-24 04:44 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-09-18 18:34 - 2014-09-18 18:34 - 0000268 ___RH () C:\ProgramData\Tribal Masks 2014-09-18 18:35 - 2014-09-18 18:35 - 0000268 ___RH () C:\ProgramData\Trumpet Section 2014-09-18 18:34 - 2014-09-18 18:34 - 0000268 ___RH () C:\ProgramData\Tuner 2014-09-18 18:33 - 2014-09-18 18:34 - 0000012 ___RH () C:\ProgramData\Work - Home ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-23 12:16 ==================== End Of Log ============================