Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015 Ran by Artur (administrator) on ARTUR-PC (30-11-2015 15:37:01) Running from C:\FRST\FRST-OlderVersion\FRST-OlderVersion Loaded Profiles: Artur (Available Profiles: Artur) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ALLPlayer.org) C:\Program Files (x86)\ALLMediaServer\mediaserver.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Spotify Ltd) C:\Users\Artur\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-11-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [ALLMediaServer] => C:\Program Files (x86)\ALLMediaServer\MediaServer.exe [4985856 2013-07-17] (ALLPlayer.org) HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\...\Run: [Spotify Web Helper] => C:\Users\Artur\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-18] (Spotify Ltd) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1F620D6B-0E3F-4915-8977-141F7C2BC5BA}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{936323A7-FD0B-4FCD-9044-F08753E813ED}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A2BE7100-E798-44A5-B7C2-AB657945A56D}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{BE3B9C67-EDF3-4F75-8EA2-AF804AA4A8CE}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F9DF8245-4F0A-49AE-BCB8-E571305B69D4}: [NameServer] 104.197.191.4 Internet Explorer: ================== BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-27] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-27] (Oracle Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (CANON INC.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (CANON INC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2015-11-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon Chrome: ======= CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Przelewy24) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2015-10-04] CHR Extension: (Dokumenty Google) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (YouTube) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Norton Security Toolbar) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-30] CHR Extension: (Google Search) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-11-29] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-04] CHR Extension: (Dokumenty Google offline) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (TuneIn Radio) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkolpgedpldcfmkgbdokgiljfbblpfj [2015-05-27] CHR Extension: (Norton Identity Safe) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-11-30] CHR Extension: (Evernote Web) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-05-27] CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-11-30] CHR Extension: (Norton Safe) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-11-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] CHR Extension: (Gmail) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-29] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3076302344-2742556548-4197340800-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-29] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-05] (NVIDIA Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-05] (NVIDIA Corporation) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-22] (Symantec Corporation) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23944 2010-04-06] (IVT Corporation.) S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] () R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-29] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-29] (Symantec Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-11-27] () R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151126.001\IDSvia64.sys [767224 2015-11-26] (Symantec Corporation) S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151129.032\ENG64.SYS [138488 2015-11-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151129.032\EX64.SYS [2148080 2015-11-29] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-05] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation) S3 PN-70A50A; C:\Windows\System32\DRIVERS\PN-70A.sys [594944 2015-01-07] (PIONEER HOME ELECTRONICS) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-12] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-11-29] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-12] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-30 15:35 - 2015-11-30 15:36 - 00000000 ____D C:\Users\Artur\Desktop\Logi 2015-11-30 15:19 - 2015-11-30 15:19 - 00000000 ____D C:\MATS 2015-11-30 13:58 - 2015-11-30 13:59 - 00026826 _____ C:\Users\Artur\Desktop\GMER.txt 2015-11-29 18:37 - 2015-11-29 18:37 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2015-11-29 18:37 - 2015-11-29 18:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2015-11-29 18:27 - 2015-11-29 18:37 - 00002367 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK 2015-11-29 18:27 - 2015-11-29 18:27 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2015-11-29 18:27 - 2015-11-29 18:27 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2015-11-29 18:26 - 2015-11-29 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2015-11-29 18:26 - 2015-11-29 18:26 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2015-11-29 18:26 - 2015-11-29 18:26 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2015-11-29 17:57 - 2015-11-29 17:57 - 00000000 __SHD C:\DrWeb Quarantine 2015-11-29 16:25 - 2015-11-29 16:25 - 00000000 ___HD C:\DrWeb Archive 2015-11-29 16:02 - 2015-11-29 16:02 - 00000000 ____D C:\Users\Artur\Doctor Web 2015-11-29 15:28 - 2015-11-30 15:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-29 15:28 - 2015-11-29 15:28 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-29 15:28 - 2015-11-29 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-29 15:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-29 15:28 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-29 15:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-29 15:19 - 2015-11-30 15:37 - 00000000 ____D C:\FRST 2015-11-26 23:55 - 2015-11-26 23:54 - 02001540 _____ C:\Users\Artur\Downloads\PC Decrapifier 3.0.exe 2015-11-26 23:53 - 2015-11-27 23:20 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2015-11-26 22:20 - 2015-11-26 22:20 - 01733632 _____ C:\Users\Artur\Downloads\AdwCleaner 5.022.exe 2015-11-26 22:11 - 2015-11-29 22:26 - 00001415 _____ C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-11-11 12:35 - 2015-11-11 12:35 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-11-11 11:49 - 2015-11-11 11:49 - 00001341 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2015-11-11 11:49 - 2015-11-05 18:13 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-11-11 11:49 - 2015-11-05 18:13 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-11-11 11:48 - 2015-11-05 15:41 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-11-11 11:45 - 2015-11-05 18:13 - 42914096 _____ C:\Windows\system32\nvcompiler.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 22308656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 18362160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 15717864 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 15121784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 11130488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-11-11 11:45 - 2015-11-05 18:13 - 03158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00388208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2015-11-11 11:45 - 2015-11-05 18:13 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-11-11 11:45 - 2015-11-05 18:13 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-11-11 11:45 - 2015-11-05 18:13 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2015-11-10 15:41 - 2015-11-10 15:41 - 00000000 ____D C:\Users\Artur\AppData\Local\Fallout4 2015-11-04 14:10 - 2015-11-04 14:10 - 00059392 _____ C:\Users\Artur\Desktop\Kopia RTV-Akcesoria Listopad.xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-30 15:33 - 2012-10-11 22:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-30 15:24 - 2014-03-14 20:38 - 00000000 ___RD C:\Users\Artur\Dysk Google 2015-11-30 15:23 - 2012-10-11 22:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-30 15:23 - 2012-07-14 04:07 - 00000000 ____D C:\ProgramData\NVIDIA 2015-11-30 15:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-30 15:21 - 2014-04-21 21:39 - 00000000 ____D C:\Users\Artur\AppData\Local\Mozilla 2015-11-30 15:21 - 2013-12-26 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive 2015-11-30 15:21 - 2013-10-08 22:09 - 00000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe 2015-11-30 15:21 - 2012-08-05 01:04 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Mozilla 2015-11-30 15:19 - 2012-08-07 10:02 - 00000000 ____D C:\Users\Artur\AppData\Local\ElevatedDiagnostics 2015-11-30 15:15 - 2012-07-23 10:42 - 00000000 ____D C:\ProgramData\Adobe 2015-11-30 14:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-11-30 13:37 - 2013-09-20 21:55 - 00000000 ____D C:\Users\Artur\AppData\Local\CrashDumps 2015-11-30 13:22 - 2013-08-26 11:11 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-11-30 13:21 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-11-30 12:03 - 2012-07-14 03:31 - 00000000 ____D C:\Users\Artur 2015-11-30 12:03 - 2009-07-14 05:45 - 00014736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-30 12:03 - 2009-07-14 05:45 - 00014736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-30 11:58 - 2012-08-05 01:04 - 00000000 ____D C:\Users\Artur\AppData\LocalLow\Temp 2015-11-30 02:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-11-30 01:42 - 2014-05-14 10:06 - 00000000 ____D C:\Users\Artur\AppData\Local\NPE 2015-11-30 01:14 - 2015-10-28 18:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-11-29 23:57 - 2012-07-14 04:38 - 00747536 _____ C:\Windows\system32\perfh015.dat 2015-11-29 23:57 - 2012-07-14 04:38 - 00160128 _____ C:\Windows\system32\perfc015.dat 2015-11-29 23:57 - 2009-07-14 06:13 - 01692112 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-29 22:33 - 2014-12-24 13:45 - 00000000 ____D C:\ProgramData\DatacardService 2015-11-29 22:27 - 2012-10-11 22:56 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-29 22:27 - 2012-07-15 15:15 - 00000000 ____D C:\Users\Artur\AppData\Local\Google 2015-11-29 22:26 - 2012-07-14 03:31 - 00001421 _____ C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-11-29 22:01 - 2014-03-10 13:10 - 00012813 _____ C:\Users\Artur\Desktop\RATY.ods 2015-11-29 19:13 - 2014-04-21 21:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-29 18:37 - 2014-04-22 19:39 - 00000000 ____D C:\Windows\system32\Drivers\NISx64 2015-11-29 18:27 - 2014-04-22 19:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2015-11-29 18:26 - 2013-09-16 21:53 - 00000000 ____D C:\ProgramData\Norton 2015-11-29 17:57 - 2012-07-24 19:29 - 00000000 ____D C:\Program Files (x86)\NapiProjekt 2015-11-29 16:01 - 2009-07-14 06:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-29 15:41 - 2013-09-16 21:53 - 00000000 ____D C:\ProgramData\NortonInstaller 2015-11-28 00:40 - 2015-10-14 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-11-28 00:40 - 2015-10-14 16:17 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-11-28 00:40 - 2015-06-30 19:24 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships 2015-11-28 00:40 - 2015-05-27 22:33 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome 2015-11-28 00:40 - 2015-05-27 22:32 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-28 00:40 - 2014-06-28 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG On-Screen Phone 2015-11-28 00:40 - 2014-06-27 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLMediaServer 2015-11-28 00:40 - 2014-05-14 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Player 2015-11-28 00:40 - 2014-04-16 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-28 00:40 - 2014-03-26 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-28 00:40 - 2014-03-14 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-11-28 00:40 - 2014-01-09 15:36 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2015-11-28 00:40 - 2013-12-26 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-11-28 00:40 - 2013-09-22 21:40 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud 2015-11-28 00:40 - 2013-09-03 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE 2015-11-28 00:40 - 2013-02-25 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Sync Manager WiFi 2015-11-28 00:40 - 2012-08-25 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-28 00:40 - 2012-08-20 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail 2015-11-28 00:40 - 2012-07-24 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt 2015-11-28 00:40 - 2012-07-23 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP640 series 2015-11-28 00:40 - 2012-07-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack 2015-11-28 00:40 - 2012-07-14 04:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-28 00:40 - 2012-07-13 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-11-28 00:40 - 2012-07-13 17:09 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander 2015-11-28 00:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-11-28 00:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2015-11-27 23:45 - 2014-04-16 22:14 - 00000000 ____D C:\ProgramData\HitmanPro 2015-11-26 23:49 - 2014-04-21 09:01 - 00024502 _____ C:\Windows\system32\.crusader 2015-11-26 22:11 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-11-26 22:11 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-11-26 21:52 - 2014-03-26 22:50 - 00002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-26 21:41 - 2012-07-19 13:38 - 00000000 ____D C:\Users\Artur\AppData\Local\Mirillis 2015-11-26 21:25 - 2012-08-05 01:03 - 00000000 ____D C:\Users\Artur\AppData\Roaming\uTorrent 2015-11-19 00:49 - 2014-04-23 19:39 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Spotify 2015-11-18 23:09 - 2014-04-23 19:39 - 00000000 ____D C:\Users\Artur\AppData\Local\Spotify 2015-11-11 11:50 - 2014-03-06 11:55 - 00000000 ____D C:\Users\Artur\AppData\Local\NVIDIA Corporation 2015-11-11 11:49 - 2012-07-14 04:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-11-10 15:41 - 2015-04-07 21:55 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-10 15:39 - 2012-07-27 11:58 - 00000000 ____D C:\Users\Artur\Documents\My Games 2015-11-05 18:13 - 2014-03-06 11:55 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-11-05 18:13 - 2014-03-06 11:55 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-11-05 18:13 - 2013-10-15 17:40 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-11-05 18:13 - 2013-10-15 17:40 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2015-11-05 18:13 - 2012-07-14 04:07 - 17515208 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-11-05 18:13 - 2012-07-14 04:07 - 03579000 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-11-05 18:13 - 2012-07-14 04:07 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2015-11-05 18:13 - 2012-07-14 04:07 - 00033607 _____ C:\Windows\system32\nvinfo.pb 2015-11-05 16:13 - 2012-07-14 04:07 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-11-05 16:13 - 2012-07-14 04:07 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-11-05 16:13 - 2012-07-14 04:07 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-11-05 16:13 - 2012-07-14 04:07 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-11-05 16:13 - 2012-07-14 04:07 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-11-05 16:13 - 2012-07-14 04:07 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-11-04 12:55 - 2012-07-20 14:39 - 00000000 ____D C:\Users\Artur\AppData\Roaming\The Bat! ==================== Files in the root of some directories ======= 2012-09-23 12:48 - 2012-09-23 12:48 - 0000093 _____ () C:\Users\Artur\AppData\Local\fusioncache.dat 2014-01-09 15:59 - 2014-01-09 15:59 - 0001726 _____ () C:\Users\Artur\AppData\Local\recently-used.xbel ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2012-07-14 16:20] - [2012-10-11 20:38] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2012-07-14 16:20] - [2012-10-11 20:38] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-30 03:15 ==================== End of FRST.txt ============================