Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02 Ran by dESANT (administrator) on DESANT-PC (15-07-2016 18:53:38) Running from F:\Dokumenty\Download\Fixit.pc Loaded Profiles: dESANT (Available Profiles: dESANT & Administrator & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 9 (Default browser: "E:\Firefox\firefox.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (COMODO) E:\COMODO\COMODO Internet Security\cmdagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (AVAST Software) E:\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (COMODO) E:\COMODO\COMODO Internet Security\cistray.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe (MSI) C:\Windows\SysWOW64\muachost.exe () E:\MSI Afterburner\MSIAfterburner.exe (ASUSTeK Computer Inc.) E:\AI Suite III\AISuite3.exe () E:\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe (ASUSTeK Computer Inc.) E:\AI Suite III\Push Notice\PushNotifyServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () E:\Razer\DeathAdder\razerhid.exe (AVAST Software) E:\Avast\avastui.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () E:\Razer\DeathAdder\razertra.exe (Razer Inc.) E:\Razer\DeathAdder\razerofa.exe () E:\Razer\DeathAdder\vdDaemon.exe (C-Dilla Ltd) C:\Windows\SysWOW64\drivers\CDAC11BA.EXE (Foxit Software Inc.) E:\Foxit Reader\FoxitConnectedPDFService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (ASUSTeK Computer Inc.) E:\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe () E:\AI Suite III\Push Notice\PushNoticeMonitor.exe () E:\AI Suite III\Push Notice\PushNotify_PCCtrl.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Realtek Semiconductor Corp.) E:\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe (ASUSTeK Computer Inc.) E:\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (COMODO) E:\COMODO\COMODO Internet Security\cavwp.exe (COMODO) E:\COMODO\COMODO Internet Security\cis.exe () E:\RivaTuner Statistics Server\RTSS.exe () E:\RivaTuner Statistics Server\EncoderServer.exe () E:\RivaTuner Statistics Server\RTSSHooksLoader64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) E:\Firefox\firefox.exe (Mozilla Corporation) E:\Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe (COMODO) E:\COMODO\COMODO Internet Security\cis.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [COMODO Internet Security] => E:\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-10] (COMODO) HKLM-x32\...\Run: [BCSSync] => E:\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation) HKLM-x32\...\Run: [DeathAdder] => E:\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] () HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-12] (Dropbox, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => E:\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-31] (Corsair Components, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-22] (Oracle Corporation) HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1410344 2007-10-15] (Nero AG) HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000 HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\MountPoints2: H - H:\Bin\ASSETUP.exe HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\MountPoints2: {2435fc7c-2978-11e5-854b-f07959650176} - K:\startme.exe HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\MountPoints2: {89357941-d165-11e0-bc6d-806e6f6e6963} - I:\Autoplay.exe HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\MountPoints2: {8b77b709-433a-11e4-80d7-bc5ff42b24f1} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-805129165-182557506-2697121282-1000\...\MountPoints2: {8dcdf759-ff41-11e4-bfee-806e6f6e6963} - H:\Bin\ASSETUP.exe ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Avast\ashShA64.dll [2016-05-23] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-805129165-182557506-2697121282-1000] => 211.110.204.67:80 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1463A70D-A119-43F9-B1DC-B27DFC68B3A2}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{362DA3E9-345D-4798-A098-4516DE246B27}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8F8B8731-A1F2-413B-AB6E-068EC31D8FC1}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BCDE4864-459E-47E8-B6C9-BB35CE81E824}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C3B3EBCE-0D47-43DD-A1CC-B7189E5F4A83}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-805129165-182557506-2697121282-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pl.yahoo.com?fr=fp-comodo HKU\S-1-5-21-805129165-182557506-2697121282-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKU\S-1-5-21-805129165-182557506-2697121282-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-805129165-182557506-2697121282-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-805129165-182557506-2697121282-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-805129165-182557506-2697121282-1000 -> {F48DA960-0FD9-4BB5-9826-C0C271C6C74D} URL = hxxp://www.qword.com/search.php?q={searchTerms}&s=2 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Avast\aswWebRepIE64.dll [2016-05-23] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Avast\aswWebRepIE.dll [2016-05-23] (AVAST Software) BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> E:\FlashGet 3\FlashGetBHO3.dll [2010-12-16] (Trend Media Group) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation) Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKU\S-1-5-21-805129165-182557506-2697121282-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab DPF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} hxxp://www.pcpitstop.com/mhLbl.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab FireFox: ======== FF ProfilePath: C:\Users\dESANT\AppData\Roaming\Mozilla\Firefox\Profiles\9g2a0gsh.default FF Homepage: hxxps://www.google.pl/ FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] () FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: 4game.com/plugin -> C:\Program Files (x86)\4game\4game\npplugin4game.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll [2012-05-11] (ESN Social Software AB) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> E:\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> E:\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [No File] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin HKU\S-1-5-21-805129165-182557506-2697121282-1000: @my.com/Games -> C:\Users\dESANT\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-805129165-182557506-2697121282-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dESANT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-805129165-182557506-2697121282-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-04-28] (Ubisoft) FF Extension: No Name - C:\Users\dESANT\AppData\Roaming\Mozilla\Firefox\Profiles\9g2a0gsh.default\extensions\adblockpopups@jessehakanen.net.xpi [not found] FF Extension: uBlock Origin - C:\Users\dESANT\AppData\Roaming\Mozilla\Firefox\Profiles\9g2a0gsh.default\Extensions\uBlock0@raymondhill.net.xpi [2016-06-23] FF Extension: Session Manager - C:\Users\dESANT\AppData\Roaming\Mozilla\Firefox\Profiles\9g2a0gsh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-18] FF Extension: Download Status Bar - C:\Users\dESANT\AppData\Roaming\Mozilla\Firefox\Profiles\9g2a0gsh.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-03-11] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Avast\WebRep\FF FF Extension: Avast Online Security - E:\Avast\WebRep\FF [2016-05-23] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - E:\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - E:\Avast\SafePrice\FF FF Extension: Avast SafePrice - E:\Avast\SafePrice\FF [2016-05-23] StartMenuInternet: FIREFOX.EXE - E:\Firefox\firefox.exe Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - E:\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-23] Opera: ======= StartMenuInternet: (HKLM) Opera - E:\Opera\Opera.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-09-09] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-10-11] () [File not signed] R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe [384000 2014-10-11] (ASUSTeK Computer Inc.) [File not signed] R2 avast! Antivirus; E:\Avast\AvastSvc.exe [243296 2016-05-23] (AVAST Software) R2 C-DillaCdaC11BA; C:\Windows\SysWOW64\drivers\CDAC11BA.EXE [39936 2014-09-19] (C-Dilla Ltd) [File not signed] R2 CmdAgent; E:\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-10] (COMODO) S3 cmdvirth; E:\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-04-10] (COMODO) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) R2 FoxitReaderService; E:\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-07-02] (Foxit Software Inc.) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-07-04] (Futuremark) S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [245312 2016-06-07] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6211648 2016-06-08] (GOG.com) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-11-17] () [File not signed] S3 Microsoft SharePoint Workspace Audit Service; E:\Microsoft Office\Office14\GROOVE.EXE [31125880 2011-06-12] (Microsoft Corporation) R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [54200 2016-06-24] (Micro-Star INT'L CO., LTD.) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.) S3 Origin Client Service; F:\Origin\OriginClientService.exe [2120712 2016-05-01] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-01-26] () R2 Realtek11nCU; E:\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2016-07-12] (Realtek Semiconductor Corp.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] () R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-23] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-23] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-23] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-23] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-23] (AVAST Software) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-04-06] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [823848 2016-04-06] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56464 2016-04-06] (COMODO) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc) R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2016-03-05] (Corsair) R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2016-03-05] (Corsair) S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor) R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12032 2010-04-19] (Razer (Asia-Pacific) Pte Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-22] (DT Soft Ltd) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed] S3 I2cHkBurn; C:\Windows\System32\drivers\I2cHkBurn.sys [41760 2016-06-24] (FINTEK Corp.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-04-06] (COMODO) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 RTCore64; E:\MSI Afterburner\RTCore64.sys [13512 2016-05-30] () S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3591384 2014-10-13] (Realtek Semiconductor Corporation ) S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33464 2013-09-13] (Razer Inc) S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30904 2013-09-13] (Razer Inc) R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce)) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-22] () [File not signed] S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [201280 2010-09-16] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] S3 CT20XUT.DLL; system32\CT20XUT.DLL [X] S3 CT20XUT.SYS; \SystemRoot\System32\drivers\CT20XUT.SYS [X] S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X] S3 CTEXFIFX.SYS; \SystemRoot\System32\drivers\CTEXFIFX.SYS [X] S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X] S3 CTHWIUT.SYS; \SystemRoot\System32\drivers\CTHWIUT.SYS [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X] S3 MSICDSetup; \??\H:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-15 18:52 - 2016-07-15 18:53 - 00000000 ____D C:\FRST 2016-07-15 18:48 - 2016-07-15 18:49 - 00000504 _____ C:\Users\dESANT\Desktop\RepairDNS.txt 2016-07-14 23:20 - 2016-07-14 23:29 - 00080744 _____ C:\net-log.txt 2016-07-14 22:44 - 2016-07-14 22:44 - 00000000 ___HD C:\$Windows.~WS 2016-07-14 22:36 - 2016-07-14 22:36 - 00000000 ____D C:\$WINDOWS.~BT 2016-07-12 18:00 - 2016-07-12 18:00 - 00000000 ____D C:\Program Files (x86)\Cisco 2016-07-12 17:59 - 2016-07-12 17:59 - 00000816 _____ C:\Users\Public\Desktop\ASUS USB-N13 WLAN Control Center.lnk 2016-07-12 17:59 - 2016-07-12 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2016-07-12 17:59 - 2014-10-13 11:24 - 03591384 ____R (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys 2016-07-12 17:58 - 2016-07-12 17:58 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll 2016-07-12 17:58 - 2016-07-12 17:58 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe 2016-07-12 17:58 - 2016-07-12 17:58 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe 2016-07-12 17:58 - 2016-07-12 17:58 - 00188416 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\RTLExtUI.dll 2016-07-12 17:58 - 2016-07-12 17:58 - 00000000 _____ C:\Windows\RtlUb808.rra 2016-07-12 17:58 - 2009-01-05 20:31 - 00000901 _____ C:\Windows\RtlUI2.exe.manifest 2016-07-12 17:24 - 2016-07-12 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-12 00:53 - 2016-07-15 01:36 - 00002986 _____ C:\Windows\System32\Tasks\MSIAfterburner 2016-07-11 21:28 - 2016-07-11 21:28 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-07-11 21:28 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll 2016-07-11 21:28 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll 2016-07-11 21:28 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe 2016-07-11 21:28 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2016-07-11 21:25 - 2016-07-11 21:26 - 39979576 _____ C:\Windows\system32\nvcompiler.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 35115968 _____ C:\Windows\SysWOW64\nvcompiler.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 31626808 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 25402424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 17302264 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 13523392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2016-07-11 21:25 - 2016-07-11 21:26 - 10672752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 10656296 _____ C:\Windows\system32\nvptxJitCompiler.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 10214760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 09006760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 08742032 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 08600904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 03828968 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 03513400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 03067448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436869.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436869.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00984000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00909248 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00771640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00476664 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00178136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2016-07-11 21:25 - 2016-07-11 21:26 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2016-07-04 17:03 - 2016-07-04 17:03 - 00000000 ____D C:\ProgramData\Futuremark 2016-07-04 17:02 - 2016-07-04 17:02 - 00000000 ____D C:\Program Files (x86)\Futuremark 2016-07-03 22:23 - 2016-07-03 22:23 - 00000605 _____ C:\Users\dESANT\Desktop\MSI Afterburner.lnk 2016-07-02 11:42 - 2016-07-15 17:38 - 00000000 ____D C:\ProgramData\Foxit Software 2016-07-02 09:37 - 2016-07-14 21:54 - 00000022 _____ C:\Windows\GPU-Z.INI 2016-07-02 09:16 - 2016-07-02 09:16 - 00000202 _____ C:\Users\dESANT\Desktop\3DMark.url 2016-06-27 20:18 - 2016-06-27 20:18 - 00000202 _____ C:\Users\dESANT\Desktop\Homeworld Deserts of Kharak.url 2016-06-26 21:43 - 2016-06-26 21:43 - 00000202 _____ C:\Users\dESANT\Desktop\DOOM.url 2016-06-24 22:37 - 2016-06-24 22:37 - 00001230 _____ C:\Users\dESANT\Desktop\HWMonitor.lnk 2016-06-24 21:43 - 2016-06-24 21:43 - 00003068 _____ C:\Windows\System32\Tasks\MSIOSDx86_Host 2016-06-24 21:43 - 2016-06-24 21:43 - 00003068 _____ C:\Windows\System32\Tasks\MSIOSDx64_Host 2016-06-24 21:43 - 2016-06-24 21:43 - 00003002 _____ C:\Windows\System32\Tasks\MSISW_Host 2016-06-24 21:42 - 2016-06-26 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2016-06-24 21:42 - 2016-06-26 21:41 - 00000000 ____D C:\Program Files (x86)\MSI 2016-06-24 21:42 - 2016-06-26 20:23 - 01692840 _____ (MSI) C:\Windows\SysWOW64\muachost.exe 2016-06-24 21:42 - 2016-06-24 21:43 - 00000000 ____D C:\MSI 2016-06-24 21:42 - 2016-06-24 21:42 - 00041760 _____ (FINTEK Corp.) C:\Windows\system32\Drivers\I2cHkBurn.sys 2016-06-24 21:42 - 2016-06-24 21:42 - 00031520 _____ (TODO: <公司名稱>) C:\Windows\system32\FintekIcon1.dll 2016-06-24 21:32 - 2016-06-25 23:39 - 00000000 ____D C:\Users\dESANT\AppData\Roaming\NVIDIA 2016-06-24 21:28 - 2016-07-11 21:27 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2016-06-24 21:28 - 2016-06-29 20:36 - 06364728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2016-06-24 21:28 - 2016-06-29 20:36 - 02455608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2016-06-24 21:28 - 2016-06-29 20:36 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2016-06-24 21:28 - 2016-06-29 20:36 - 00532416 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2016-06-24 21:28 - 2016-06-29 20:36 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2016-06-24 21:28 - 2016-06-29 20:36 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2016-06-24 21:28 - 2016-06-29 20:36 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2016-06-24 21:28 - 2016-06-23 10:04 - 07208075 _____ C:\Windows\system32\nvcoproc.bin 2016-06-24 21:27 - 2016-06-24 21:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-06-24 21:27 - 2016-06-24 21:26 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2016-06-24 21:27 - 2016-06-24 21:26 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2016-06-24 21:26 - 2016-07-11 21:26 - 19199216 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2016-06-24 21:26 - 2016-07-11 21:26 - 16774904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2016-06-24 21:26 - 2016-07-11 21:26 - 14356952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2016-06-24 21:26 - 2016-07-11 21:26 - 03387080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2016-06-24 21:26 - 2016-06-30 00:44 - 00039124 _____ C:\Windows\system32\nvinfo.pb 2016-06-24 21:26 - 2016-06-24 21:26 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436839.dll 2016-06-24 21:26 - 2016-06-24 21:26 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436839.dll 2016-06-24 21:26 - 2016-06-03 09:38 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json 2016-06-24 21:26 - 2016-06-03 09:38 - 00000594 _____ C:\Windows\system32\nv-vk64.json 2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\dESANT\AppData\Roaming\Eusing 2016-06-23 20:01 - 2016-06-23 20:11 - 00000040 _____ C:\Users\dESANT\AppData\Roaming\cdr.ini 2016-06-23 20:01 - 2016-06-23 20:01 - 00880912 _____ (Microsoft Corporation) C:\Windows\WM8EUTIL.exe 2016-06-23 20:01 - 2016-06-23 20:01 - 00000561 _____ C:\Users\Guest\Desktop\Free CD to MP3 Converter.lnk 2016-06-23 20:01 - 2016-06-23 20:01 - 00000561 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk 2016-06-23 20:01 - 2016-06-23 20:01 - 00000000 ____D C:\Users\dESANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware 2016-06-23 20:01 - 2016-06-23 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware 2016-06-16 21:47 - 2016-06-16 21:47 - 00000000 ____D C:\Users\dESANT\AppData\Roaming\Petroglyph ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-15 18:19 - 2015-06-18 22:07 - 00001152 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-07-15 17:46 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-15 17:46 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-15 17:38 - 2015-06-18 22:07 - 00001148 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-07-15 17:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-14 22:44 - 2011-05-10 23:27 - 00000000 ____D C:\Windows\Panther 2016-07-14 22:42 - 2011-05-10 14:02 - 00741476 _____ C:\Windows\system32\perfh015.dat 2016-07-14 22:42 - 2011-05-10 14:02 - 00156548 _____ C:\Windows\system32\perfc015.dat 2016-07-14 22:42 - 2009-07-14 07:13 - 01674202 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-14 22:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-07-14 21:53 - 2015-09-01 18:30 - 00000000 ____D C:\Users\dESANT\.oracle_jre_usage 2016-07-14 21:15 - 2015-08-09 14:01 - 00000000 ____D C:\SCMUserData 2016-07-14 17:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-07-14 17:09 - 2015-07-08 18:42 - 00004124 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-07-13 18:45 - 2015-02-11 23:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-12 17:59 - 2009-07-14 04:34 - 00000627 _____ C:\Windows\win.ini 2016-07-12 17:58 - 2011-05-10 14:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-12 17:24 - 2015-06-18 22:07 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-07-11 21:28 - 2011-06-05 19:07 - 00000000 ____D C:\ProgramData\NVIDIA 2016-07-09 07:38 - 2012-04-15 19:57 - 00000069 _____ C:\Windows\NeroDigital.ini 2016-07-03 22:24 - 2011-05-19 21:36 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-07-02 09:37 - 2015-05-21 00:41 - 00000000 ____D C:\Temp 2016-06-27 17:35 - 2009-07-14 06:45 - 00352872 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-26 08:51 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-06-25 12:24 - 2013-12-13 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2016-06-24 21:31 - 2009-07-14 01:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys 2016-06-24 21:28 - 2011-05-10 15:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-06-24 21:27 - 2011-05-10 15:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-06-23 22:25 - 2012-06-08 13:25 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-23 20:26 - 2012-12-16 16:20 - 00000004 _____ C:\Windows\SysWOW64\micr0st.dll 2016-06-23 19:57 - 2012-12-19 00:05 - 00000000 ____D C:\Users\dESANT\AppData\Roaming\Mp3tag 2016-06-21 17:49 - 2014-11-07 18:57 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-06-21 17:49 - 2014-11-07 18:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-18 12:41 - 2015-02-11 23:10 - 00000626 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ==================== Files in the root of some directories ======= 2011-06-19 00:52 - 2003-09-03 08:46 - 0010960 _____ () C:\Program Files (x86)\EULA.txt 2011-06-19 00:52 - 2013-01-29 00:26 - 0003274 _____ () C:\Program Files (x86)\INSTALL.LOG 2011-06-19 00:52 - 2003-12-18 12:33 - 0020102 _____ () C:\Program Files (x86)\Readme.txt 2016-06-23 20:01 - 2016-06-23 20:11 - 0000040 _____ () C:\Users\dESANT\AppData\Roaming\cdr.ini 2012-06-16 22:12 - 2012-06-16 22:14 - 0000565 _____ () C:\Users\dESANT\AppData\Roaming\MPQEditor.ini 2016-05-16 00:14 - 2016-05-16 00:14 - 0000000 ____H () C:\Users\dESANT\AppData\Local\BIT55FE.tmp 2013-10-06 23:02 - 2013-10-06 23:02 - 0008598 _____ () C:\Users\dESANT\AppData\Local\CleanupUninstall.txt 2012-05-01 22:17 - 2012-05-01 22:31 - 0000079 _____ () C:\Users\dESANT\AppData\Local\CrystalDiskMark30.ini 2011-06-05 15:46 - 2014-09-20 09:32 - 0011776 _____ () C:\Users\dESANT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 18:09 - 2012-03-30 18:09 - 0003072 _____ () C:\Users\dESANT\AppData\Local\file__0.localstorage 2011-05-11 14:31 - 2015-08-06 18:05 - 0007633 _____ () C:\Users\dESANT\AppData\Local\resmon.resmoncfg 2012-03-27 01:40 - 2012-03-27 01:40 - 0000003 _____ () C:\Users\dESANT\AppData\Local\user_data.ini 2016-05-16 00:13 - 2016-05-16 00:14 - 0000000 _____ () C:\Users\dESANT\AppData\Local\{1D83D8EA-5823-4DAA-A974-AFA5F59D65D5} 2011-05-31 22:55 - 2011-06-02 14:11 - 0000057 _____ () C:\ProgramData\ra3.ini ZeroAccess: C:\Users\dESANT\AppData\Local\{47b5b253-471a-9bfe-d979-187ce8d6d5b7} C:\Users\dESANT\AppData\Local\{47b5b253-471a-9bfe-d979-187ce8d6d5b7}\@ ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-07 23:13 ==================== End of FRST.txt ============================