Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016 Ran by Szymon (administrator) on SZYMON-PC (26-10-2016 10:13:22) Running from C:\Users\Szymon\Desktop Loaded Profiles: Szymon (Available Profiles: Szymon) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (hxxp://www.amule.org/) C:\Program Files (x86)\amuleC\ed2k.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328 2013-09-09] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205624 2013-05-30] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation) HKU\S-1-5-21-1828617473-2846505221-2361362635-1000\...\MountPoints2: F - F:\setup.exe HKU\S-1-5-21-1828617473-2846505221-2361362635-1000\...\MountPoints2: {ded12ede-9090-11e6-a651-240a645993be} - F:\LG_PC_Programs.exe HKU\S-1-5-18\...\Run: [] => 0 HKLM\...\Providers\25zww50t: C:\_\local64spl.dll HKLM\...\Providers\50zpsas3: C:\\local64spl.dll [142848 2016-10-25] () HKLM\...\Providers\638fs7ol: D:\Web Development_\local64spl.dll [142848 2016-10-25] () HKLM\...\Providers\9f88yy9f: D:\Dokumenty_\local64spl.dll [142848 2016-10-25] () HKLM\...\Providers\aq4cax80: D:\Torrenty_\local64spl.dll [142848 2016-10-25] () HKLM\...\Providers\t3mjc97d: D:\Web Development\\local64spl.dll [142848 2016-10-25] () HKLM\...\Providers\va97s1dx: D:\Torrenty\\local64spl.dll [142848 2016-10-25] () HKLM\...\Providers\veyjbtt3: D:\Dokumenty\\local64spl.dll [142848 2016-10-25] () HKLM\...\Providers\yvs3ud5b: D:\Gry\\local64spl.dll [142848 2016-10-25] () HKLM\...\Providers\zr52og7w: D:\Gry_\local64spl.dll [142848 2016-10-25] () AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-22] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => No File GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 217.144.192.2 217.144.192.33 Tcpip\..\Interfaces\{54D00981-F980-4A39-B7A1-9A0C686109D3}: [DhcpNameServer] 217.144.192.2 217.144.192.33 Tcpip\..\Interfaces\{E71F4234-8AEE-48D7-A3F1-5992507B2462}: [DhcpNameServer] 217.144.192.2 217.144.192.33 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKU\S-1-5-21-1828617473-2846505221-2361362635-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: u2ez73io.default FF ProfilePath: C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\u2ez73io.default\Profiles\u2ez73io.default [not found] FF ProfilePath: C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\u2ez73io.default [2016-10-26] FF Homepage: Mozilla\Firefox\Profiles\u2ez73io.default -> hxxp://www.mylucky123.com/?type=hp&ts=1477468201&z=d92f435a30c17fe9829f944g5zam5mez0qab1o3e4c&from=interhop1024&uid=HGSTXHTS545050A7E680_TMA55C4T0595BL0595BLX FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\u2ez73io.default\Extensions\marcoagpinto@mail.telepac.pt [2016-10-02] FF Extension: (Adblock Plus) - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\u2ez73io.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-1828617473-2846505221-2361362635-1000: SkypePlugin -> C:\Users\Szymon\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi.dll [2016-09-22] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-1828617473-2846505221-2361362635-1000: SkypePlugin64 -> C:\Users\Szymon\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi-x64.dll [2016-09-22] (Skype Technologies S.A.) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR HomePage: ChromeDefaultData -> hxxp://www.mylucky123.com/?type=hp&ts=1477468201&z=d92f435a30c17fe9829f944g5zam5mez0qab1o3e4c&from=interhop1024&uid=HGSTXHTS545050A7E680_TMA55C4T0595BL0595BLX CHR StartupUrls: ChromeDefaultData -> "hxxp://www.mylucky123.com/?type=hp&ts=1477468201&z=d92f435a30c17fe9829f944g5zam5mez0qab1o3e4c&from=interhop1024&uid=HGSTXHTS545050A7E680_TMA55C4T0595BL0595BLX" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.mylucky123.com/search/?type=ds&ts=1477468201&z=d92f435a30c17fe9829f944g5zam5mez0qab1o3e4c&from=interhop1024&uid=HGSTXHTS545050A7E680_TMA55C4T0595BL0595BLX&q={searchTerms} CHR DefaultSearchKeyword: ChromeDefaultData -> mylucky123 CHR Profile: C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-26] <==== ATTENTION CHR Extension: (Dokumenty Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-25] CHR Extension: (Dysk Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-25] CHR Extension: (YouTube) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-25] CHR Extension: (Dokumenty Google offline) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-20] CHR Extension: (Gmail) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-25] CHR Extension: (Chrome Media Router) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-20] CHR Profile: C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default [2016-10-20] CHR Extension: (Prezentacje Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18] CHR Extension: (Dokumenty Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18] CHR Extension: (Dysk Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18] CHR Extension: (YouTube) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18] CHR Extension: (Arkusze Google) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18] CHR Extension: (Dokumenty Google offline) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18] CHR Extension: (Gmail) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18] CHR Extension: (Chrome Media Router) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-10] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [337920 2016-10-26] () [File not signed] R2 ed2kidle; C:\Program Files (x86)\amuleC\ed2k.exe [237568 2016-10-08] (hxxp://www.amule.org/) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-14] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [218624 2016-10-26] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.) R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [70928 2013-12-12] (ASUS Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 GMLXD16Fltr; C:\Windows\System32\drivers\GMLXDFltr01.sys [19488 2016-05-27] (LXD Development, Inc.) R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2016-10-10] (Nicomsoft Ltd.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVCx32: HpSvc -> no filepath. ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-26 10:13 - 2016-10-26 10:13 - 00017313 _____ C:\Users\Szymon\Desktop\FRST.txt 2016-10-26 10:11 - 2016-10-26 10:13 - 00000000 ____D C:\FRST 2016-10-26 10:11 - 2016-10-26 10:11 - 02407424 _____ (Farbar) C:\Users\Szymon\Desktop\FRST64.exe 2016-10-26 09:51 - 2016-10-26 10:08 - 00000000 ____D C:\Program Files (x86)\UvConverter 2016-10-26 09:51 - 2016-10-26 09:51 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2016-10-26 09:51 - 2016-10-26 09:51 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\aMule 2016-10-26 09:51 - 2016-10-26 09:51 - 00000000 ____D C:\Program Files (x86)\amuleC 2016-10-26 09:48 - 2016-10-26 09:48 - 00000000 ____D C:\ProgramData\WinSAPSvc 2016-10-26 09:48 - 2016-10-26 09:48 - 00000000 ____D C:\Program Files (x86)\WinArcher 2016-10-26 09:48 - 2016-10-26 09:48 - 00000000 ____D C:\Program Files (x86)\dgzh9k1q 2016-10-25 10:11 - 2016-10-26 10:08 - 00000000 ___HD C:\_ 2016-10-25 10:11 - 2016-10-25 10:11 - 00142848 ____H C:\local64spl.dll 2016-10-25 10:11 - 2016-10-25 10:11 - 00000020 ____H C:\local64spl.dll.ini 2016-10-21 00:39 - 2016-10-21 08:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-10-20 19:04 - 2016-10-25 14:30 - 00000000 ____D C:\Users\Szymon\AppData\LocalLow\BitTorrent 2016-10-20 18:34 - 2016-10-26 09:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-10-20 18:34 - 2016-10-20 18:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-10-20 18:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-10-20 18:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-10-20 18:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-10-20 18:26 - 2016-10-20 18:26 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\ludashi 2016-10-20 18:18 - 2016-10-21 00:00 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 2016-10-20 18:16 - 2016-10-20 18:16 - 00000000 ____D C:\Windows\system32\afy 2016-10-20 18:15 - 2016-10-20 18:15 - 00000000 ____D C:\ProgramData\{60A42444-C486-4f5c-8B71-3AD1E996CD72}.tmp 2016-10-20 18:12 - 2016-10-20 18:50 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\Geunfy 2016-10-20 18:12 - 2016-10-20 18:48 - 00000000 ____D C:\Users\Szymon\AppData\LocalLow\Company 2016-10-20 18:12 - 2016-10-20 18:21 - 00000000 ____D C:\Users\Szymon\AppData\Local\app 2016-10-20 18:12 - 2016-10-20 18:12 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\KuaiZip 2016-10-20 18:12 - 2016-10-20 18:12 - 00000000 ____D C:\Users\Szymon\AppData\Local\Tempfolder 2016-10-20 18:12 - 2016-10-20 18:12 - 00000000 ____D C:\uninst 2016-10-20 18:12 - 2016-10-20 18:12 - 00000000 ____D C:\ProgramData\Avira 2016-10-20 18:12 - 2016-10-20 18:12 - 00000000 ____D C:\ProgramData\Avg 2016-10-20 18:12 - 2016-10-20 18:12 - 00000000 ____D C:\ProgramData\AVAST Software 2016-10-20 18:11 - 2016-10-26 10:08 - 00000000 ____D C:\Program Files (x86)\Phijswajerk_ 2016-10-20 18:11 - 2016-10-25 23:44 - 00000458 _____ C:\Windows\Tasks\UCBrowserUpdater.job 2016-10-20 18:11 - 2016-10-20 18:11 - 00003542 _____ C:\Windows\System32\Tasks\8d710389a9c763b3644f88e1c10ff747 2016-10-20 18:11 - 2016-10-20 18:11 - 00003434 _____ C:\Windows\System32\Tasks\UCBrowserUpdater 2016-10-20 18:11 - 2016-10-20 18:11 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\Softlink 2016-10-20 18:10 - 2016-10-20 18:10 - 00000000 _____ C:\TOSTACK 2016-10-20 18:09 - 2016-10-20 18:10 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\Microleaves 2016-10-20 18:09 - 2016-10-20 18:09 - 07214592 _____ C:\Users\Szymon\AppData\Roaming\agent.dat 2016-10-20 18:09 - 2016-10-20 18:09 - 00018432 _____ C:\Users\Szymon\AppData\Roaming\Main.dat 2016-10-20 18:08 - 2016-10-20 18:08 - 00140288 _____ C:\Users\Szymon\AppData\Roaming\Installer.dat 2016-10-19 19:24 - 2016-10-19 19:24 - 00000000 ____D C:\Users\Szymon\Documents\My Games 2016-10-19 19:24 - 2016-10-19 19:24 - 00000000 ____D C:\ProgramData\Steam 2016-10-19 19:23 - 2016-10-26 10:09 - 00000747 _____ C:\Users\Public\Desktop\BioShock Infinite.lnk 2016-10-19 19:23 - 2016-10-19 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioShock Infinite 2016-10-19 18:40 - 2016-10-19 18:40 - 00000000 ____D C:\Users\Szymon\AppData\Local\Setup Integrity Check 2016-10-16 14:52 - 2016-10-16 14:55 - 00000000 ____D C:\Users\Szymon\Evernote 2016-10-16 14:52 - 2016-10-16 14:52 - 00000000 ____D C:\Users\Szymon\AppData\LocalLow\Evernote 2016-10-12 23:45 - 2016-10-12 23:45 - 00000000 ____D C:\Python27 2016-10-12 23:45 - 2016-10-12 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 2016-10-12 23:12 - 2016-10-20 18:11 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2016-10-11 18:50 - 2016-10-11 18:51 - 00000000 ____D C:\Program Files\Sublime Text 3 2016-10-10 14:12 - 2016-10-10 14:12 - 00020784 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys 2016-10-10 14:11 - 2016-10-20 18:11 - 00000000 ____D C:\Program Files (x86)\i-Menu 2016-10-10 14:11 - 2016-10-10 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen+ 2016-10-10 14:11 - 2016-10-10 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu 2016-10-10 14:11 - 2016-10-10 14:11 - 00000000 ____D C:\Program Files\Screen+ 2016-10-07 23:32 - 2016-10-25 23:16 - 00000000 ____D C:\Users\Szymon\Desktop\pulpit 2016-10-07 18:07 - 2016-10-07 18:07 - 00000000 ____D C:\ProgramData\DualMonitor ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-26 10:09 - 2016-06-23 22:40 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2016-10-26 10:09 - 2016-06-18 21:42 - 00000810 _____ C:\Users\Szymon\Desktop\Udemy - Shortcut.lnk 2016-10-26 10:09 - 2016-06-18 17:52 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-26 10:09 - 2016-06-18 17:51 - 00000930 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk 2016-10-26 10:09 - 2016-05-24 12:56 - 00000735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk 2016-10-26 10:09 - 2016-05-24 12:52 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2016-10-26 10:09 - 2016-05-07 10:28 - 00001881 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk 2016-10-26 10:09 - 2016-05-06 15:58 - 00000777 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk 2016-10-26 10:09 - 2016-04-24 16:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-10-26 10:09 - 2016-04-16 11:22 - 00002070 _____ C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk 2016-10-26 10:09 - 2016-04-14 18:10 - 00002600 _____ C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2016-10-26 10:09 - 2016-04-14 17:56 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-10-26 10:09 - 2016-04-14 05:28 - 00001393 _____ C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-10-26 10:09 - 2014-11-15 13:06 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-10-26 10:09 - 2014-11-15 13:06 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-10-26 10:09 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-10-26 10:09 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-10-26 10:09 - 2009-07-14 06:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-10-26 10:09 - 2009-07-14 06:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-10-26 10:09 - 2009-07-14 06:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-10-26 10:09 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-10-26 10:08 - 2016-06-18 17:52 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-26 10:08 - 2016-06-18 17:52 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-26 10:08 - 2016-05-05 22:48 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job 2016-10-26 10:08 - 2016-04-14 18:33 - 00000000 __SHD C:\Users\Szymon\IntelGraphicsProfiles 2016-10-26 10:08 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker 2016-10-26 10:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-26 09:59 - 2016-04-14 17:58 - 00000000 ____D C:\Users\Szymon\AppData\Local\Adobe 2016-10-26 09:55 - 2009-07-14 07:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-26 09:55 - 2009-07-14 06:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-26 09:55 - 2009-07-14 06:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-26 09:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-10-26 09:50 - 2016-05-18 08:27 - 00000000 ____D C:\Users\Szymon\AppData\Local\CrashDumps 2016-10-26 09:48 - 2009-07-14 07:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-10-25 23:43 - 2016-04-14 17:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-10-25 15:57 - 2016-04-14 18:09 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\BitTorrent 2016-10-25 10:18 - 2016-04-16 11:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-10-21 08:51 - 2016-04-14 17:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-10-20 23:38 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\addins 2016-10-20 23:37 - 2016-05-05 22:48 - 00000000 ____D C:\Windows\AutoKMS 2016-10-20 18:58 - 2016-04-14 18:10 - 00109280 _____ C:\Users\Szymon\AppData\Local\GDIPFONTCACHEV1.DAT 2016-10-20 18:57 - 2009-07-14 06:45 - 05078464 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-20 18:50 - 2016-05-05 22:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2016-10-20 18:50 - 2016-04-16 11:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-10-20 18:50 - 2016-04-14 18:23 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-10-20 18:49 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles 2016-10-20 18:20 - 2016-05-05 22:48 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS 2016-10-20 18:13 - 2016-06-17 20:22 - 00000000 ____D C:\Windows\system32\appmgmt 2016-10-20 18:11 - 2016-08-28 00:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-10-20 18:11 - 2016-08-27 21:00 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-10-20 18:11 - 2016-06-23 22:40 - 00000000 ____D C:\Program Files (x86)\Audacity 2016-10-20 18:11 - 2016-06-18 17:52 - 00000000 ____D C:\Program Files (x86)\Google 2016-10-20 18:11 - 2016-06-08 12:09 - 00000000 ____D C:\Program Files (x86)\NetCracker Professional 2016-10-20 18:11 - 2016-06-04 16:24 - 00000000 ___HD C:\Program Files (x86)\Temp 2016-10-20 18:11 - 2016-05-07 10:34 - 00000000 ____D C:\Program Files (x86)\VSO 2016-10-20 18:11 - 2016-05-07 10:28 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2016-10-20 18:11 - 2016-05-05 22:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-10-20 18:11 - 2016-05-05 22:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2016-10-20 18:11 - 2016-04-24 16:09 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-10-20 18:11 - 2016-04-22 15:22 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2016-10-20 18:11 - 2016-04-22 14:55 - 00000000 ____D C:\Program Files (x86)\Winamp 2016-10-20 18:11 - 2016-04-21 22:09 - 00000000 ____D C:\Program Files (x86)\ASUS 2016-10-20 18:11 - 2016-04-20 18:26 - 00000000 ____D C:\Program Files (x86)\VentSrv 2016-10-20 18:11 - 2016-04-14 18:36 - 00000000 ____D C:\Program Files (x86)\NapiProjekt 2016-10-20 18:11 - 2016-04-14 18:31 - 00000000 ____D C:\Program Files (x86)\Intel 2016-10-20 18:11 - 2016-04-14 18:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-10-20 18:11 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2016-10-20 18:11 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-10-20 18:11 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-10-20 18:11 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-10-20 18:11 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-10-20 18:11 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-10-20 18:11 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files (x86)\Windows NT 2016-10-19 19:24 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-10-16 14:52 - 2016-04-14 05:28 - 00000000 ____D C:\Users\Szymon 2016-10-15 13:30 - 2016-04-16 14:49 - 00000024 _____ C:\Users\Szymon\random.dat 2016-10-15 13:29 - 2016-04-16 14:49 - 00000045 _____ C:\Users\Szymon\jagex_cl_runescape_LIVE.dat 2016-10-15 13:29 - 2016-04-16 14:49 - 00000024 _____ C:\Users\Szymon\jagexappletviewer.preferences 2016-10-11 18:51 - 2016-06-18 17:51 - 00000000 ____D C:\Users\Szymon\AppData\Local\Sublime Text 3 2016-10-11 14:43 - 2016-04-14 17:58 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-11 14:43 - 2016-04-14 17:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-10-11 14:43 - 2016-04-14 17:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-10-11 14:43 - 2016-04-14 17:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-11 14:43 - 2016-04-14 17:58 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-06 00:15 - 2016-07-17 15:00 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\Skype 2016-10-03 01:15 - 2016-07-17 14:59 - 00000000 ____D C:\Users\Szymon\AppData\Local\SkypePlugin ==================== Files in the root of some directories ======= 2016-10-20 18:09 - 2016-10-20 18:09 - 7214592 _____ () C:\Users\Szymon\AppData\Roaming\agent.dat 2016-05-07 10:34 - 2016-05-08 16:11 - 0099384 _____ () C:\Users\Szymon\AppData\Roaming\inst.exe 2016-10-20 18:08 - 2016-10-20 18:08 - 0140288 _____ () C:\Users\Szymon\AppData\Roaming\Installer.dat 2016-10-20 18:09 - 2016-10-20 18:09 - 0018432 _____ () C:\Users\Szymon\AppData\Roaming\Main.dat 2016-05-07 10:34 - 2016-05-08 16:11 - 0007859 _____ () C:\Users\Szymon\AppData\Roaming\pcouffin.cat 2016-05-07 10:34 - 2016-05-08 16:11 - 0001167 _____ () C:\Users\Szymon\AppData\Roaming\pcouffin.inf 2016-05-07 10:34 - 2016-05-08 16:11 - 0000055 _____ () C:\Users\Szymon\AppData\Roaming\pcouffin.log 2016-05-07 10:34 - 2016-05-08 16:11 - 0082816 _____ (VSO Software) C:\Users\Szymon\AppData\Roaming\pcouffin.sys Some files in TEMP: ==================== C:\Users\Szymon\AppData\Local\Temp\4B42.tmp.exe C:\Users\Szymon\AppData\Local\Temp\7A5E.tmp.exe C:\Users\Szymon\AppData\Local\Temp\A97A.tmp.exe C:\Users\Szymon\AppData\Local\Temp\Browser_V5.6.14087.902_f_4674_(Build1608021049).exe C:\Users\Szymon\AppData\Local\Temp\dxdiag.exe C:\Users\Szymon\AppData\Local\Temp\frag.exe C:\Users\Szymon\AppData\Local\Temp\inst_buychannel_06.exe C:\Users\Szymon\AppData\Local\Temp\KuaiZip.exe C:\Users\Szymon\AppData\Local\Temp\ludashisetup.exe C:\Users\Szymon\AppData\Local\Temp\nsg2AEE.tmp.exe C:\Users\Szymon\AppData\Local\Temp\setup.exe C:\Users\Szymon\AppData\Local\Temp\vcredist_x64.exe C:\Users\Szymon\AppData\Local\Temp\vcredist_x86.exe C:\Users\Szymon\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-25 19:09 ==================== End of FRST.txt ============================