Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2015 Ran by Sebastian (administrator) on SEBASTIANK on 13-01-2015 17:13:57 Running from C:\scan Loaded Profiles: Sebastian & MSSQL$SQLEXPRESS (Available profiles: Sebastian & MSSQL$SQLEXPRESS & MSSQLSERVER) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe () C:\Program Files (x86)\PHotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) D:\Programy\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Program Files (x86)\GIGABYTE\U7300 Utilities\CONRCtl.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\PHotkey\Atouch64.exe () C:\Program Files (x86)\PHotkey\PVDesktop.exe () C:\Program Files (x86)\PHotkey\PVDAgent.exe (Pegatron Corporation) C:\Program Files (x86)\PHotkey\MsOsd.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\ehome\mcupdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM-x32\...\Run: [UsbAudBsDeck] => C:\Program Files (x86)\VIA\VIAudUsb\BSDeck\BSDeck.exe [1320960 2011-12-16] (VIA Technologies, Ltd.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2966516881-2113031637-2349138176-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe [16294912 2014-12-30] () HKU\S-1-5-21-2966516881-2113031637-2349138176-1000\...\MountPoints2: {13b08022-1c42-11e3-a954-ae9d4920a9f8} - H:\Startme.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk ShortcutTarget: Remote Control.lnk -> C:\Program Files (x86)\GIGABYTE\U7300 Utilities\CONRCtl.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS PC Sound.lnk ShortcutTarget: SRS PC Sound.lnk -> C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.) Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ispektor.lnk ShortcutTarget: ispektor.lnk -> C:\NVIDIA\Inspector\ispektor.nip () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\S-1-5-21-2966516881-2113031637-2349138176-1000 -> {5F926E5F-000D-49A2-BF57-0E81B260EC84} URL = https://www.google.com/search?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2966516881-2113031637-2349138176-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: LastPass - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\Extensions\support@lastpass.com [2014-08-21] FF Extension: Bitdefender QuickScan - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17] FF Extension: MEGA - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\Extensions\firefox@mega.co.nz.xpi [2014-03-10] FF Extension: easy Xdebug - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\Extensions\info@elime.be.xpi [2014-10-26] FF Extension: YouTube Center - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-11-29] FF Extension: Secure Login - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\Extensions\secureLogin@blueimp.net.xpi [2013-09-30] FF Extension: YouTube High Definition - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-11] FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-03] Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.6) - D:\Programy\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - D:\Programy\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - D:\Programy\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - D:\Programy\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - D:\Programy\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-12] CHR Extension: (Dysk Google) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-12] CHR Extension: (YouTube Center) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-06-10] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-12] CHR Extension: (Szukaj w Google) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-12] CHR Extension: (Tampermonkey) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-05-31] CHR Extension: (AdBlock) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-17] CHR Extension: (Google Hangouts) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-11-07] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR Extension: (Gmail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2010-12-10] () R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.) S4 AWiCSrvc; C:\Program Files (x86)\Atheros\AWiCSrvc.exe [50336 2011-03-02] (Atheros Communications) [File not signed] R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S4 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2013-12-23] (Connectify) [File not signed] S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-07-04] (Macrovision Europe Ltd.) [File not signed] S4 Futuremark SystemInfo Service; D:\Programy\Futuremark\SystemInfo\FMSISvc.exe [140384 2013-06-25] (Futuremark Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-12-10] () R2 MSSQL$SQLEXPRESS; D:\Programy\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation) S2 MSSQLSERVER; D:\Programy\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S4 OpenVPNService; D:\Programy\OpenVPN\bin\openvpnserv.exe [37176 2014-04-14] (The OpenVPN Project) S3 Origin Client Service; D:\Gry\Origin\OriginClientService.exe [1903472 2014-12-21] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] () S4 SkypeUpdate; D:\Programy\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies) S4 SQLAgent$SQLEXPRESS; D:\Programy\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation) S4 SQLSERVERAGENT; D:\Programy\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.) S4 TeamViewer9; D:\Programy\TeamViewer\Version9\TeamViewer_Service.exe [5037888 2014-06-16] (TeamViewer GmbH) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2014-03-31] (Connectify) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-10] (Disc Soft Ltd) S3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [67584 2012-09-07] (Sentelic Corporation) S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2010-11-08] (Atheros Communications, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2010-12-10] (PEGATRON) S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation) S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-10] (Duplex Secure Ltd.) S3 UsbAudio10; C:\Windows\System32\drivers\ViaUsbAudio.sys [106096 2012-05-10] (VIA Technologies, Inc.) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-11-29] (Oracle Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 16:46 - 2015-01-12 16:46 - 01163821 _____ () C:\Users\Sebastian\Desktop\mateo.rar 2015-01-10 20:00 - 2015-01-13 17:13 - 00000000 ____D () C:\scan 2015-01-10 19:56 - 2015-01-13 17:14 - 00000000 ____D () C:\FRST 2015-01-10 17:43 - 2015-01-10 17:46 - 00000000 ____D () C:\AdwCleaner 2015-01-10 16:15 - 2015-01-10 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-01-10 16:14 - 2015-01-10 16:14 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2015-01-10 16:02 - 2015-01-10 16:02 - 00000216 _____ () C:\Windows\Tasks\SidebarExecute.job 2015-01-10 14:28 - 2014-05-06 13:57 - 00025800 _____ () C:\Users\Sebastian\Desktop\ammo_manager.sp 2015-01-10 14:27 - 2015-01-10 14:27 - 00021095 _____ () C:\Users\Sebastian\Desktop\AmmoManager-master.zip 2015-01-10 12:41 - 2015-01-10 12:41 - 00012084 _____ () C:\Users\Sebastian\Desktop\sm_replen.sp 2015-01-09 17:13 - 2015-01-09 17:13 - 00000014 _____ () C:\Users\Sebastian\Desktop\gdsgds.txt 2015-01-08 20:48 - 2015-01-10 15:47 - 00000921 _____ () C:\Users\Sebastian\Desktop\lapt.txt 2015-01-04 19:47 - 2015-01-04 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody 2015-01-04 18:44 - 2015-01-04 18:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-29 00:53 - 2014-12-29 00:53 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-12-29 00:53 - 2014-12-29 00:53 - 00000000 ____D () C:\Windows\system32\NV 2014-12-29 00:50 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-29 00:50 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-12-29 00:50 - 2014-12-13 11:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2014-12-29 00:49 - 2014-12-29 00:49 - 00000000 __SHD () C:\Users\Sebastian\AppData\Local\EmieBrowserModeList 2014-12-29 00:46 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-29 00:46 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-25 13:36 - 2014-12-25 13:38 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Knights Saves 2014-12-25 13:36 - 2014-12-25 13:36 - 00000000 ____D () C:\Users\Sebastian\Desktop\Km TPR 2014-12-23 10:30 - 2015-01-13 17:07 - 00003012 _____ () C:\Windows\System32\Tasks\MSIAfterburner 2014-12-18 18:49 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 18:49 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 21:08 - 2014-12-17 21:08 - 00001260 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA USB Audio Deck.lnk 2014-12-17 21:06 - 2012-05-10 11:20 - 00695408 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAUsbPageExt.dll 2014-12-17 21:06 - 2012-05-10 11:20 - 00654960 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAUsbSysFx.dll 2014-12-17 21:06 - 2012-05-10 11:20 - 00106096 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\ViaUsbAudio.sys 2014-12-17 21:06 - 2012-05-10 11:20 - 00093808 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExtb.dll 2014-12-17 21:06 - 2012-05-10 11:20 - 00091248 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPOb.dll 2014-12-17 20:47 - 2015-01-04 19:46 - 00000000 ____D () C:\Program Files (x86)\Bloody5 2014-12-17 20:01 - 2014-12-17 21:08 - 00000000 ____D () C:\Program Files (x86)\VIA 2014-12-16 17:50 - 2014-12-16 17:50 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft Corporation ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 17:14 - 2013-07-03 10:42 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-13 17:13 - 2009-07-14 05:45 - 00032032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-13 17:13 - 2009-07-14 05:45 - 00032032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-13 17:06 - 2014-11-16 18:56 - 00026416 _____ () C:\Windows\setupact.log 2015-01-13 17:05 - 2013-07-12 03:56 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-13 17:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-13 17:02 - 2014-09-10 02:50 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-13 17:02 - 2013-07-02 17:19 - 01664464 _____ () C:\Windows\WindowsUpdate.log 2015-01-13 17:01 - 2014-12-09 19:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-13 16:58 - 2013-07-12 03:56 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-13 07:29 - 2013-07-10 15:00 - 00677760 _____ () C:\Windows\DPINST.LOG 2015-01-12 17:41 - 2013-12-15 20:04 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Composer 2015-01-10 17:48 - 2010-11-21 04:47 - 00377184 _____ () C:\Windows\PFRO.log 2015-01-10 16:32 - 2013-07-02 17:25 - 00001431 _____ () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-10 16:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2015-01-10 16:19 - 2011-04-12 14:21 - 00920766 _____ () C:\Windows\system32\perfh015.dat 2015-01-10 16:19 - 2011-04-12 14:21 - 00228298 _____ () C:\Windows\system32\perfc015.dat 2015-01-10 16:19 - 2009-07-14 06:13 - 02185674 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-10 16:09 - 2013-07-10 00:07 - 00000000 ____D () C:\Windows\pss 2015-01-10 14:53 - 2013-07-03 11:43 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2015-01-08 22:31 - 2013-07-02 21:13 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Adobe 2015-01-08 16:29 - 2014-09-10 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-01-01 16:18 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\MusicBee 2014-12-29 00:53 - 2013-07-03 19:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-26 15:52 - 2013-07-11 14:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Microsoft Games 2014-12-23 13:31 - 2013-07-10 12:54 - 00000000 ____D () C:\ProgramData\Origin 2014-12-21 21:19 - 2013-07-04 16:49 - 00624707 _____ () C:\Windows\DirectX.log 2014-12-17 21:24 - 2014-09-05 13:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Adobe 2014-12-17 21:23 - 2013-07-03 10:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-17 21:23 - 2013-07-03 10:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-17 21:23 - 2013-07-03 10:42 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-17 21:08 - 2013-07-06 19:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-15 11:26 - 2014-12-04 18:09 - 00001640 _____ () C:\Users\Sebastian\Desktop\sl.txt ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 03:53 ==================== End Of Log ============================