Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016 Ran by Pr (administrator) on P (12-02-2016 23:55:59) Running from C:\Users\Pr\Desktop Loaded Profiles: Pr (Available Profiles: Pr) Platform: Microsoft Windows 8.1 Enterprise (X86) Language: English (United States) Internet Explorer Version 11 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\Users\Pr\AppData\Roaming\PLAY ONLINE\ouc.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (AVAST Software) C:\Users\Pr\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Farbar) C:\Users\Pr\Desktop\FRST(1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKU\S-1-5-21-3792866072-1578073165-1391578754-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3792866072-1578073165-1391578754-1002\...\Run: [HW_OPENEYE_OUC_PLAY ONLINE] => C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [110592 2009-04-14] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-3792866072-1578073165-1391578754-1002\...\MountPoints2: {3485e361-4696-11e5-9720-001b24b634d3} - "F:\AutoRun.exe" HKU\S-1-5-21-3792866072-1578073165-1391578754-1002\...\MountPoints2: {3485e39b-4696-11e5-9720-001b24b634d3} - "F:\AutoRun.exe" HKU\S-1-5-21-3792866072-1578073165-1391578754-1002\...\MountPoints2: {348600a3-4696-11e5-9720-001e101ff337} - "F:\AutoRun.exe" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{F65EC06B-79A0-4737-8CE4-F7DB2A44B6FC}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH) FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.co.uk/" CHR Profile: C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-02] CHR Extension: (Google Docs) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-02] CHR Extension: (Google Drive) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24] CHR Extension: (Google Search) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Google Sheets) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-02] CHR Extension: (Google Docs Offline) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-02] CHR Extension: (Gmail) - C:\Users\Pr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1983424 2015-11-19] (ESET) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [205800 2015-11-16] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14464 2015-07-30] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [146024 2015-11-16] (ESET) R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [111040 2015-11-16] (ESET) R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [161992 2015-11-16] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44608 2015-11-16] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [56944 2015-11-16] (ESET) R3 netwlv32; C:\Windows\system32\DRIVERS\netwlv32.sys [6637056 2013-06-18] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation) R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-11-21] (Microsoft Corporation) S3 sdfhgdf; system32\DRIVERS\sdfhgdf.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-12 23:55 - 2016-02-12 23:56 - 00007764 _____ C:\Users\Pr\Desktop\FRST.txt 2016-02-12 23:48 - 2016-02-12 23:49 - 00211252 _____ C:\TDSSKiller.3.1.0.9_12.02.2016_23.48.04_log.txt 2016-02-12 23:44 - 2016-02-12 23:45 - 00427220 _____ C:\Users\Pr\Desktop\gmelog.txt 2016-02-12 23:06 - 2016-02-12 23:07 - 00002942 _____ C:\Users\Pr\Desktop\Rkill.txt 2016-02-12 22:56 - 2016-02-12 22:56 - 00001112 _____ C:\Users\Pr\Desktop\Avast Browser Cleanup.lnk 2016-02-12 22:56 - 2016-02-12 22:56 - 00000000 ____D C:\Users\Pr\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup 2016-02-12 22:56 - 2016-02-12 22:56 - 00000000 ____D C:\Users\Pr\AppData\Roaming\AVAST Software 2016-02-12 22:42 - 2016-02-12 23:51 - 00000000 ____D C:\AdwCleaner 2016-02-12 22:10 - 2016-02-12 22:10 - 00000000 ____D C:\Users\Pr\AppData\Local\ESET 2016-02-12 22:08 - 2016-02-12 22:08 - 00002043 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk 2016-02-12 22:08 - 2016-02-12 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2016-02-12 22:08 - 2016-02-12 22:08 - 00000000 ____D C:\ProgramData\ESET 2016-02-12 22:08 - 2016-02-12 22:08 - 00000000 ____D C:\Program Files\ESET 2016-02-12 22:00 - 2016-02-12 22:01 - 103460152 _____ (ESET) C:\Users\Pr\Downloads\ess_nt32_enu.exe 2016-02-12 21:21 - 2016-02-06 10:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-02-12 21:21 - 2016-02-06 09:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-02-12 21:21 - 2016-02-06 09:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-02-12 21:21 - 2016-02-06 08:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-02-12 21:07 - 2016-01-10 16:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-02-12 21:07 - 2016-01-06 17:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-02-12 21:07 - 2015-12-29 15:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-02-12 21:07 - 2015-12-29 15:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-02-12 21:07 - 2015-12-28 20:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll 2016-02-12 21:06 - 2016-01-22 07:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-02-12 21:06 - 2016-01-22 06:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-02-12 21:06 - 2016-01-22 05:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2016-02-12 21:06 - 2016-01-22 05:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-02-12 21:06 - 2016-01-22 05:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-02-12 21:06 - 2016-01-22 05:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-02-12 21:06 - 2016-01-22 05:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-02-12 21:06 - 2016-01-22 05:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-02-12 21:06 - 2016-01-22 05:25 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-02-12 21:06 - 2016-01-22 05:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-02-12 21:06 - 2016-01-22 05:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-02-12 21:06 - 2016-01-22 05:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2016-02-12 21:06 - 2016-01-22 05:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-02-12 21:06 - 2016-01-22 05:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-02-12 21:06 - 2016-01-22 04:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-02-12 21:06 - 2016-01-19 18:24 - 05764448 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-02-12 21:06 - 2016-01-19 18:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2016-02-12 21:06 - 2016-01-19 18:23 - 01471544 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-02-12 21:06 - 2016-01-19 18:23 - 01393584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-02-12 21:06 - 2016-01-19 18:23 - 01282536 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-02-12 21:06 - 2016-01-19 18:23 - 01269080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-02-12 21:06 - 2016-01-19 18:23 - 00888896 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-02-12 21:06 - 2016-01-19 18:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll 2016-02-12 21:06 - 2016-01-19 17:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2016-02-12 21:06 - 2016-01-19 16:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll 2016-02-12 21:06 - 2016-01-15 00:45 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-02-12 21:06 - 2016-01-14 20:48 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-02-12 21:06 - 2016-01-14 20:48 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-02-12 21:06 - 2016-01-14 20:48 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-02-12 21:06 - 2016-01-14 20:48 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-02-12 21:06 - 2016-01-14 20:48 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-02-12 21:06 - 2016-01-14 20:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-02-12 21:06 - 2016-01-10 18:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-02-12 21:06 - 2016-01-10 17:33 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-02-12 21:06 - 2016-01-10 17:32 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-02-12 21:06 - 2016-01-10 17:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll 2016-02-12 21:06 - 2016-01-10 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll 2016-02-12 21:06 - 2016-01-10 16:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2016-02-12 21:06 - 2016-01-10 16:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-02-12 21:06 - 2016-01-10 16:44 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-02-12 21:06 - 2016-01-10 16:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-02-12 21:06 - 2016-01-10 16:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2016-02-12 21:06 - 2016-01-07 17:54 - 03518976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-02-12 21:05 - 2016-01-10 18:39 - 00128576 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-02-12 21:05 - 2016-01-10 16:30 - 03067904 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-02-12 21:05 - 2016-01-10 16:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-02-12 21:05 - 2016-01-10 16:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-02-12 21:05 - 2016-01-10 16:27 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2016-02-12 21:05 - 2016-01-10 16:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-02-12 21:05 - 2016-01-10 16:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-02-12 21:05 - 2016-01-10 16:24 - 02176512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-02-12 21:05 - 2015-12-17 17:45 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-02-12 21:05 - 2015-12-17 16:11 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-02-12 21:03 - 2016-02-09 15:55 - 01721344 _____ (Farbar) C:\Users\Pr\Desktop\FRST(1).exe 2016-02-12 21:03 - 2015-02-04 12:59 - 00380416 _____ C:\Users\Pr\Desktop\jhnmqgsg.exe 2016-02-09 16:01 - 2016-02-12 23:55 - 00000000 ____D C:\Users\Pr\Desktop\szperacze 2016-02-09 15:58 - 2016-02-12 23:55 - 00000000 ____D C:\FRST 2016-02-07 18:20 - 2016-02-07 18:20 - 00033602 _____ C:\Users\Pr\Documents\cc_20160207_182036.reg 2016-02-07 17:39 - 2016-02-12 22:49 - 00000000 ____D C:\Users\Pr\AppData\Roaming\Common 2016-02-07 17:38 - 2016-02-07 17:47 - 00000919 _____ C:\Windows\system32\${LOGFILE} 2016-02-07 17:17 - 2016-02-07 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SpringFiles 2016-01-28 13:53 - 2016-01-28 18:47 - 00000000 ____D C:\Users\Pr\Desktop\Z.B.U.K.U- Że Życie Ma Sens (2013) 2016-01-28 13:51 - 2016-01-28 13:52 - 82751036 _____ C:\Users\Pr\Downloads\Z.B.U.K.U- Że Życie Ma Sens (2013).rar 2016-01-24 18:34 - 2016-01-24 18:34 - 00000000 ____D C:\Users\Pr\Desktop\Zycie Szalonym zyciem (2014) 2016-01-24 18:34 - 2016-01-24 18:34 - 00000000 ____D C:\Users\Pr\Desktop\Chada_Bezczel_Z.B.U.K.U-Kontrabanda_Brat_Bratu_Bratem-WEB-PL-2015-WGM 2016-01-24 18:20 - 2016-01-24 18:32 - 107306975 _____ C:\Users\Pr\Downloads\Chada_Bezczel_Z.B.U.K.U-Kontrabanda_Brat_Bratu_Bratem-WEB-PL-2015-WGM.rar 2016-01-24 16:38 - 2016-01-24 17:25 - 141997561 _____ C:\Users\Pr\Downloads\Zycie Szalonym zyciem (2014).rar 2016-01-14 00:16 - 2015-12-11 00:11 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-01-14 00:16 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-14 00:16 - 2015-12-07 11:01 - 01132640 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-14 00:16 - 2015-12-05 06:03 - 01581024 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-14 00:16 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-14 00:16 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-14 00:16 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-01-14 00:16 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-01-14 00:16 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2016-01-14 00:16 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-14 00:16 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-14 00:16 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-14 00:16 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-14 00:16 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-14 00:16 - 2015-12-03 17:21 - 00346624 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-01-14 00:16 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-14 00:16 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-14 00:16 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-01-14 00:16 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-14 00:16 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-12 23:52 - 2015-09-02 20:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-12 23:52 - 2013-08-22 07:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-12 23:48 - 2015-09-02 20:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-12 23:00 - 2014-11-21 03:17 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-12 23:00 - 2013-08-22 06:21 - 00000000 ____D C:\Windows\inf 2016-02-12 22:10 - 2013-08-22 08:17 - 00000000 ___HD C:\Windows\ELAMBKUP 2016-02-12 21:51 - 2013-08-22 08:17 - 00000000 ___RD C:\Windows\ToastData 2016-02-12 21:50 - 2015-07-26 18:18 - 00000000 ____D C:\Users\Pr 2016-02-12 21:50 - 2013-08-22 07:22 - 00409824 _____ C:\Windows\system32\FNTCACHE.DAT 2016-02-12 21:47 - 2015-07-29 19:31 - 00000000 ____D C:\Windows\system32\appraiser 2016-02-12 21:27 - 2013-08-22 08:05 - 00000000 ____D C:\Windows\CbsTemp 2016-02-12 21:18 - 2015-07-27 18:46 - 00000000 ____D C:\Windows\system32\MRT 2016-02-12 21:18 - 2014-11-21 02:54 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-12 21:12 - 2015-07-27 18:46 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-02-12 21:03 - 2015-11-11 16:32 - 00478800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-02-12 21:03 - 2015-11-11 16:32 - 00148312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-02-07 18:07 - 2013-08-22 06:13 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-02-07 17:39 - 2013-08-22 08:17 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-02-07 17:16 - 2015-09-02 20:32 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-07 17:16 - 2015-09-02 20:32 - 00002337 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-02-07 17:16 - 2015-07-26 18:19 - 00001634 _____ C:\Users\Pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-02-07 14:48 - 2015-09-01 16:40 - 00000000 ____D C:\Users\Pr\AppData\LocalLow\Adblock Plus for IE 2016-02-02 02:37 - 2014-11-21 05:46 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-02-02 02:37 - 2014-11-21 05:46 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-01-20 14:30 - 2013-08-22 08:17 - 00000000 ____D C:\Windows\rescache 2016-01-15 16:48 - 2014-11-21 05:42 - 00000000 ___SD C:\Windows\system32\CompatTel ==================== Files in the root of some directories ======= 2015-07-29 19:35 - 2015-07-29 19:35 - 0000000 _____ () C:\Users\Pr\AppData\Local\AtStart.txt 2015-07-29 19:35 - 2015-07-29 19:35 - 0000000 _____ () C:\Users\Pr\AppData\Local\DSwitch.txt 2015-07-29 19:35 - 2015-07-29 19:35 - 0000000 _____ () C:\Users\Pr\AppData\Local\QSwitch.txt Some files in TEMP: ==================== C:\Users\Pr\AppData\Local\Temp\PX3xwuQ33J.exe C:\Users\Pr\AppData\Local\Temp\sqlite3.dll C:\Users\Pr\AppData\Local\Temp\tu17p84.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-02 08:01 ==================== End of FRST.txt ============================