Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016 Ran by Jacek (administrator) on NEVOVCOMP (12-10-2016 13:32:09) Running from C:\Users\Jacek\Downloads Loaded Profiles: Jacek (Available Profiles: Jacek) Platform: Windows 8.1 Pro (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Users\Jacek\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe (TODO: <公司名>) C:\Program Files (x86)\YouKu\YoukuClient\WebServe.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe () C:\Users\Jacek\AppData\Roaming\Hemkajdoa\Sejheb.exe () C:\Users\Jacek\AppData\Roaming\Hemkajdoa\Soccartuwc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Atawuhtucult_\AtawuhtucultInternetExplorer.exe () C:\Program Files (x86)\GUMB3BF.tmp\GUMBBFtmpGoogle.exe () C:\PerfLogs\PerfLogsPerfLogs.exe () C:\Program Files\PerfLogsProgramFiles.exe () C:\Program Files (x86)\Common Files\PliperphbrilyCommonFiles.exe () C:\Program Files (x86)\Google\PliperphbrilyGoogle.exe () C:\Intel\ProgramFilesIntel.exe () C:\NVIDIA\ProgramFilesNVIDIA.exe () C:\Program Files (x86)\ProgramFilesProgramFilesx.exe () C:\PerfLogs\UsersPerfLogs.exe () C:\Users\UsersProgramFiles.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-01] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-10-01] (NVIDIA Corporation) HKLM-x32\...\Run: [app] => C:\Program Files (x86)\hhh\uc.exe HKLM-x32\...\Run: [YoukuMediaCenter] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3193904 2016-09-22] (youku.com) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll [2016-10-12] () ShellIconOverlayIdentifiers-x32: [ Report] -> {32C50D96-7A9E-4F3E-8763-F74D86AFEDC2} => C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ytmediacenter\report.dll [2015-10-10] (Youku.com) ShellIconOverlayIdentifiers-x32: [ YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ytmediacenter\coreplay.dll [2015-12-08] (Youku.com) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-1529912858-1414345264-3061538310-1001] => hxxp://127.0.0.1:8088/ppsva.pac Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{75760B43-466E-48FE-B6AC-7BFA2CC06A03}: [DhcpNameServer] 192.168.1.1 192.168.1.1 ManualProxies: 0hxxp://127.0.0.1:8088/ppsva.pac Internet Explorer: ================== BHO-x32: YoukuEyeOnIE Class -> {7DC4B5B6-C122-44C4-825C-B310513A47CB} -> C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ytmediacenter\ykcool.dll [2015-12-25] (Youku.com) FireFox: ======== FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\LStyle\5.4.28.3179\npclient.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-12] (Google Inc.) FF Plugin HKU\.DEFAULT: youku.com/YoukuAgent -> C:\Windows\SYSTEM32\config\systemprofile\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [No File] FF Plugin HKU\.DEFAULT: youku.com/YoukuAgent_x86_64 -> C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll [2016-08-24] (Youku) Chrome: ======= CHR Profile: C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default [2016-10-12] CHR Extension: (Prezentacje Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-12] CHR Extension: (Dokumenty Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-12] CHR Extension: (Dysk Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-12] CHR Extension: (YouTube) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-12] CHR Extension: (Arkusze Google) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-12] CHR Extension: (Dokumenty Google offline) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-12] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-12] CHR Extension: (Gmail) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-12] CHR Extension: (Chrome Media Router) - C:\Users\Jacek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-12] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1401504 2016-09-23] (Intel Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-10-01] (NVIDIA Corporation) R2 GUMBBFtmpGoogle; C:\Program Files (x86)\GUMB3BF.tmp\GUMBBFtmpGoogle.exe [228352 2016-10-12] () [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-01] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-10-01] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-10-01] (NVIDIA Corporation) R2 PerfLogsPerfLogs; C:\PerfLogs\PerfLogsPerfLogs.exe [228352 2016-10-12] () [File not signed] R2 PerfLogsProgramFiles; C:\Program Files\PerfLogsProgramFiles.exe [228352 2016-10-12] () [File not signed] R2 PliperphbrilyCommonFiles; C:\Program Files (x86)\Common Files\PliperphbrilyCommonFiles.exe [228352 2016-10-12] () [File not signed] R2 PliperphbrilyGoogle; C:\Program Files (x86)\Google\PliperphbrilyGoogle.exe [228352 2016-10-12] () [File not signed] R2 ProgramFilesIntel; C:\Intel\ProgramFilesIntel.exe [228352 2016-10-12] () [File not signed] R2 ProgramFilesNVIDIA; C:\NVIDIA\ProgramFilesNVIDIA.exe [228352 2016-10-12] () [File not signed] R2 ProgramFilesProgramFilesx; C:\Program Files (x86)\ProgramFilesProgramFilesx.exe [228352 2016-10-12] () [File not signed] R2 Rohucultatoergh; C:\Program Files (x86)\Atawuhtucult_\rrgsch.dll [280064 2016-10-12] () [File not signed] R2 UsersPerfLogs; C:\PerfLogs\UsersPerfLogs.exe [228352 2016-10-12] () [File not signed] R2 UsersProgramFiles; C:\Users\UsersProgramFiles.exe [228352 2016-10-12] () [File not signed] R2 Viokdojvaf; C:\Users\Jacek\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe [170496 2016-08-11] () [File not signed] S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) R2 WebServe; C:\Program Files (x86)\YouKu\YoukuClient\WebServe.exe [370224 2015-12-08] (TODO: <公司名>) <==== ATTENTION S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 AtawuhtucultInternetExplorer; "C:\Program Files (x86)\Atawuhtucult_\AtawuhtucultInternetExplorer.exe" e47b5abf08794d6b8b774f94eeb062f4 [X] S2 AtawuhtucultKuaiZip; "C:\Program Files (x86)\KuaiZip\AtawuhtucultKuaiZip.exe" e47b5abf08794d6b8b774f94eeb062f4 [X] S2 Citdhwa; "C:\Users\Jacek\AppData\Roaming\AzigcWig\Geeswu.exe" -cms [X] S2 GoogleCleanBrowser; "C:\Program Files (x86)\CleanBrowser\GoogleCleanBrowser.exe" ae2ce54ab1294744903dca4a5f8539bf [X] S2 InternetExplorerhhh; "C:\Program Files (x86)\hhh\InternetExplorerhhh.exe" c54102ea829e4d458c86147e71427a8f [X] S2 ProgramFilesqycache; "C:\qycache\ProgramFilesqycache.exe" 3e19779b2974487e881c2174c0562504 [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [64504 2016-09-23] (Intel Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [268792 2016-09-23] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-10-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56376 2016-10-01] (NVIDIA Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-12 22:14 - 2016-10-12 12:27 - 00000000 ____D C:\Windows\Panther 2016-10-12 13:32 - 2016-10-12 13:32 - 00012663 _____ C:\Users\Jacek\Downloads\FRST.txt 2016-10-12 13:22 - 2016-10-12 13:22 - 00076049 _____ C:\Users\Jacek\Downloads\FRST (1).txt 2016-10-12 13:19 - 2016-10-12 13:19 - 00024840 _____ C:\Users\Jacek\Downloads\Addition.txt 2016-10-12 13:19 - 2016-10-12 13:19 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\KuaiZip 2016-10-12 13:18 - 2016-10-12 13:32 - 00000000 ____D C:\FRST 2016-10-12 13:18 - 2016-10-12 13:19 - 00030139 _____ C:\Users\Jacek\Downloads\fixlist.txt 2016-10-12 13:18 - 2016-10-12 13:18 - 02407424 _____ (Farbar) C:\Users\Jacek\Downloads\FRST64.exe 2016-10-12 13:15 - 2016-10-12 13:15 - 00005640 _____ C:\Users\Jacek\Desktop\RepairDNS.txt 2016-10-12 13:14 - 2016-10-12 13:14 - 01231872 _____ C:\Users\Jacek\Downloads\RepairDNS.exe 2016-10-12 13:06 - 2016-10-12 13:06 - 00000000 ____D C:\Windows\system32\laff 2016-10-12 13:03 - 2016-10-12 13:12 - 00000000 ____D C:\AdwCleaner 2016-10-12 13:02 - 2016-10-12 13:02 - 03874368 _____ C:\Users\Jacek\Downloads\adwcleaner_6.021.exe 2016-10-12 12:52 - 2016-10-12 12:52 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Macromedia 2016-10-12 12:48 - 2016-10-12 12:49 - 00000000 ____D C:\Program Files\Aiduwb 2016-10-12 12:48 - 2016-10-12 12:48 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Hemkajdoa 2016-10-12 12:48 - 2016-10-12 12:48 - 00000000 ____D C:\Users\Jacek\AppData\LocalLow\Company 2016-10-12 12:48 - 2016-10-12 12:48 - 00000000 ____D C:\Users\Jacek\AppData\Local\Tempfolder 2016-10-12 12:47 - 2016-10-12 12:47 - 00001560 _____ C:\Users\Jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk 2016-10-12 12:47 - 2016-10-12 12:47 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 2016-10-12 12:47 - 2016-10-12 12:47 - 00000000 ____D C:\Users\Jacek\AppData\Local\UCBrowser 2016-10-12 12:47 - 2016-10-12 12:47 - 00000000 _____ C:\Windows\SysWOW64\Number of results 2016-10-12 12:46 - 2016-10-12 12:46 - 00000000 ____D C:\Users\Jacek\AppData\Local\NVIDIA Corporation 2016-10-12 12:45 - 2016-10-12 12:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-10-12 12:45 - 2016-10-12 12:45 - 00000000 ____D C:\Users\Jacek\AppData\Local\NVIDIA 2016-10-12 12:45 - 2016-10-12 12:45 - 00000000 ____D C:\ProgramData\NVIDIA 2016-10-12 12:45 - 2016-10-12 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-10-12 12:45 - 2016-10-12 12:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-10-12 12:45 - 2016-10-01 23:15 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2016-10-12 12:45 - 2016-10-01 23:15 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2016-10-12 12:45 - 2016-10-01 23:15 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2016-10-12 12:45 - 2016-10-01 23:15 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2016-10-12 12:45 - 2016-10-01 23:15 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2016-10-12 12:45 - 2016-10-01 21:44 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2016-10-12 12:45 - 2016-10-01 21:44 - 02473408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2016-10-12 12:45 - 2016-10-01 21:44 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2016-10-12 12:45 - 2016-10-01 21:44 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2016-10-12 12:45 - 2016-10-01 21:44 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2016-10-12 12:45 - 2016-10-01 21:44 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2016-10-12 12:45 - 2016-10-01 21:44 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2016-10-12 12:45 - 2016-10-01 21:44 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2016-10-12 12:45 - 2016-10-01 02:26 - 07422645 _____ C:\Windows\system32\nvcoproc.bin 2016-10-12 12:45 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2016-10-12 12:45 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2016-10-12 12:45 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2016-10-12 12:45 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2016-10-12 12:45 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2016-10-12 12:45 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2016-10-12 12:44 - 2016-10-12 12:44 - 00000000 ____D C:\ProgramData\Package Cache 2016-10-12 12:43 - 2016-10-12 12:43 - 00008928 _____ C:\Windows\System32\Tasks\Rehition Schedule 2016-10-12 12:43 - 2016-10-12 12:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf 2016-10-12 12:43 - 2016-10-12 12:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2016-10-12 12:43 - 2016-10-12 12:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf 2016-10-12 12:43 - 2016-10-01 23:15 - 40068544 _____ C:\Windows\system32\nvcompiler.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 34808768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 28213696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 19856296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 17272008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 14353328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 14126528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2016-10-12 12:43 - 2016-10-01 23:15 - 10868472 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 10745848 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 10286296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 09091648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 08877808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 08685352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 03919048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 03594176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 03459448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 01935808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437306.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437306.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 01018816 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00958520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00893376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00578240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00180136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00113208 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00102968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2016-10-12 12:43 - 2016-10-01 23:15 - 00056376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2016-10-12 12:43 - 2016-10-01 23:15 - 00039730 _____ C:\Windows\system32\nvinfo.pb 2016-10-12 12:43 - 2016-10-01 23:15 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2016-10-12 12:43 - 2016-10-01 23:15 - 00000669 _____ C:\Windows\system32\nv-vk64.json 2016-10-12 12:42 - 2016-10-12 12:43 - 00000000 ____D C:\Program Files (x86)\Intel 2016-10-12 12:42 - 2016-10-12 12:43 - 00000000 ____D C:\Intel 2016-10-12 12:42 - 2016-10-12 12:42 - 00000000 ____D C:\Windows\LastGood.Tmp 2016-10-12 12:42 - 2016-10-12 12:42 - 00000000 ____D C:\Program Files\Intel 2016-10-12 12:42 - 2013-10-01 13:02 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL 2016-10-12 12:42 - 2013-10-01 13:02 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL 2016-10-12 12:41 - 2016-10-12 12:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-10-12 12:40 - 2016-10-12 12:43 - 00000000 ____D C:\NVIDIA 2016-10-12 12:38 - 2016-10-12 12:38 - 00000000 ____D C:\Users\Public\QiYi 2016-10-12 12:38 - 2016-10-12 12:38 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-10-12 12:37 - 2016-10-12 12:37 - 00000000 ____D C:\Program Files (x86)\YouKu 2016-10-12 12:36 - 2016-10-12 13:28 - 00000498 _____ C:\Windows\Tasks\UCBrowserUpdater.job 2016-10-12 12:36 - 2016-10-12 13:04 - 00000000 ____D C:\Program Files (x86)\KuaiZip 2016-10-12 12:36 - 2016-10-12 12:36 - 00228352 ____H C:\Users\UsersProgramFiles.exe 2016-10-12 12:36 - 2016-10-12 12:36 - 00003470 _____ C:\Windows\System32\Tasks\UCBrowserUpdater 2016-10-12 12:36 - 2016-10-12 12:36 - 00002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-12 12:36 - 2016-10-12 12:36 - 00002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-12 12:36 - 2016-10-12 12:36 - 00000000 ____D C:\Users\Jacek\AppData\Local\Google 2016-10-12 12:35 - 2016-10-12 13:06 - 00000000 ____D C:\Program Files (x86)\Atawuhtucult_ 2016-10-12 12:35 - 2016-10-12 13:06 - 00000000 ____D C:\Program Files (x86)\Atawuhtucult 2016-10-12 12:35 - 2016-10-12 12:35 - 00228352 ____H C:\Program Files\PerfLogsProgramFiles.exe 2016-10-12 12:35 - 2016-10-12 12:35 - 00228352 ____H C:\Program Files (x86)\ProgramFilesProgramFilesx.exe 2016-10-12 12:35 - 2016-10-12 12:35 - 00008894 _____ C:\Windows\System32\Tasks\Chtisriropy Renew 2016-10-12 12:35 - 2016-10-12 12:35 - 00003560 _____ C:\Windows\System32\Tasks\4302b581db2c75f47106e61331e30ae3 2016-10-12 12:35 - 2016-10-12 12:35 - 00000000 ____D C:\ProgramData\Avira 2016-10-12 12:35 - 2016-10-12 12:35 - 00000000 ____D C:\ProgramData\Avg 2016-10-12 12:35 - 2016-10-12 12:35 - 00000000 ____D C:\ProgramData\AVAST Software 2016-10-12 12:34 - 2016-10-12 13:16 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-12 12:34 - 2016-10-12 12:43 - 00000000 ____D C:\Program Files (x86)\Google 2016-10-12 12:34 - 2016-10-12 12:39 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-12 12:34 - 2016-10-12 12:36 - 00000000 ____D C:\Program Files (x86)\GUMB3BF.tmp 2016-10-12 12:34 - 2016-10-12 12:34 - 01065376 _____ (Google Inc.) C:\Users\Jacek\Downloads\ChromeSetup.exe 2016-10-12 12:34 - 2016-10-12 12:34 - 00004038 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-10-12 12:34 - 2016-10-12 12:34 - 00003802 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-10-12 12:33 - 2016-10-12 13:21 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1529912858-1414345264-3061538310-1001 2016-10-12 12:33 - 2016-10-12 12:40 - 352622016 _____ (NVIDIA Corporation) C:\Users\Jacek\Downloads\373.06-notebook-win8-win7-64bit-international-whql.exe 2016-10-12 12:33 - 2016-10-12 12:33 - 00000000 _____ C:\TOSTACK 2016-10-12 12:31 - 2016-10-12 13:16 - 00000000 ___RD C:\Users\Jacek\SkyDrive 2016-10-12 12:27 - 2016-10-12 12:31 - 00000000 ____D C:\Users\Jacek 2016-10-12 12:27 - 2016-10-12 12:28 - 00000000 ____D C:\Users\Jacek\AppData\Local\PackageStaging 2016-10-12 12:27 - 2016-10-12 12:28 - 00000000 ____D C:\Users\Jacek\AppData\Local\Packages 2016-10-12 12:27 - 2016-10-12 12:27 - 00001446 _____ C:\Users\Jacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-10-12 12:27 - 2016-10-12 12:27 - 00000020 ___SH C:\Users\Jacek\ntuser.ini 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 _SHDL C:\Users\Jacek\My Documents 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 _SHDL C:\Users\Jacek\Documents\My Videos 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 _SHDL C:\Users\Jacek\Documents\My Pictures 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 _SHDL C:\Users\Jacek\Documents\My Music 2016-10-12 12:27 - 2016-10-12 12:27 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Adobe 2016-10-12 12:26 - 2016-10-12 12:26 - 00000000 ____D C:\Windows\CSC 2016-09-23 08:37 - 2016-09-23 08:37 - 01813400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01011.dll 2016-09-23 08:37 - 2016-09-23 08:37 - 00980656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120.dll 2016-09-23 08:37 - 2016-09-23 08:37 - 00677552 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120.dll 2016-09-23 08:37 - 2016-09-23 08:37 - 00268792 _____ (Intel Corporation) C:\Windows\system32\Drivers\esif_lf.sys 2016-09-23 08:36 - 2016-09-23 08:36 - 00064504 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_acpi.sys 2016-09-23 08:34 - 2016-09-23 08:34 - 01401504 _____ (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-12 22:14 - 2013-08-22 17:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template 2016-10-12 13:23 - 2013-09-30 06:04 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-12 13:23 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2016-10-12 13:16 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-12 13:12 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-10-12 13:06 - 2013-08-22 16:44 - 00337872 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-12 12:45 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help 2016-10-12 12:43 - 2013-08-22 17:36 - 00000000 ____D C:\PerfLogs 2016-10-12 12:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows NT 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-10-12 12:35 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-10-12 12:28 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-10-12 12:27 - 2013-08-22 16:45 - 00000000 ____D C:\Windows\Setup ==================== Files in the root of some directories ======= 2016-10-12 12:35 - 2016-10-12 12:35 - 0228352 ____H () C:\Program Files\PerfLogsProgramFiles.exe 2016-10-12 12:35 - 2016-10-12 12:35 - 0228352 ____H () C:\Program Files (x86)\ProgramFilesProgramFilesx.exe 2016-10-12 12:43 - 2016-10-12 12:43 - 0228352 ____H () C:\Program Files (x86)\Common Files\PliperphbrilyCommonFiles.exe Some files in TEMP: ==================== C:\Users\Jacek\AppData\Local\Temp\BC1C.tmp.exe C:\Users\Jacek\AppData\Local\Temp\dnsapi.dll C:\Users\Jacek\AppData\Local\Temp\fsdDE5E.exe C:\Users\Jacek\AppData\Local\Temp\libeay32.dll C:\Users\Jacek\AppData\Local\Temp\msvcr120.dll C:\Users\Jacek\AppData\Local\Temp\setup_758.exe C:\Users\Jacek\AppData\Local\Temp\setup_v21_ra.exe C:\Users\Jacek\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll [2013-08-22 04:55] - [2013-08-22 04:55] - 0492032 ____A (Microsoft Corporation) DE64DE573F0C8CA28C15728B6748BD1E C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-12 12:21 ==================== End of FRST.txt ============================