Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.01.2018 01 Ran by Administrator2 (administrator) on R2D2 (13-01-2018 17:04:25) Running from C:\Users\eclipse\Downloads Loaded Profiles: eclipse & firefox & Administrator2 (Available Profiles: *censored*) Platform: Windows 8.1 Pro N (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\cygwin64\bin\cygrunsrv.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe () C:\cygwin64\usr\sbin\sshd.exe (IntelĀ® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [648728 2017-08-02] (Oracle Corporation) HKLM Group Policy restriction on software: F:\ <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\firefox <==== ATTENTION HKLM Group Policy restriction on software: D:\ <==== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2429456031-1157426947-1108302719-1010\...\Run: [Spotify] => C:\Users\eclipse\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized HKU\S-1-5-21-2429456031-1157426947-1108302719-1010\...\Run: [Spotify Web Helper] => C:\Users\eclipse\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart HKU\S-1-5-21-2429456031-1157426947-1108302719-1010\...\Policies\Explorer: [] HKU\S-1-5-21-2429456031-1157426947-1108302719-1019\...\Run: [Spotify] => C:\Users\Administrator2\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-22] (Spotify Ltd) HKU\S-1-5-21-2429456031-1157426947-1108302719-1019\...\Run: [Spotify Web Helper] => C:\Users\Administrator2\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-22] (Spotify Ltd) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-22] (NVIDIA Corporation) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-03-23] () GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{63984120-4D28-4093-9090-707806B61C6F}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{EAABCF6B-4017-44B0-8A4B-6B81E7BD69FE}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{F10FD686-8DE7-410C-9452-3D3BD2BC5EA3}: [DhcpNameServer] 10.7.7.* 212.191.78.177 Internet Explorer: ================== HKU\S-1-5-21-2429456031-1157426947-1108302719-1010\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp URLSearchHook: [S-1-5-21-2429456031-1157426947-1108302719-1014] ATTENTION => Default URLSearchHook is missing DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1476465817975 FireFox: ======== FF DefaultProfile: afd055we.default FF ProfilePath: C:\Users\Administrator2\AppData\Roaming\Mozilla\Firefox\Profiles\afd055we.default [2018-01-12] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1309176 2017-03-10] (Autodesk Inc.) R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.) R2 mitsijm2016; C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe [968480 2014-09-30] (Autodesk, Inc.) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 sshd; C:\cygwin64\bin\cygrunsrv.exe [184851 2015-01-28] () [File not signed] S4 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\WPS_Office\WPS Office\wpscloudsvr.exe [175720 2017-09-27] (Zhuhai Kingsoft Office Software Co.,Ltd) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (IntelĀ® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-11] (Qualcomm Atheros Communications, Inc.) R3 atmelwindrvr; C:\Windows\system32\drivers\atmelwindrvr.sys [300488 2015-08-12] (Jungo Connectivity) R3 NETwNs64; C:\Windows\system32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2017-11-21] () S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) S3 TRLNDISMON; C:\Windows\system32\DRIVERS\TRLNDISMON.sys [31392 2017-02-14] (Tarlogic) R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.) R3 VSTWinDriver6; C:\Windows\system32\drivers\VSTwindrvr6.sys [252928 2016-06-07] (Jungo) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity) U0 aswVmm; no ImagePath S2 cpumcupdate; \SystemRoot\system32\DRIVERS\cpumcupdate64.sys [X] S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) *censored* ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) *censored* ==================== Files in the root of some directories ======= 2017-10-19 21:49 - 2017-10-19 21:49 - 000007626 _____ () C:\Users\Administrator2\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2018-01-06 03:03 ==================== End of FRST.txt ============================