Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018 Ran by Administrator2 (administrator) on R2D2 (27-06-2018 10:09:11) Running from C:\Users\eclipse\Downloads Loaded Profiles: eclipse & firefox & Administrator2 & Stubby_user_account & MSSQL$ENIGMA (*censored*) Platform: Windows 8.1 Pro N (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPx64Svc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.ENIGMA\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\nssm-2.24\win64\nssm.exe () C:\Program Files\nssm-2.24\win64\nssm.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe () C:\Program Files\Stubby\stubby.exe () C:\Program Files\Stubby\stubby.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe () C:\Program Files\nssm-2.24\win64\nssm.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe () C:\Program Files\unbound-1.7.0\unbound.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation) HKLM\...\Run: [NoVirusThanks EXE Radar Pro Startup] => C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe [4440400 2014-03-17] (NoVirusThanks Company Srl) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [648728 2017-08-02] (Oracle Corporation) HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp HKLM Group Policy restriction on software: F:\ <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\Przegladarka <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\firefox <==== ATTENTION HKLM Group Policy restriction on software: D:\ <==== ATTENTION Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [NoAutorun] 1 HKU\S-1-5-21-2429456031-1157426947-1108302719-1010\...\Run: [Spotify] => C:\Users\eclipse\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized HKU\S-1-5-21-2429456031-1157426947-1108302719-1010\...\Run: [Spotify Web Helper] => C:\Users\eclipse\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart HKU\S-1-5-21-2429456031-1157426947-1108302719-1010\...\Run: [SandboxieControl] => "C:\Program Files\Sandboxie\SbieCtrl.exe" HKU\S-1-5-21-2429456031-1157426947-1108302719-1019\...\Run: [Spotify Web Helper] => C:\Users\Administrator2\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-31] (Spotify Ltd) HKU\S-1-5-21-2429456031-1157426947-1108302719-1019\...\Policies\Explorer: [NoAutorun] 1 AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-22] (NVIDIA Corporation) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-03-23] () Startup: C:\Users\eclipse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2018-04-19] ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) Startup: C:\Users\eclipse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReHIPS Control Center.lnk [2018-01-27] ShortcutTarget: ReHIPS Control Center.lnk -> C:\Program Files\ReHIPS\HIPSGui64.exe (No File) GroupPolicy: Restriction - Firefox <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-2429456031-1157426947-1108302719-1010] => socks=127.0.0.1:9050 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 212.191.78.177 10.7.15.1 Tcpip\..\Interfaces\{63984120-4D28-4093-9090-707806B61C6F}: [NameServer] 127.0.0.1 Tcpip\..\Interfaces\{63984120-4D28-4093-9090-707806B61C6F}: [DhcpNameServer] 212.191.78.177 10.7.15.1 Tcpip\..\Interfaces\{EAABCF6B-4017-44B0-8A4B-6B81E7BD69FE}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{F10FD686-8DE7-410C-9452-3D3BD2BC5EA3}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Internet Explorer: ================== URLSearchHook: [S-1-5-21-2429456031-1157426947-1108302719-1014] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-21-2429456031-1157426947-1108302719-1057] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-80-1204305315-1604897606-669578846-3096693955-2620663729] ATTENTION => Default URLSearchHook is missing FireFox: ======== FF DefaultProfile: afd055we.default FF ProfilePath: C:\Users\Administrator2\AppData\Roaming\Mozilla\Firefox\Profiles\afd055we.default [2018-06-27] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\Administrator2\AppData\Roaming\Mozilla\Firefox\Profiles\afd055we.default\Extensions\firefox@ghostery.com.xpi [2018-05-03] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-12-05] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-12-05] () ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1309176 2017-03-10] (Autodesk Inc.) R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) R2 ERPx64Svc; C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPx64Svc.exe [1770320 2014-03-14] (NoVirusThanks Company Srl) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [320472 2018-01-02] (Intel Corporation) R2 mitsijm2016; C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe [968480 2014-09-30] (Autodesk, Inc.) R2 MSSQL$ENIGMA; C:\Program Files\Microsoft SQL Server\MSSQL12.ENIGMA\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S4 SQLAgent$ENIGMA; C:\Program Files\Microsoft SQL Server\MSSQL12.ENIGMA\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation) S4 sshd; C:\cygwin64\bin\cygrunsrv.exe [184851 2015-01-28] () [File not signed] R2 Stubby2; C:\Program Files\nssm-2.24\win64\nssm.exe [331264 2014-08-31] () [File not signed] R2 stubby3; C:\Program Files\nssm-2.24\win64\nssm.exe [331264 2014-08-31] () [File not signed] R2 Unbound; C:\Program Files\nssm-2.24\win64\nssm.exe [331264 2014-08-31] () [File not signed] S4 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation) S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S4 wpscloudsvr; C:\Program Files (x86)\WPS_Office\WPS Office\wpscloudsvr.exe [175720 2017-09-27] (Zhuhai Kingsoft Office Software Co.,Ltd) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-11] (Qualcomm Atheros Communications, Inc.) R3 atmelwindrvr; C:\Windows\system32\drivers\atmelwindrvr.sys [300488 2015-08-12] (Jungo Connectivity) S3 iscFlash; C:\Users\Administrator2\Downloads\BIOS_Acer_2.17_A_A\BIOS_Acer_2.17_Windows\z_tmp\z_tmp\iscflashx64.sys [58464 2012-07-12] (Insyde Software) R3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation) R3 NETwNs64; C:\Windows\system32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation) S3 npcap; C:\Windows\system32\DRIVERS\npcap.sys [72400 2018-03-13] (Insecure.Com LLC.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) U5 nvterp; C:\Windows\system32\drivers\nvterp.sys [18496 2014-01-31] (NoVirusThanks Company Srl) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2017-11-21] () S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) S3 tapexpressvpn; C:\Windows\system32\DRIVERS\tapexpressvpn.sys [35696 2018-04-20] (The OpenVPN Project) S3 TRLNDISMON; C:\Windows\system32\DRIVERS\TRLNDISMON.sys [31392 2017-02-14] (Tarlogic) R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2017-09-18] (VMware, Inc.) R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc.) R3 VSTWinDriver6; C:\Windows\system32\drivers\VSTwindrvr6.sys [252928 2016-06-07] (Jungo) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity) U4 npcap_wifi; no ImagePath S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== *censored* ==================== One Month Modified files and folders ======== *censored* ==================== Files in the root of some directories ======= 2018-05-21 19:17 - 2018-03-13 17:17 - 000440512 _____ (COMODO) C:\ProgramData\cmdres.dll 2018-04-01 16:33 - 2018-03-24 13:02 - 000727536 _____ (Spotify Ltd) C:\Users\ReHIPSUser20\SpotifySetup.exe 2017-10-19 22:49 - 2017-10-19 22:49 - 000007626 _____ () C:\Users\Administrator2\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2018-06-25 11:13 ==================== End of FRST.txt ============================