Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015 Ran by me (administrator) on ME-PC on 14-01-2015 17:30:36 Running from C:\Users\me\Desktop Loaded Profile: me (Available profiles: me & qqlka & Guest) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [adiras] => C:\Windows\adiras.exe [194128 2007-02-13] () HKLM\...\Run: [StartCCC] => e:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [gmsd_pl_19] => [X] HKU\S-1-5-21-3314370245-1754849457-2748816276-1000\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-3314370245-1754849457-2748816276-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-3314370245-1754849457-2748816276-1000\...\MountPoints2: {620f7204-7c64-11e3-aab4-2c27d7d326ca} - G:\autorun.exe HKU\S-1-5-21-3314370245-1754849457-2748816276-1000\...\MountPoints2: {c8899594-7c4e-11e3-aebc-2c27d7d326ca} - F:\AutoRun.exe --autorun HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-27] (Microsoft Corporation) IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () HKLM\...\AppCertDlls: [x64] -> c:\program files\browser tab search by ask\safetynut\x64\safetycrt.dll ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3314370245-1754849457-2748816276-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1420739287&from=sky&uid=WDCXWD2500BEVS-22UST0_WD-WXCX0757172471724 HKU\S-1-5-21-3314370245-1754849457-2748816276-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKU\S-1-5-21-3314370245-1754849457-2748816276-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1420739287&from=sky&uid=WDCXWD2500BEVS-22UST0_WD-WXCX0757172471724 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1420739287&from=sky&uid=WDCXWD2500BEVS-22UST0_WD-WXCX0757172471724&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1420739287&from=sky&uid=WDCXWD2500BEVS-22UST0_WD-WXCX0757172471724&q={searchTerms} SearchScopes: HKU\S-1-5-21-3314370245-1754849457-2748816276-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1420739287&from=sky&uid=WDCXWD2500BEVS-22UST0_WD-WXCX0757172471724&q={searchTerms} BHO: CinemaPro-1.5cV08.01 -> {11111111-1111-1111-1111-110611571183} -> C:\Program Files\CinemaPro-1.5cV08.01\CinemaPro-1.5cV08.01-bho.dll (Cinema ProV08.01) BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> e:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{7E82C20A-4796-406D-915F-16DC85D9DAAF}: [NameServer] 217.8.168.244 157.25.5.18 FireFox: ======== FF ProfilePath: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default FF SelectedSearchEngine: mystartsearch FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default\user.js FF Extension: FF Toolbar - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default\Extensions\fftoolbar2014@etech.com [2015-01-08] FF Extension: Better Finder - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default\Extensions\{142c88f6-8b34-46f3-938d-72ffd58238dc} [2015-01-08] FF Extension: BitComet Video Downloader - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-07-15] FF Extension: Eliminator Slajdów - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default\Extensions\jid0-GaZOxvWNYcafEsmayJDIG3XXVi8@jetpack.xpi [2015-01-09] FF Extension: YouTube ALL HTML5 - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2015-01-09] FF Extension: Adblock Plus - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-29] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-27] FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\qp1jogly.default\extensions\fftoolbar2014@etech.com Chrome: ======= CHR DefaultSearchKeyword: Default -> mystartsearch CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1420739287&from=sky&uid=WDCXWD2500BEVS-22UST0_WD-WXCX0757172471724&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Profile: C:\Users\me\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27] CHR Extension: (Google Drive) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-18] CHR Extension: (YouTube) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27] CHR Extension: (CinemaPro-1.5cV08.01) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnkbaeamfbhdnmilamlkagpfgimgppo [2015-01-08] CHR Extension: (Google Search) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27] CHR Extension: (Avast Online Security) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-27] CHR Extension: (lacckjdlmkdhcacjdodpjokfobckjclh) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\lacckjdlmkdhcacjdodpjokfobckjclh [2015-01-13] CHR Extension: (Google Wallet) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27] CHR Extension: (Gmail) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-21] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; e:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed] S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-21] (AVAST Software) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-12-21] (Avast Software) S3 BITCOMET_HELPER_SERVICE; E:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-08] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-08] (globalUpdate) [File not signed] S2 servervo; C:\Users\me\AppData\Roaming\VOPackage\VOsrv.exe [133120 2015-01-08] () [File not signed] <==== ATTENTION S2 Update Brass Search; "C:\Program Files\Brass Search\updateBrassSearch.exe" [X] S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbaw.sys [118552 2007-02-07] (Analog Devices Inc.) S2 AODDriver4.1; e:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-21] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-21] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-21] (AVAST Software) S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-21] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-21] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-21] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-21] (AVAST Software) S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-21] () S3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-13] (Disc Soft Ltd) S2 ELOADER; C:\Windows\System32\Drivers\adildr.sys [56088 2007-02-07] (Analog Deivces) S1 ISODrive; e:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [51744 2003-09-06] (Protection Technology) [File not signed] S0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [62656 2003-09-06] (Protection Technology) [File not signed] S0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed] S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] () S0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-09-06] (Protection Technology) [File not signed] S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 usb_rndis; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-12-21] (Avast Software) S1 {ea9f98ab-eb76-48f1-9515-789a62614684}Gw; C:\Windows\System32\drivers\{ea9f98ab-eb76-48f1-9515-789a62614684}Gw.sys [43200 2015-01-07] (StdLib) S1 ccnfd_1_10_0_5; system32\drivers\ccnfd_1_10_0_5.sys [X] S3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)