Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by win7 (administrator) on WIN7-KOMPUTER on 26-01-2015 00:05:24 Running from C:\Users\win7\Downloads Loaded Profiles: win7 (Available profiles: win7) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe () C:\ProgramData\MobileBrServ\mbbService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe () C:\ProgramData\Multimedia mobilNET\OnlineUpdate\ouc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (XTab system) C:\Program Files (x86)\XTab\HPNotify.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Nektra S.A.) C:\Program Files (x86)\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () C:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuAction.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2013-01-24] () HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [BCSSync] => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.) HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.) HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.) HKLM\...\RunOnce: [Unattend0000000001{A8125975-BD0D-4F01-8D64-0910B5C74BEE}] => c:\windows\system32\oem\ConfigAp.cmd [242 2009-03-05] () HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911160 2012-01-18] (Microsoft Corporation) HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [IROElauncher] => C:\Program Files (x86)\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe [94720 2008-09-26] (Nektra S.A.) HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [AQQ] => C:\Program Files\WapSter\WapSter AQQ\AQQ.exe [13296128 2014-11-26] (My Portal) HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\MountPoints2: {06191989-2426-11e3-8d22-001e101f7fb6} - E:\AutoRun.exe HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\MountPoints2: {3bdc0140-e72f-11e3-b102-806e6f6e6963} - F:\Setup.exe HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\MountPoints2: {490b4e0b-b89e-11e3-afed-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\MountPoints2: {80f9011b-7744-11e2-b509-001e65b37668} - F:\AutoRun.exe HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\MountPoints2: {87dcc770-3494-11e3-a316-001e101fb45e} - E:\AutoRun.exe HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\MountPoints2: {c45e1e7b-702a-11e2-b38e-001e65b37668} - E:\AutoRun.exe HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\...\MountPoints2: {c45e1e8b-702a-11e2-b38e-001e65b37668} - E:\AutoRun.exe IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocAction (Plustek OpticSlim 2600).lnk ShortcutTarget: DocAction (Plustek OpticSlim 2600).lnk -> C:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuAction.exe () Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AQQUpdate.lnk ShortcutTarget: AQQUpdate.lnk -> C:\Users\win7\WapSter\AQQ Folder\Profiles\elana123\Plugins\Aktualizator\Aktualizator.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 HKU\S-1-5-21-2904449942-2374099523-1852780327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&q={searchTerms} SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2904449942-2374099523-1852780327-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980&ts=1422224707&type=default&q={searchTerms} BHO: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVO Software Sp. z o.o.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVO Software Sp. z o.o.) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVO Software Sp. z o.o.) Toolbar: HKLM-x32 - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVO Software Sp. z o.o.) DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://176.109.163.26/WebClient.exe DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{5C0FE770-FBFC-4087-8D9C-90BE4CA3A72D}: [NameServer] 89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{86AB903A-0190-40B2-B78F-0B485519F988}: [NameServer] 89.108.202.21 89.108.195.21 Tcpip\..\Interfaces\{B4DCAF92-CAB2-48EA-958F-85D38117FA39}: [NameServer] 89.108.202.21 89.108.195.21 FireFox: ======== FF ProfilePath: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: omiga-plus FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: omiga-plus FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1422224643&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A89V9980V9980 FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=0&systemid=406&v=n13502-423&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5751450615324057&o=APN10645&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2904449942-2374099523-1852780327-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\win7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\searchplugins\Ask.xml FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\searchplugins\omiga-plus.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF Extension: Fast Start - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\Extensions\faststartff@gmail.com [2015-01-25] FF Extension: FF Toolbar - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\Extensions\fftoolbar2014@etech.com [2015-01-25] FF Extension: Widevine Media Optimizer - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-07-23] FF Extension: Przelewy24 - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\Extensions\p24ext@przelewy24.pl.xpi [2015-01-24] FF Extension: Flagfox - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-12-29] FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\extensions\fftoolbar2014@etech.com FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\extensions\faststartff@gmail.com FF Extension: No Name - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\03s1wdoz.default\extensions\EWBNO58637124@CLP39222015.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-25] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-25] (globalUpdate) [File not signed] R2 Huawei E3272; C:\ProgramData\MobileBrServ\mbbservice.exe [240720 2013-12-03] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed] R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S2 Multimedia mobilNET. RunOuc; C:\Program Files (x86)\Multimedia mobilNET\UpdateDog\ouc.exe [218624 2013-02-06] () [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-25] (SysTool PasSame LIMITED) [File not signed] S3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-05-29] (Duplex Secure Ltd.) S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 00:05 - 2015-01-26 00:07 - 00022928 _____ () C:\Users\win7\Downloads\FRST.txt 2015-01-26 00:05 - 2015-01-26 00:05 - 00000000 ____D () C:\FRST 2015-01-26 00:04 - 2015-01-26 00:04 - 02129920 _____ (Farbar) C:\Users\win7\Downloads\FRST64.exe 2015-01-25 23:41 - 2015-01-25 23:41 - 00000469 _____ () C:\Windows\SynInst.log 2015-01-25 23:25 - 2015-01-25 23:25 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-01-25 23:25 - 2015-01-25 23:25 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-01-25 23:24 - 2015-01-25 23:24 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-01-25 23:23 - 2015-01-25 23:43 - 00001332 _____ () C:\Windows\Tasks\KVKOP.job 2015-01-25 23:23 - 2015-01-25 23:43 - 00001332 _____ () C:\Windows\Tasks\IEBUZ.job 2015-01-25 23:23 - 2015-01-25 23:43 - 00000890 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-01-25 23:23 - 2015-01-25 23:28 - 00000894 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-01-25 23:23 - 2015-01-25 23:23 - 01820648 _____ (joep) C:\Users\win7\AppData\Roaming\IEBUZ.exe 2015-01-25 23:23 - 2015-01-25 23:23 - 01495016 _____ (joep) C:\Users\win7\AppData\Roaming\KVKOP.exe 2015-01-25 23:23 - 2015-01-25 23:23 - 00004366 _____ () C:\Windows\System32\Tasks\KVKOP 2015-01-25 23:23 - 2015-01-25 23:23 - 00004366 _____ () C:\Windows\System32\Tasks\IEBUZ 2015-01-25 23:23 - 2015-01-25 23:23 - 00003892 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2015-01-25 23:23 - 2015-01-25 23:23 - 00003638 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2015-01-25 23:20 - 2015-01-25 23:20 - 00065472 _____ () C:\Users\win7\Downloads\FLVPlayer-FF.exe 2015-01-19 11:45 - 2015-01-25 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-15 10:45 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 10:45 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 10:45 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 10:45 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-15 10:45 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-15 10:45 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-15 10:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-15 10:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-15 10:45 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-15 10:45 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-15 10:45 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 10:45 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-15 10:45 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-04 22:26 - 2015-01-04 22:26 - 00000662 _____ () C:\Users\Public\Desktop\ChomikBox.lnk 2015-01-04 22:25 - 2015-01-04 22:26 - 28266496 _____ () C:\Users\win7\Desktop\ChomikBox.msi 2014-12-29 18:32 - 2014-12-29 18:32 - 00000000 ____D () C:\Users\win7\AppData\Local\TeamViewer 2014-12-29 18:31 - 2014-12-29 18:31 - 00000935 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2014-12-27 14:12 - 2014-12-27 14:12 - 01054912 _____ (Adobe) C:\Users\win7\Desktop\install_flashplayer16x32au_mssd_aaa_aih.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 00:06 - 2013-02-10 21:07 - 00000000 ____D () C:\Users\win7\AppData\Roaming\Skype 2015-01-25 23:51 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-25 23:51 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-25 23:47 - 2013-01-24 13:54 - 01893304 _____ () C:\Windows\WindowsUpdate.log 2015-01-25 23:44 - 2009-08-22 07:01 - 00408109 _____ () C:\Windows\PLaunch.log 2015-01-25 23:44 - 2009-08-22 06:12 - 01033337 _____ () C:\Windows\launApp.log 2015-01-25 23:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-25 23:43 - 2009-07-14 05:51 - 00122630 _____ () C:\Windows\setupact.log 2015-01-25 23:41 - 2014-08-31 18:41 - 00000000 ____D () C:\Program Files (x86)\Sims 2015-01-25 23:34 - 2013-01-27 17:44 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-25 23:34 - 2009-08-22 09:34 - 00784744 _____ () C:\Windows\PFRO.log 2015-01-25 23:24 - 2013-01-24 14:11 - 00001217 _____ () C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-25 23:23 - 2014-09-17 18:56 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-01-25 23:10 - 2013-01-27 17:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 23:10 - 2013-01-27 17:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 23:10 - 2013-01-27 17:44 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-24 20:56 - 2013-03-24 15:59 - 00000000 ____D () C:\Users\win7\AppData\Local\ChomikBox 2015-01-24 19:22 - 2013-03-24 15:59 - 00000000 ____D () C:\Users\win7\.gstreamer-0.10 2015-01-24 18:48 - 2014-12-22 08:05 - 00000000 ____D () C:\Users\win7\Desktop\zus 2015-01-24 18:48 - 2013-01-24 22:32 - 00740688 _____ () C:\Windows\system32\perfh015.dat 2015-01-24 18:48 - 2013-01-24 22:32 - 00156230 _____ () C:\Windows\system32\perfc015.dat 2015-01-24 18:48 - 2009-07-14 06:13 - 01670590 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-23 18:15 - 2014-05-01 18:13 - 00001453 _____ () C:\Users\win7\Desktop\kamery.txt 2015-01-16 09:29 - 2013-08-15 00:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 09:22 - 2013-01-24 18:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 14:46 - 2013-01-25 15:42 - 00000000 ____D () C:\Users\win7\AppData\Roaming\vlc 2015-01-13 17:32 - 2009-07-14 06:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-12 18:38 - 2013-03-04 00:11 - 00000000 ____D () C:\Users\win7\AppData\Roaming\ipla 2015-01-12 18:38 - 2013-03-04 00:11 - 00000000 ____D () C:\ProgramData\ipla 2015-01-10 17:42 - 2014-12-18 21:00 - 00036864 _____ () C:\Users\win7\Desktop\Kamery 2A,15.xls 2015-01-04 22:26 - 2014-08-31 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl 2015-01-04 22:26 - 2014-08-31 18:18 - 00000000 ____D () C:\Program Files (x86)\ChomikBox 2014-12-31 12:14 - 2013-01-24 14:22 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-29 22:20 - 2013-02-13 17:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-12-29 22:09 - 2013-01-24 14:10 - 00117296 _____ () C:\Users\win7\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 22:08 - 2009-07-14 05:45 - 00446160 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2009-08-22 09:43 - 2009-02-10 20:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico 2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\win7\AppData\Roaming\IEBUZ 2015-01-25 23:23 - 2015-01-25 23:23 - 1820648 _____ (joep) C:\Users\win7\AppData\Roaming\IEBUZ.exe 2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\win7\AppData\Roaming\KVKOP 2015-01-25 23:23 - 2015-01-25 23:23 - 1495016 _____ (joep) C:\Users\win7\AppData\Roaming\KVKOP.exe 2014-06-07 21:02 - 2014-06-07 21:02 - 0000600 _____ () C:\Users\win7\AppData\Roaming\winscp.rnd 2013-01-26 12:35 - 2013-01-26 12:38 - 0006288 _____ () C:\Users\win7\AppData\Local\MyWinLockerInstaller.txt-20130126.log 2013-01-24 14:17 - 2013-01-24 14:22 - 0007825 _____ () C:\ProgramData\ArcadeDeluxe3.log 2009-08-22 09:44 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe Some content of TEMP: ==================== C:\Users\win7\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe C:\Users\win7\AppData\Local\Temp\appshat-distribution.exe C:\Users\win7\AppData\Local\Temp\bitool.dll C:\Users\win7\AppData\Local\Temp\CloudBackup3601.exe C:\Users\win7\AppData\Local\Temp\DseShExt-x64.dll C:\Users\win7\AppData\Local\Temp\DseShExt-x86.dll C:\Users\win7\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.14.exe C:\Users\win7\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe C:\Users\win7\AppData\Local\Temp\ipl4A48.tmp.exe C:\Users\win7\AppData\Local\Temp\ipl50F5.tmp.exe C:\Users\win7\AppData\Local\Temp\ipl7C8E.tmp.exe C:\Users\win7\AppData\Local\Temp\ipl8036.tmp.exe C:\Users\win7\AppData\Local\Temp\ipl8343.tmp.exe C:\Users\win7\AppData\Local\Temp\ipl8EC7.tmp.exe C:\Users\win7\AppData\Local\Temp\iplBEED.tmp.exe C:\Users\win7\AppData\Local\Temp\iplE2CF.tmp.exe C:\Users\win7\AppData\Local\Temp\iplF518.tmp.exe C:\Users\win7\AppData\Local\Temp\iplF739.tmp.exe C:\Users\win7\AppData\Local\Temp\iplFD04.tmp.exe C:\Users\win7\AppData\Local\Temp\Quarantine.exe C:\Users\win7\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\win7\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\win7\AppData\Local\Temp\SkypeSetup.exe C:\Users\win7\AppData\Local\Temp\SpeedUpMyComputer.exe C:\Users\win7\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\win7\AppData\Local\Temp\vcredist_x64.exe C:\Users\win7\AppData\Local\Temp\VSUSetup.exe C:\Users\win7\AppData\Local\Temp\_is8C18.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-25 18:08 ==================== End Of Log ============================