Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Tomek (administrator) on BLACK on 19-06-2015 21:18:03 Running from C:\Users\Tomek\Desktop\Logi Loaded Profiles: Tomek (Available Profiles: Tomek) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe (http://lucky-tab.com/) C:\Program Files (x86)\LuckyTab\LuckyTab.exe (XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe (SearchProtect) C:\Program Files (x86)\MiuiTab\CmdShell.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (XTab system) C:\Program Files (x86)\MiuiTab\HPNotify.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Usługi Informatyczne Andrzej Ciupiński) C:\MK\SerwerU.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (ZTE) C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Tomek\Desktop\Logi\adwcleaner_4.206.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3484077856-2024222258-2036092784-1000\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [228352 2015-05-30] (Fieldston Software) HKU\S-1-5-21-3484077856-2024222258-2036092784-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-28] (Samsung) HKU\S-1-5-21-3484077856-2024222258-2036092784-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-28] (Samsung) HKU\S-1-5-21-3484077856-2024222258-2036092784-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-3484077856-2024222258-2036092784-1000\...\MountPoints2: {6dd94036-965c-11e2-9bd8-806e6f6e6963} - D:\Bin\ASSETUP.exe HKU\S-1-5-21-3484077856-2024222258-2036092784-1000\...\MountPoints2: {99a9cf4a-9d60-11e2-8be7-50465dac5db6} - F:\windows\Install\Install.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2013-04-06] ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-03-11] ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-11] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&q={searchTerms} HKU\S-1-5-21-3484077856-2024222258-2036092784-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635 HKU\S-1-5-21-3484077856-2024222258-2036092784-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635 SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1434140397&z=dc5fae962c545b139285908g7zfc4z2gbz4edcct4e&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&q={searchTerms} SearchScopes: HKU\S-1-5-21-3484077856-2024222258-2036092784-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=exp&utm_campaign=install_ie&utm_content=ds&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&ts=1434140446&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3484077856-2024222258-2036092784-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=exp&utm_campaign=install_ie&utm_content=ds&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&ts=1434140446&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3484077856-2024222258-2036092784-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=exp&utm_campaign=install_ie&utm_content=ds&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&ts=1434140446&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3484077856-2024222258-2036092784-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=exp&utm_campaign=install_ie&utm_content=ds&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&ts=1434140446&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3484077856-2024222258-2036092784-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=exp&utm_campaign=install_ie&utm_content=ds&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&ts=1434140446&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3484077856-2024222258-2036092784-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=exp&utm_campaign=install_ie&utm_content=ds&from=exp&uid=WDCXWD10EARS-003BB1_WD-WCAV5N79763597635&ts=1434140446&type=default&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-11] (Avast Software s.r.o.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH) BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-08] (Thinknice Co. Limited) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-11] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-11] (Avast Software s.r.o.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-11] (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH) DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: HKLM-x32 {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/bph/SignActivX.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: oursurfing FF SelectedSearchEngine: oursurfing FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-12] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-12] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\searchplugins\oursurfing.xml [2015-06-19] FF SearchPlugin: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\searchplugins\securesearch.xml [2015-06-02] FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\Extensions\LogMeInClient@logmein.com [2014-11-05] FF Extension: QuickSearch - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\Extensions\searchffv2@gmail.com [2015-06-12] FF Extension: BPH Sign Plugin - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\Extensions\SignPlugin@bph.pl [2013-03-27] FF Extension: Search Enginer - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\Extensions\sweetsearch@gmail.com [2015-06-12] FF Extension: MEGA - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\Extensions\firefox@mega.co.nz.xpi [2014-12-10] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2013-04-06] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-28] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-11] FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\extensions\searchffv2@gmail.com FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\76uca9mp.default\extensions\sweetsearch@gmail.com StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-11] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-11] (Avast Software s.r.o.) R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed] R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125056 2015-06-08] (XTab system) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-03-29] () [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-06-17] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [234856 2015-06-17] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 SerwerMK; c:\MK\SerwerU.exe [217016 2015-04-03] (Usługi Informatyczne Andrzej Ciupiński) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [695976 2015-06-12] (DTools LIMITED) <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-11] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-11] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-11] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-11] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-11] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-11] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-11] () R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed] R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed] R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-07-13] (Paragon Software Group) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-28] (LogMeIn, Inc.) S4 LMIRfsClientNP; No ImagePath R3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [95744 2008-05-22] () R3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [126464 2008-05-22] () S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-04-27] (MCCI Corporation) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed] R1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed] R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-02-18] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-02-18] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-02-18] (Paragon) S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-19 21:14 - 2015-06-19 21:16 - 00000000 ____D C:\AdwCleaner 2015-06-19 21:02 - 2015-06-19 21:18 - 00000000 ____D C:\FRST 2015-06-12 22:20 - 2015-06-12 22:20 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\SimpleFiles 2015-06-12 22:20 - 2015-06-12 22:20 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\oursurfing 2015-06-12 22:20 - 2015-06-12 22:20 - 00000000 ____D C:\ProgramData\WindowsMangerProtect 2015-06-12 22:20 - 2015-06-12 22:20 - 00000000 ____D C:\ProgramData\IHProtectUpDate 2015-06-12 22:20 - 2015-06-12 22:20 - 00000000 ____D C:\Program Files (x86)\MiuiTab 2015-06-12 22:19 - 2015-06-12 22:19 - 00003394 _____ C:\Windows\System32\Tasks\LuckyTab 2015-06-12 22:19 - 2015-06-12 22:19 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab 2015-06-12 22:19 - 2015-06-12 22:19 - 00000000 ____D C:\Program Files (x86)\LuckyTab 2015-06-12 10:06 - 2015-06-12 10:19 - 18169520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-06-04 15:06 - 2015-06-04 15:06 - 00000000 ____D C:\Users\Tomek\AppData\Local\GWX 2015-06-03 18:40 - 2015-06-19 21:18 - 00000000 ____D C:\Users\Tomek\Desktop\Logi 2015-06-03 18:10 - 2015-06-03 18:10 - 00007608 _____ C:\Users\Tomek\AppData\Local\Resmon.ResmonCfg 2015-06-02 23:02 - 2015-06-02 23:02 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\LavasoftStatistics 2015-06-02 23:01 - 2015-06-03 18:12 - 00002840 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2015-06-02 23:01 - 2015-06-03 18:12 - 00002840 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-06-02 23:01 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-06-02 23:01 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-06-02 23:00 - 2015-06-03 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-06-02 20:49 - 2015-06-02 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-02 18:11 - 2015-06-19 21:05 - 00017850 _____ C:\Windows\PFRO.log 2015-05-31 22:03 - 2015-05-31 22:03 - 00000000 ____D C:\ProgramData\19338565221391210 2015-05-31 21:58 - 2015-05-31 22:05 - 00000000 ____D C:\Program Files (x86)\SysTools PST Merge 2015-05-31 21:58 - 2015-05-31 21:58 - 00001074 _____ C:\Users\Public\Desktop\SysTools PST Merge.lnk 2015-05-31 21:58 - 2015-05-31 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools PST Merge 2015-05-31 21:53 - 2015-05-31 21:58 - 07957632 _____ (SysTools Software Pvt Ltd ) C:\Users\Tomek\Downloads\pst-merge.exe 2015-05-28 23:02 - 2015-06-19 21:05 - 00002078 _____ C:\Windows\setupact.log 2015-05-28 23:02 - 2015-05-28 23:02 - 00000000 _____ C:\Windows\setuperr.log 2015-05-24 20:01 - 2015-05-24 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-23 10:00 - 2015-05-23 10:00 - 17337589 _____ C:\Users\Tomek\Downloads\cd140201.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-19 21:13 - 2013-03-26 23:34 - 01954232 _____ C:\Windows\WindowsUpdate.log 2015-06-19 21:12 - 2009-07-14 06:45 - 00028384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-19 21:12 - 2009-07-14 06:45 - 00028384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-19 21:07 - 2014-01-26 17:39 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk 2015-06-19 21:07 - 2014-01-26 17:39 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2015-06-19 21:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-19 21:02 - 2015-03-14 12:25 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0 2015-06-19 21:02 - 2013-03-27 10:04 - 00001461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-19 21:02 - 2013-03-26 23:39 - 00001723 _____ C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-19 21:00 - 2013-03-27 21:55 - 00000000 ____D C:\Users\Tomek\Documents\Pliki programu Outlook 2015-06-19 20:22 - 2014-06-11 19:42 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\gSyncit 2015-06-19 20:19 - 2013-03-27 20:10 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-19 08:57 - 2013-05-05 21:04 - 00000000 ____D C:\ProgramData\LogMeIn 2015-06-17 22:23 - 2013-05-05 21:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2015-06-17 22:21 - 2013-05-05 21:04 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2015-06-17 22:21 - 2013-05-05 21:04 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2015-06-17 22:21 - 2013-05-05 21:04 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2015-06-17 17:03 - 2009-07-14 19:55 - 00740438 _____ C:\Windows\system32\perfh015.dat 2015-06-17 17:03 - 2009-07-14 19:55 - 00156012 _____ C:\Windows\system32\perfc015.dat 2015-06-17 17:03 - 2009-07-14 07:13 - 01670590 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-12 10:20 - 2013-03-27 20:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-12 10:20 - 2013-03-27 20:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-12 10:20 - 2013-03-27 20:10 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-04 21:02 - 2014-02-11 21:28 - 00000000 ____D C:\Users\Tomek\Desktop\Filmy do sprawdzenia 2015-06-04 14:56 - 2015-05-11 20:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-06-04 14:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-02 22:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas 2015-06-02 18:21 - 2013-03-26 23:39 - 00000000 __SHD C:\Recovery 2015-05-31 21:22 - 2013-03-27 20:00 - 00000000 ____D C:\Users\Tomek\Downloads\ChomikBox 2015-05-31 21:15 - 2013-05-03 12:04 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\vlc 2015-05-28 23:02 - 2013-03-27 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-25 22:35 - 2014-01-02 21:21 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\Notepad++ 2015-05-23 23:54 - 2015-04-17 14:13 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-23 23:54 - 2015-04-17 14:13 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-23 12:16 - 2014-08-20 17:59 - 00000000 ____D C:\Users\Tomek\AppData\Local\Adobe 2015-05-23 11:16 - 2013-08-17 04:02 - 00000000 ____D C:\Windows\rescache ==================== Files in the root of some directories ======= 2012-10-12 01:50 - 2013-08-19 18:50 - 0049738 _____ () C:\Program Files (x86)\AutoMapa EU.md5 2013-03-31 23:49 - 2013-04-07 18:45 - 0000135 _____ () C:\Users\Tomek\AppData\Roaming\default.rss 2013-12-29 22:38 - 2015-01-02 17:59 - 0000600 _____ () C:\Users\Tomek\AppData\Local\PUTTY.RND 2015-01-13 23:40 - 2015-01-13 23:40 - 0000218 _____ () C:\Users\Tomek\AppData\Local\recently-used.xbel 2015-06-03 18:10 - 2015-06-03 18:10 - 0007608 _____ () C:\Users\Tomek\AppData\Local\Resmon.ResmonCfg 2013-04-10 21:42 - 2013-04-10 21:42 - 0002422 _____ () C:\Users\Tomek\AppData\Local\unins000.dat 2013-04-10 21:42 - 2013-04-10 21:42 - 0707504 _____ () C:\Users\Tomek\AppData\Local\unins000.exe 2013-04-10 21:42 - 2013-04-10 21:42 - 0011761 _____ () C:\Users\Tomek\AppData\Local\unins000.msg 2014-01-19 00:47 - 2014-01-19 00:50 - 0002220 _____ () C:\Users\Tomek\AppData\Local\WiDiSetupLog.20140118.234710.txt 2014-01-19 00:58 - 2014-01-19 00:59 - 0002220 _____ () C:\Users\Tomek\AppData\Local\WiDiSetupLog.20140118.235856.txt 2014-12-10 19:36 - 2015-01-13 23:19 - 0005771 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Tomek\AppData\Local\Temp\Quarantine.exe C:\Users\Tomek\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-15 14:03 ==================== End of log ============================