Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015 Ran by Pawel.Zawadzki (administrator) on YAPP-DLG17 (24-08-2015 11:16:25) Running from C:\Users\pawel.zawadzki\Downloads Loaded Profiles: Pawel.Zawadzki (Available Profiles: Pawel.Zawadzki & tomasz.smeja & Administrator) Platform: Windows 7 Professional Service Pack 1 (X64) Language: Polski (Polska) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe (Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe () D:\Datum Memory Booster\memBoost.exe (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-525 revA\AirNCFG.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\LyncCam.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SAP AG) C:\Program Files (x86)\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-11] (Realtek Semiconductor) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [23352 2012-02-22] () HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2230608 2012-12-07] (Trend Micro Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation) HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [20480 2004-12-03] (IBM Corporation) HKLM-x32\...\Run: [Client Access Check Version] => C:\Program Files (x86)\IBM\Client Access\cwbckver.exe [45106 2004-12-03] (IBM Corporation) HKLM-x32\...\Run: [Client Access Express Welcome] => C:\Program Files (x86)\IBM\Client Access\cwbwlwiz.exe [20530 2004-12-03] (IBM Corporation) HKLM-x32\...\Run: [Client Access PC5250 Sound] => C:\Program Files (x86)\IBM\Client Access\Emulator\pcssnd.exe [40960 2004-12-03] (IBM Corporation) HKLM-x32\...\Run: [D-Link D-Link DWA-525] => C:\Program Files (x86)\D-Link\DWA-525 revA\AirNCFG.exe [1074496 2011-08-29] (D-Link Corp.) HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [11937552 2010-10-22] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-21] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-449068364-4053775113-1626773979-97692\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) Startup: C:\Users\pawel.zawadzki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rizone Memory Booster.lnk [2013-06-28] ShortcutTarget: Rizone Memory Booster.lnk -> D:\Datum Memory Booster\memBoost.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-21] (AVAST Software) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-449068364-4053775113-1626773979-97692] => http://10.42.251.8/proxy/wpad.PAC HKU\S-1-5-21-449068364-4053775113-1626773979-97692\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.lenovo.com/ HKU\S-1-5-21-449068364-4053775113-1626773979-97692\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-449068364-4053775113-1626773979-97692\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ciyazysp00.yel.yazaki.local:8000/sap/bc/nwbc/srm/ HKU\S-1-5-21-449068364-4053775113-1626773979-97692\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-449068364-4053775113-1626773979-97692 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_plPL539PL540 SearchScopes: HKU\S-1-5-21-449068364-4053775113-1626773979-97692 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_plPL539PL540 BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-21] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation) BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2012-08-08] (Trend Micro Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-21] (AVAST Software) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation) Toolbar: HKU\S-1-5-21-449068364-4053775113-1626773979-97692 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2012-08-08] (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 10.42.250.1 10.42.251.201 10.42.59.131 10.48.2.241 Tcpip\..\Interfaces\{045E4331-043A-497B-8740-B67ACCF4D775}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{5C0F8D3C-E4FB-4FE4-AF63-B23E8EB09078}: [DhcpNameServer] 10.42.250.1 10.42.251.201 10.42.59.131 10.48.2.241 Tcpip\..\Interfaces\{76E22601-BCC0-4FA7-943F-ACC4AEE5F517}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{96E47EA9-30DC-45BD-8626-E85CB10B005D}: [DhcpNameServer] 10.42.251.201 10.42.251.3 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll [2010-08-26] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-449068364-4053775113-1626773979-97692: LWAPlugin15.8 -> C:\Users\pawel.zawadzki\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2010-10-22] () FF Plugin ProgramFiles/Appdata: C:\Users\pawel.zawadzki\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension [2013-06-07] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-21] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-04-04] Chrome: ======= CHR Profile: C:\Users\pawel.zawadzki\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\pawel.zawadzki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-07] CHR Extension: (Google Drive) - C:\Users\pawel.zawadzki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-07] CHR Extension: (YouTube) - C:\Users\pawel.zawadzki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-07] CHR Extension: (Google Search) - C:\Users\pawel.zawadzki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\pawel.zawadzki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\pawel.zawadzki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-07] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-21] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-21] (AVAST Software) S3 Cwbrxd; C:\Windows\CWBRXD.EXE [57344 2003-10-07] (IBM Corporation) [File not signed] R2 D_Link_DWA-525_WPS; C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed] R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo) R2 Huawei E3272; C:\ProgramData\MobileBrServ\mbbservice.exe [240720 2013-12-03] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-23] (Lenovo) [File not signed] R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3015992 2012-12-06] (Trend Micro Inc.) R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [165568 2012-06-19] (SAP AG) R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [70968 2012-02-22] (Lenovo) S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [165176 2012-02-22] (Lenovo Group Limited) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572464 2012-10-30] (Trend Micro Inc.) R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3116656 2013-01-04] (Trend Micro Inc.) R3 TmPfw; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.) R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-03] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-21] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-21] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-21] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-21] (AVAST Software) S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider) R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo) S3 netr28x; C:\Windows\System32\DRIVERS\Dnetr28x.sys [1488448 2011-04-19] (Ralink Technology, Corp.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.) R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.) R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.) R1 TmLwf; C:\Windows\System32\DRIVERS\tmlwf.sys [197432 2012-06-21] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-12-07] (Trend Micro Inc.) R2 tmWfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338232 2012-06-21] (Trend Micro Inc.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-24 11:16 - 2015-08-24 11:17 - 00023731 _____ C:\Users\pawel.zawadzki\Downloads\FRST.txt 2015-08-24 11:15 - 2015-08-24 11:16 - 00000000 ____D C:\FRST 2015-08-24 11:14 - 2015-08-24 11:14 - 02173952 _____ (Farbar) C:\Users\pawel.zawadzki\Downloads\FRST64.exe 2015-08-24 11:14 - 2015-08-24 11:14 - 00380416 _____ C:\Users\pawel.zawadzki\Downloads\t7suny0y.exe 2015-08-21 12:57 - 2015-08-21 12:57 - 00000000 ____D C:\Users\pawel.zawadzki\AppData\Roaming\AVAST Software 2015-08-21 12:56 - 2015-08-21 12:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-08-21 12:56 - 2015-08-21 12:56 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-08-21 12:56 - 2015-08-21 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-08-21 12:55 - 2015-08-21 12:56 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-08-21 12:55 - 2015-08-21 12:55 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-21 12:55 - 2015-08-21 12:55 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-21 12:55 - 2015-08-21 12:55 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-21 12:55 - 2015-08-21 12:55 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-08-21 12:55 - 2015-08-21 12:55 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-08-21 12:55 - 2015-08-21 12:55 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-21 12:55 - 2015-08-21 12:55 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-08-21 12:55 - 2015-08-21 12:55 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-08-21 12:55 - 2015-08-21 12:55 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-21 12:54 - 2015-08-21 12:54 - 00000000 ____D C:\Program Files\AVAST Software 2015-08-21 12:53 - 2015-08-21 12:53 - 03459152 ____N (AVAST Software) C:\Users\Public\Documents\aswOfferTool.exe 2015-08-21 12:52 - 2015-08-21 12:52 - 05481344 _____ (Avast Software s.r.o.) C:\Users\pawel.zawadzki\Downloads\avast_free_antivirus_setup_online_dobreprogramy.exe 2015-08-21 12:52 - 2015-08-21 12:52 - 00000000 ____D C:\ProgramData\AVAST Software 2015-08-21 09:25 - 2015-08-21 09:25 - 00007666 _____ C:\Users\pawel.zawadzki\AppData\Local\Resmon.ResmonCfg 2015-08-19 12:03 - 2015-08-19 14:33 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-08-19 12:03 - 2015-08-19 12:03 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-08-19 12:03 - 2015-08-19 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-08-19 12:03 - 2015-08-19 12:03 - 00000000 ____D C:\Program Files\CCleaner 2015-08-19 12:00 - 2015-08-19 11:59 - 06609608 _____ (Piriform Ltd) C:\Users\Administrator.YAPP-DLG10\Desktop\ccsetup508.exe 2015-08-19 11:59 - 2015-08-19 11:59 - 06609608 _____ (Piriform Ltd) C:\Users\Administrator.YAPP-DLG10\Downloads\ccsetup508.exe 2015-08-19 11:46 - 2015-08-19 12:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-08-19 11:46 - 2015-08-19 11:46 - 00001265 _____ C:\Users\Administrator.YAPP-DLG10\Desktop\Spybot - Search & Destroy.lnk 2015-08-19 11:46 - 2015-08-19 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2015-08-19 11:46 - 2015-08-19 11:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2015-08-19 11:45 - 2011-04-19 08:47 - 16409960 _____ (Safer Networking Limited ) C:\Users\Administrator.YAPP-DLG10\Desktop\spybotsd162.exe 2015-08-19 11:42 - 2015-08-19 11:42 - 00000000 ____D C:\Users\Administrator.YAPP-DLG10\AppData\Local\Google 2015-08-19 09:11 - 2015-08-19 09:11 - 00000000 ___SD C:\Users\pawel.zawadzki\GG dysk 2015-08-19 09:08 - 2015-08-20 08:09 - 00000000 ____D C:\Users\pawel.zawadzki\AppData\Local\GG 2015-08-19 09:08 - 2015-08-19 09:08 - 00001188 _____ C:\Users\pawel.zawadzki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2015-08-19 09:08 - 2015-08-19 09:08 - 00001149 _____ C:\Users\pawel.zawadzki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk 2015-08-19 09:08 - 2015-08-19 09:08 - 00001141 _____ C:\Users\pawel.zawadzki\Desktop\GG.lnk 2015-08-19 09:08 - 2015-08-19 09:08 - 00000000 ____D C:\Users\pawel.zawadzki\AppData\Local\OpenFM 2015-08-19 09:08 - 2015-08-19 09:08 - 00000000 ____D C:\ProgramData\GG 2015-08-18 15:06 - 2015-08-18 15:06 - 00000165 ____H C:\Users\pawel.zawadzki\Desktop\~$Kopia Urlop 2015.xlsx 2015-08-17 09:54 - 2015-08-17 09:55 - 00000650 _____ C:\Users\pawel.zawadzki\Desktop\skany.lnk 2015-07-31 09:40 - 2015-07-31 09:52 - 00346313 _____ C:\Users\pawel.zawadzki\Desktop\export.XLSX 2015-07-29 11:43 - 2015-07-29 11:43 - 00154832 _____ C:\Users\pawel.zawadzki\Desktop\lear.XLSX 2015-07-28 16:15 - 2015-07-28 16:15 - 00107081 _____ C:\Users\pawel.zawadzki\Desktop\Kopia Kopie - kody TE.xlsx 2015-07-27 14:55 - 2015-07-27 15:24 - 00035539 _____ C:\Users\pawel.zawadzki\Desktop\Molex EDI.XLSX ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-24 11:17 - 2009-07-14 06:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-24 11:17 - 2009-07-14 06:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-24 11:14 - 2013-06-07 10:04 - 07813774 _____ C:\Windows\SysWOW64\TmInstall.log 2015-08-24 11:14 - 2013-06-07 10:03 - 04220476 _____ C:\Windows\system32\TmInstall.log 2015-08-24 11:13 - 2013-04-04 22:29 - 02034801 _____ C:\Windows\WindowsUpdate.log 2015-08-24 11:10 - 2013-08-01 12:10 - 00002220 __RSH C:\Users\pawel.zawadzki\ntuser.pol 2015-08-24 11:10 - 2013-06-07 11:44 - 00000000 ____D C:\Users\pawel.zawadzki 2015-08-24 11:10 - 2013-06-07 09:05 - 00032924 __RSH C:\ProgramData\ntuser.pol 2015-08-24 11:10 - 2013-06-07 09:04 - 00001872 _____ C:\Windows\system32\config\netlogon.ftl 2015-08-24 11:10 - 2013-04-04 22:41 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-24 11:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-24 11:09 - 2009-07-14 06:51 - 00104642 _____ C:\Windows\setupact.log 2015-08-24 10:38 - 2014-10-10 12:47 - 00000000 ____D C:\Users\pawel.zawadzki\AppData\Roaming\SAP 2015-08-24 10:38 - 2014-10-10 12:41 - 00000000 ____D C:\Users\pawel.zawadzki\AppData\Local\SAP 2015-08-24 10:33 - 2013-04-04 22:41 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-24 09:04 - 2010-11-21 05:47 - 00465834 _____ C:\Windows\PFRO.log 2015-08-21 16:22 - 2013-06-07 11:38 - 00000000 ____D C:\Users\pawel.zawadzki\AppData\Roaming\GG 2015-08-21 12:07 - 2014-05-16 13:58 - 00000000 ____D C:\Users\pawel.zawadzki\Tracing 2015-08-19 11:42 - 2015-03-25 15:34 - 00000000 ____D C:\Users\Administrator.YAPP-DLG10\Tracing ==================== Files in the root of some directories ======= 2015-08-21 09:25 - 2015-08-21 09:25 - 0007666 _____ () C:\Users\pawel.zawadzki\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\pawel.zawadzki\AppData\Local\Temp\ggdrive-menu.exe C:\Users\pawel.zawadzki\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\pawel.zawadzki\AppData\Local\Temp\installstats.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-29 12:15 ==================== End of log ============================