Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.10.2018 Ran by Abdul (administrator) on ICEK-PC (05-10-2018 10:29:13) Running from C:\Users\Abdul\Downloads Loaded Profiles: Abdul (Available Profiles: Abdul & DefaultAppPool) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe (EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lavalys, Inc.) C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe () C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [1393968 2013-05-21] (Broadcom Corporation.) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2000-01-01] (Realtek Semiconductor) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [70760 2017-03-17] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [296664 2017-05-12] (Lenovo Group Limited) HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4018976 2015-12-23] (LITE-ON TECHNOLOGY CORP.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-10-31] (Synaptics Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-1424964050-4075931534-2762628130-1000\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10177536 2018-05-28] (FreeDownloadManager.org) HKU\S-1-5-21-1424964050-4075931534-2762628130-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (Disc Soft Ltd) HKU\S-1-5-18\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10177536 2018-05-28] (FreeDownloadManager.org) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.100.252 Tcpip\..\Interfaces\{3B166281-ABCD-4390-905F-19D5DD8B3B27}: [DhcpNameServer] 192.168.100.252 Tcpip\..\Interfaces\{4C2BB272-1698-4B46-AB7C-CB172A716D30}: [DhcpNameServer] 192.168.100.252 Tcpip\..\Interfaces\{555F09B3-4179-4599-A00B-8D2CA21339C2}: [DhcpNameServer] 192.168.100.252 Tcpip\..\Interfaces\{61494255-6366-4216-B90F-77EB237B21F2}: [DhcpNameServer] 192.168.100.252 Tcpip\..\Interfaces\{BC89FFD5-A246-4D50-827B-AB9F3923D2CD}: [DhcpNameServer] 192.168.100.252 Internet Explorer: ================== SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-08-23] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation) BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-03-13] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-03-13] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-03-13] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-03-13] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: kxvuplcd.default FF ProfilePath: C:\Users\Abdul\AppData\Roaming\Mozilla\Firefox\Profiles\kxvuplcd.default [2018-09-27] FF Extension: (Download Youtube Video) - C:\Users\Abdul\AppData\Roaming\Mozilla\Firefox\Profiles\kxvuplcd.default\Extensions\{579822b5-d5d0-4316-8b71-83a53c756378}.xpi [2018-05-05] FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Abdul\AppData\Roaming\Mozilla\Firefox\Profiles\kxvuplcd.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-09-27] FF Extension: (Adblock Plus) - C:\Users\Abdul\AppData\Roaming\Mozilla\Firefox\Profiles\kxvuplcd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-09-04] FF Extension: (Firefox Monitor) - C:\Users\Abdul\AppData\Roaming\Mozilla\Firefox\Profiles\kxvuplcd.default\features\{e6ccbcd8-e822-4717-85c1-ba1845b6b7b6}\fxmonitor@mozilla.org.xpi [2018-09-27] FF Extension: (Telemetry coverage) - C:\Users\Abdul\AppData\Roaming\Mozilla\Firefox\Profiles\kxvuplcd.default\features\{e6ccbcd8-e822-4717-85c1-ba1845b6b7b6}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-27] [Legacy] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-23] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) Chrome: ======= CHR Profile: C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default [2018-10-05] CHR Extension: (Prezentacje) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-28] CHR Extension: (Free Download Manager) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2018-08-06] CHR Extension: (Flash Video Downloader) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-23] CHR Extension: (Dokumenty) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-28] CHR Extension: (Dysk Google) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-28] CHR Extension: (YouTube) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-28] CHR Extension: (Arkusze) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-28] CHR Extension: (Dokumenty Google offline) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21] CHR Extension: (AdBlock) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-19] CHR Extension: (Backspace to go Back) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlffgllnjjkheddehpolbanogdeaogbc [2018-04-12] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11] CHR Extension: (Gmail) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Abdul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-05] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (Disc Soft Ltd) R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-08-19] (EnigmaSoft Limited) R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-18] (Condusiv Technologies) R2 GobiQDLService; C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [312688 2011-11-25] (Sierra Wireless, Inc.) S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [533632 2017-12-02] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [169176 2017-05-12] (Lenovo Group Limited) S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [271128 2017-06-09] (Lenovo) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] () [File not signed] R2 QDLService2kDell; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [330488 2010-01-14] (QUALCOMM, Inc.) R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-08-19] (EnigmaSoft Limited) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.) R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23880 2018-03-26] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AtiDCM; C:\Program Files\AMD\CIM\BIN64\atdcm64a.sys [33992 2015-08-04] (Advanced Micro Devices, Inc.) S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [71168 2009-09-15] (Intel Corporation) [File not signed] S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [159752 2017-11-20] (Motorola Solutions, Inc.) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-04-20] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-04-20] (Disc Soft Ltd) R3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-10-05] (EnigmaSoft Limited) R3 EverestDriver; C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [26752 2010-03-31] () R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25840 2013-11-18] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [117488 2013-11-18] (Condusiv Technologies) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-05] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) R1 MpKsl780833e6; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0896EA06-3EBC-48F5-B2E4-6A6B3BE00B0B}\MpKsl780833e6.sys [58120 2018-10-05] (Microsoft Corporation) S3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2018-08-23] () R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation) S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-31] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-04-30] (Vimicro Corporation) S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X] S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X] S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-05 10:29 - 2018-10-05 10:29 - 000025120 _____ C:\Users\Abdul\Downloads\FRST.txt 2018-10-05 10:29 - 2018-10-05 10:29 - 000000000 ____D C:\FRST 2018-10-05 10:28 - 2018-10-05 10:28 - 002414080 _____ (Farbar) C:\Users\Abdul\Downloads\FRST64.exe 2018-10-05 10:26 - 2018-10-05 10:26 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-10-01 15:21 - 2018-10-01 15:24 - 000000000 ____D C:\Users\Abdul\Desktop\kurtkanike 2018-10-01 12:58 - 2018-10-01 12:58 - 000000967 _____ C:\Users\Abdul\Desktop\TechPowerUp GPU-Z.lnk 2018-10-01 12:58 - 2018-10-01 12:58 - 000000000 ____D C:\Users\Abdul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2018-10-01 12:58 - 2018-10-01 12:58 - 000000000 ____D C:\Program Files (x86)\GPU-Z 2018-10-01 12:56 - 2018-10-01 12:57 - 005260456 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Abdul\Downloads\GPU-Z.2.11.0.exe 2018-10-01 10:59 - 2018-10-01 11:00 - 000000000 ____D C:\Users\Abdul\Desktop\gigabyte760 2018-10-01 10:53 - 2018-10-01 10:53 - 000398504 _____ C:\Windows\Minidump\100118-8455-01.dmp 2018-09-29 10:29 - 2018-09-29 10:29 - 000280760 _____ C:\Windows\Minidump\092918-8392-01.dmp 2018-09-24 13:18 - 2018-09-24 13:18 - 000051337 _____ C:\Users\Abdul\Desktop\TR_DETAILS_20180924131755.pdf 2018-09-24 13:15 - 2018-09-24 13:15 - 000007681 _____ C:\Users\Abdul\Downloads\WebServerSessionExp (4).html 2018-09-23 12:25 - 2018-09-23 12:25 - 000214520 _____ C:\Users\Abdul\Downloads\WhatsApp+Image+2018-09-23+at+12.23.11+PM.jpeg 2018-09-23 12:23 - 2018-09-23 12:23 - 000214520 _____ C:\Users\Abdul\Desktop\WhatsApp Image 2018-09-23 at 12.23.11 PM.jpeg 2018-09-21 00:28 - 2018-09-21 00:28 - 000280760 _____ C:\Windows\Minidump\092118-8892-01.dmp 2018-09-20 16:58 - 2018-09-20 16:58 - 007611528 _____ C:\Users\Abdul\Desktop\2.mp4 2018-09-20 16:56 - 2018-09-20 16:56 - 004330302 _____ C:\Users\Abdul\Desktop\1.mp4 2018-09-20 13:12 - 2018-09-20 13:12 - 005066392 _____ C:\Users\Abdul\Desktop\WhatsApp Video 2018-09-20 at 1.10.01 PM.mp4 2018-09-20 10:39 - 2018-09-20 10:39 - 000000000 ____D C:\Users\Abdul\AppData\Local\mbamtray 2018-09-20 10:38 - 2018-09-20 10:38 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-20 10:38 - 2018-09-20 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-20 10:38 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-09-16 13:33 - 2018-09-16 13:33 - 000280760 _____ C:\Windows\Minidump\091618-8673-01.dmp 2018-09-11 07:41 - 2018-09-11 07:41 - 000007681 _____ C:\Users\Abdul\Downloads\WebServerSessionExp (3).html 2018-09-10 16:49 - 2018-09-10 16:49 - 000007681 _____ C:\Users\Abdul\Downloads\WebServerSessionExp (2).html 2018-09-10 16:48 - 2018-09-10 16:48 - 000007681 _____ C:\Users\Abdul\Downloads\WebServerSessionExp (1).html 2018-09-10 16:47 - 2018-09-10 16:47 - 000007681 _____ C:\Users\Abdul\Downloads\WebServerSessionExp.html 2018-09-10 12:31 - 2018-09-10 12:31 - 001803392 _____ (CPUID, Inc. ) C:\Users\Abdul\Downloads\cpu-z_1.86-en.exe 2018-09-10 12:31 - 2018-09-10 12:31 - 000000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2018-09-10 12:31 - 2018-09-10 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2018-09-10 12:31 - 2018-09-10 12:31 - 000000000 ____D C:\Program Files\CPUID 2018-09-08 10:08 - 2018-09-08 10:08 - 000000000 ____D C:\Users\Abdul\Documents\Niestandardowe szablony pakietu Office 2018-09-08 09:45 - 2018-09-08 09:45 - 000280760 _____ C:\Windows\Minidump\090818-8455-01.dmp 2018-09-07 19:04 - 2018-09-07 19:04 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk 2018-09-07 19:04 - 2018-09-07 19:04 - 000000000 ____D C:\Users\Abdul\AppData\Roaming\Skype 2018-09-07 19:04 - 2018-09-07 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-09-07 19:03 - 2018-09-07 19:03 - 062186048 _____ (Skype Technologies S.A.) C:\Users\Abdul\Downloads\Skype-8.29.0.50.exe 2018-09-07 11:57 - 2018-09-10 13:07 - 000000000 ____D C:\Users\Abdul\Desktop\ebay 2018-09-07 06:43 - 2018-09-07 06:43 - 000000000 ____D C:\Users\Abdul\AppData\Local\mbam 2018-09-06 07:06 - 2018-09-06 07:07 - 000000000 ____D C:\Users\Abdul\Desktop\glosniki 2018-09-05 12:27 - 2018-09-05 12:27 - 000401024 _____ C:\Windows\Minidump\090518-8346-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-05 10:30 - 2018-03-28 18:52 - 000000000 ____D C:\Users\Abdul\AppData\Local\Free Download Manager 2018-10-05 10:27 - 2018-04-17 20:41 - 000003186 _____ C:\Windows\System32\Tasks\EVEREST AutoStart 2018-10-05 10:26 - 2018-08-19 15:25 - 000061624 _____ (EnigmaSoft Limited) C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys 2018-10-05 10:26 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-10-04 13:47 - 2009-07-14 06:45 - 000031776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-10-04 13:47 - 2009-07-14 06:45 - 000031776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-10-04 13:46 - 2018-04-13 11:35 - 000000000 ____D C:\Users\Abdul\AppData\Local\Adobe 2018-10-04 13:40 - 2018-04-16 23:34 - 001612004 _____ C:\Windows\system32\perfh015.dat 2018-10-04 13:40 - 2018-04-16 23:34 - 000466476 _____ C:\Windows\system32\perfc015.dat 2018-10-04 13:40 - 2018-04-16 05:43 - 001031024 _____ C:\Windows\system32\perfh00C.dat 2018-10-04 13:40 - 2018-04-16 05:43 - 000441224 _____ C:\Windows\system32\perfc00C.dat 2018-10-04 13:40 - 2018-04-16 05:42 - 000841396 _____ C:\Windows\system32\perfh001.dat 2018-10-04 13:40 - 2018-04-16 05:42 - 000409114 _____ C:\Windows\system32\perfc001.dat 2018-10-04 13:40 - 2018-04-16 05:32 - 001074032 _____ C:\Windows\system32\perfh007.dat 2018-10-04 13:40 - 2018-04-16 05:32 - 000469026 _____ C:\Windows\system32\perfc007.dat 2018-10-04 13:40 - 2009-07-14 07:13 - 000007600 _____ C:\Windows\system32\PerfStringBackup.INI 2018-10-03 13:25 - 2018-08-29 21:45 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-10-03 07:30 - 2018-04-13 08:33 - 000001516 _____ C:\Users\Abdul\Documents\New Text Document (3).txt 2018-10-03 05:35 - 2009-07-14 07:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-10-01 10:53 - 2018-08-17 18:38 - 644649669 _____ C:\Windows\MEMORY.DMP 2018-10-01 10:53 - 2018-04-11 14:42 - 000000000 ____D C:\Windows\Minidump 2018-09-28 04:39 - 2018-05-05 14:18 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-09-28 04:39 - 2018-05-05 14:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-09-27 16:51 - 2018-05-05 14:18 - 000000000 ____D C:\Users\Abdul\AppData\LocalLow\Mozilla 2018-09-20 21:01 - 2018-08-29 21:46 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-09-18 03:22 - 2018-08-17 18:15 - 000000000 ____D C:\ProgramData\Lenovo 2018-09-18 03:13 - 2018-03-28 17:48 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-18 03:13 - 2018-03-28 17:48 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-07 06:47 - 2018-08-19 15:24 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited 2018-09-07 06:47 - 2018-08-17 18:25 - 000000000 ____D C:\Users\Abdul\AppData\Local\Rapan 2018-09-07 06:47 - 2018-07-22 11:25 - 000000000 ____D C:\Users\Abdul\AppData\Local\Sadake 2018-09-07 06:47 - 2018-07-14 00:25 - 000000000 ____D C:\Users\Abdul\AppData\Local\Bafifon 2018-09-07 06:19 - 2018-07-31 09:25 - 000000000 ____D C:\Users\Abdul\AppData\Local\Coculus 2018-09-06 07:05 - 2018-08-25 07:32 - 000000000 ____D C:\Users\Abdul\Desktop\allero ==================== Files in the root of some directories ======= 2018-05-02 00:25 - 2018-08-17 18:25 - 000000363 _____ () C:\Users\Abdul\AppData\Roaming\WB.CFG 2018-08-17 18:02 - 2018-08-17 18:02 - 000002202 _____ () C:\Users\Abdul\AppData\Local\WiDiSetupLog.20180817.180215.txt Some files in TEMP: ==================== 2018-05-16 10:25 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Abdul\AppData\Local\Temp\GLF9512.EXE 2018-05-16 10:59 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\Abdul\AppData\Local\Temp\GLF9A70.EXE 2018-05-16 10:59 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Abdul\AppData\Local\Temp\GLF9D3E.EXE 2018-05-16 11:21 - 2009-08-16 20:05 - 000046384 _____ (Sony Electronics, Inc) C:\Users\Abdul\AppData\Local\Temp\GLFED01.EXE 2018-05-16 11:21 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\Abdul\AppData\Local\Temp\GLFF06C.EXE 2018-08-01 17:45 - 2018-04-14 02:38 - 000141280 _____ (Irfan Skiljan, IrfanView) C:\Users\Abdul\AppData\Local\Temp\iv_uninstall.exe 2018-05-16 10:23 - 2018-05-16 10:23 - 000253016 _____ (SlimWare Utilities Holdings, Inc.) C:\Users\Abdul\AppData\Local\Temp\scpD8A3.tmp.exe 2011-07-13 00:50 - 2011-07-13 00:50 - 000193904 _____ () C:\Users\Abdul\AppData\Local\Temp\SWHelperQueryW.dll 2011-06-17 23:36 - 2011-06-17 23:36 - 000062832 _____ () C:\Users\Abdul\AppData\Local\Temp\SWHelperWrapper.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-09-25 06:32 ==================== End of FRST.txt ============================