Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05.2019 Ran by Mojo (administrator) on MOJORISIN (ASUSTeK Computer INC. 1215B) (01-05-2019 15:29:16) Running from C:\Users\Mojo\Downloads Loaded Profiles: Mojo (Available Profiles: Mojo & Renia & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 9 (Default browser: "C:\Program Files (x86)\Tooltony\Application\chrome.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\InterHop\InterHop.exe () [File not signed] C:\Users\Mojo\AppData\Roaming\dgadg\UvConverter.exe () [File not signed] C:\Users\Mojo\AppData\Roaming\Kyubey\Kyubey.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ASUSTeK Computer Inc. -> ) C:\Windows\SysWOW64\AsusService.exe (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc. -> AsusTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Chao Wei -> ) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Tooltony\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Tooltony\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Tooltony\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Tooltony\Application\chrome.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Tooltony\Application\chrome.exe (Huawei Software Technologies Co., LTD. -> ) C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (hxxp://www.amule.org/) [File not signed] C:\Program Files (x86)\amuleC\ed2k.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Wei Liu -> ) C:\ProgramData\Hipfat\Hipfat.exe (Wei Liu -> ) C:\ProgramData\Monold\protect\protect.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92456 2010-08-12] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Autodesk Sync] => [X] HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) HKLM-x32\...\Run: [HotkeyService] => C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) HKLM-x32\...\Run: [CapsHook] => C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUSTeK Computer Inc. -> ASUS) HKLM-x32\...\Run: [iSeriesCharge] => C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe [96176 2010-11-16] (ASUSTeK Computer Inc. -> AsusTek Computer Inc.) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk, Inc -> Autodesk Inc.) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd -> DT Soft Ltd) HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc -> Autodesk, Inc.) HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Tooltony\Application\chrome.exe [945496 2017-02-01] (Google Inc -> Google Inc.) HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\Policies\Explorer: [] HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\MountPoints2: G - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\MountPoints2: {0fe712dd-3d19-11e1-9a4f-74f06de60d6c} - F:\setup.exe HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\MountPoints2: {55d1b00c-3742-11e1-b4f3-74f06de60d6c} - E:\Setup.exe HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\MountPoints2: {a673c32c-aca0-11e6-b712-14dae92bfa1b} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\MountPoints2: {a7395f2a-34c6-11e2-b078-14dae92bfa1b} - G:\LaunchU3.exe -a HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\MountPoints2: {d97e7fb0-389d-11e1-9e50-74f06de60d6c} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc -> Autodesk, Inc.) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-14] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2010-05-22] (Broadcom Corporation -> Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-01-05] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {18A73F70-732E-4678-91E1-09BA3720A83D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-14] (Adobe Inc. -> Adobe) Task: {1E854F6D-22F3-4352-AAB8-FE78D54F9C1F} - System32\Tasks\e-pity2015a_kwiecien => C:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe Task: {216D1A81-9F9D-493B-ADC5-33FD48768636} - System32\Tasks\e-pity2015a_styczen => C:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe Task: {48A3B54E-5ABF-429B-B467-4B0362782F61} - System32\Tasks\{8215B4B4-55DC-448F-9162-65A2A2572035} => C:\Windows\system32\pcalua.exe -a C:\Users\Mojo\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=icp Task: {7230492D-B168-4732-B3CE-AD1556AC98F7} - System32\Tasks\HipfatUpdateTaskMachineCore => C:\Program Files (x86)\Hipfat\Update\HipfatUpdate.exe <==== ATTENTION Task: {7262D32B-05BC-4276-A03A-FE525EB41EA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.) Task: {8D0E4F31-C7A3-4C37-9BAA-385B89993BED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2938345947-3627495209-2985966000-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc -> Google Inc.) Task: {8D3C15D9-A501-4F42-B1B5-4BE23388766D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2938345947-3627495209-2985966000-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc -> Google Inc.) Task: {9E8ECA1F-C5B9-450D-87C8-61295719CB5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.) Task: {B0F45018-4EE0-44C2-B434-752F81023939} - System32\Tasks\AdobeAAMUpdater-1.0-MOJORISIN-Mojo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {D5F69060-1783-444A-8778-4FEEB11D102A} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [282168 2017-02-07] (Tencent Technology(Shenzhen) Company Limited -> ) <==== ATTENTION Task: {DE457C7A-93DA-4672-BD0F-8A49807E21AD} - System32\Tasks\HipfatUpdateTaskMachineUA => C:\Program Files (x86)\Hipfat\Update\HipfatUpdate.exe <==== ATTENTION Task: {FCAC31B8-C3AF-47DF-8776-6F9133E17AD5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-14] (Adobe Inc. -> Adobe) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938345947-3627495209-2985966000-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938345947-3627495209-2985966000-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 62.179.1.61 62.179.1.63 Tcpip\..\Interfaces\{AE2D0B78-2374-4B78-B7A9-B7C51481DD7D}: [DhcpNameServer] 62.179.1.61 62.179.1.63 Tcpip\..\Interfaces\{BC454436-2C8B-4374-A13D-299F20E7EC7B}: [DhcpNameServer] 8.8.8.8 4.4.4.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447353203&z=f3e4af687c4d1df6a4895fdg4zaz6mec4wdc8obe6c&from=wpm07163&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447353203&z=f3e4af687c4d1df6a4895fdg4zaz6mec4wdc8obe6c&from=wpm07163&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447353203&z=f3e4af687c4d1df6a4895fdg4zaz6mec4wdc8obe6c&from=wpm07163&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447353203&z=f3e4af687c4d1df6a4895fdg4zaz6mec4wdc8obe6c&from=wpm07163&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447353203&z=f3e4af687c4d1df6a4895fdg4zaz6mec4wdc8obe6c&from=wpm07163&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447353203&z=f3e4af687c4d1df6a4895fdg4zaz6mec4wdc8obe6c&from=wpm07163&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447353203&z=f3e4af687c4d1df6a4895fdg4zaz6mec4wdc8obe6c&from=wpm07163&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447353203&z=f3e4af687c4d1df6a4895fdg4zaz6mec4wdc8obe6c&from=wpm07163&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478039244&z=90ce2b469f9319036284ae4g1zamcb9e9c0t0oez8o&from=interhop1024&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478039244&z=90ce2b469f9319036284ae4g1zamcb9e9c0t0oez8o&from=interhop1024&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B&q={searchTerms} SearchScopes: HKU\S-1-5-21-2938345947-3627495209-2985966000-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478039244&z=90ce2b469f9319036284ae4g1zamcb9e9c0t0oez8o&from=interhop1024&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B&q={searchTerms} SearchScopes: HKU\S-1-5-21-2938345947-3627495209-2985966000-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478039244&z=90ce2b469f9319036284ae4g1zamcb9e9c0t0oez8o&from=interhop1024&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B&q={searchTerms} SearchScopes: HKU\S-1-5-21-2938345947-3627495209-2985966000-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-2938345947-3627495209-2985966000-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={A86FE36A-749D-4B1F-954E-CA797F650496}&mid=09f268a1dff4442cbea1dc2c9cb05ce2-bae20318e02b0379b5a8b2fb35cb9a2cd5367f4e&lang=pl&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-05-16 19:33:50&v=18.1.5.512&pid=safeguard&sg=&sap=dsp&q={searchTerms} BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-08] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-08] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.) StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1489775029&z=99635da582360cdda7b648agfz3bbtdmdm3wee2gdm&from=che0812&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B FireFox: ======== FF ProfilePath: C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default [2016-09-21] FF Homepage: Mozilla\Firefox\Profiles\7kp8w7mr.default -> hxxp://www.nicesearches.com?type=hp&ts=1471904855&from=a4bf0819&uid=st9500325as_6vetgv4bxxxx6vetgv4b&z=a62e2e37297adedcaf955ecg2z4m8gft6e3zeb6w9w FF NewTab: Mozilla\Firefox\Profiles\7kp8w7mr.default -> hxxp://www.nicesearches.com?type=hp&ts=1471904855&from=a4bf0819&uid=st9500325as_6vetgv4bxxxx6vetgv4b&z=a62e2e37297adedcaf955ecg2z4m8gft6e3zeb6w9w FF Extension: (Default NewTab) - C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default\Extensions\default_newtabff@gmail.com [2015-10-12] [Legacy] [not signed] FF Extension: (FirefixTab) - C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default\Extensions\deskCutv2@gmail.com [2016-04-07] [Legacy] [not signed] FF Extension: (Screengrab (fix version)) - C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-05-30] [Legacy] FF SearchPlugin: C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default\searchplugins\mylucky123.xml [2016-09-21] FF SearchPlugin: C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default\searchplugins\nice.xml [2016-08-23] FF SearchPlugin: C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default\searchplugins\startpageing123.xml [2017-03-17] FF ProfilePath: C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default [2019-04-27] <==== ATTENTION FF Homepage: Firefox\Firefox\Profiles\7kp8w7mr.default -> hxxp://www.searchinme.com//?type=hp&ts=1491133135649&z=df5341edb1a82264ded42d6g5zfb5tcm3bdofw5zdo&from=official&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B FF NewTab: Firefox\Firefox\Profiles\7kp8w7mr.default -> hxxp://www.nicesearches.com?type=hp&ts=1471904855&from=a4bf0819&uid=st9500325as_6vetgv4bxxxx6vetgv4b&z=a62e2e37297adedcaf955ecg2z4m8gft6e3zeb6w9w FF Extension: (FF Adr) - C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-04-02] [not signed] FF Extension: (Default NewTab) - C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\Extensions\default_newtabff@gmail.com [2017-03-17] [Legacy] [not signed] FF Extension: (FirefixTab) - C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\Extensions\deskCutv2@gmail.com [2017-03-17] [Legacy] [not signed] FF Extension: (Polski Language Pack) - C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-03-17] [Legacy] [not signed] FF Extension: (Screengrab (fix version)) - C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-10-28] [Legacy] FF SearchPlugin: C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\searchplugins\mylucky123.xml [2016-09-21] FF SearchPlugin: C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\searchplugins\nice.xml [2016-08-23] FF SearchPlugin: C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\searchplugins\startpageing123.xml [2017-03-17] FF SearchPlugin: C:\Users\Mojo\AppData\Roaming\Firefox\Firefox\Profiles\7kp8w7mr.default\searchplugins\startsearch.xml [2017-03-17] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-21] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default\extensions\deskCutv2@gmail.com FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Mojo\AppData\Roaming\Mozilla\Firefox\Profiles\7kp8w7mr.default\extensions\default_newtabff@gmail.com FF HKU\S-1-5-21-2938345947-3627495209-2985966000-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-14] (Adobe Inc. -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-25] (VideoLAN) [File not signed] FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-14] (Adobe Inc. -> ) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-08] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-08] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File] FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) [File not signed] FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin HKU\S-1-5-21-2938345947-3627495209-2985966000-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.luckysearch123.com?type=hp&ts=1479847724&from=03781122&uid=st9500325as_6vetgv4bxxxx6vetgv4b&z=8ae2f191d1c77b805ecd10ag2z9met8bazdm3m5o4z CHR StartupUrls: Default -> "hxxp://www.luckysearch123.com?type=hp&ts=1479847724&from=03781122&uid=st9500325as_6vetgv4bxxxx6vetgv4b&z=8ae2f191d1c77b805ecd10ag2z9met8bazdm3m5o4z" CHR Profile: C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default [2017-10-21] CHR Extension: (Prezentacje) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21] CHR Extension: (Dokumenty) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21] CHR Extension: (Dysk Google) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05] CHR Extension: (Arkusze) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21] CHR Extension: (Dokumenty Google offline) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-21] CHR Extension: (Gmail) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09] CHR Extension: (Chrome Media Router) - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-21] CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\asiunius.MOJORISIN\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Mojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07] CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.Administrator - c:\users\administrator\appdata\local\google\chrome\application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=1489775041&z=f0c3a0f8fa300b9598a9aeagdzfb1t8mfmcwce5c7e&from=che0812&uid=ST9500325AS_6VETGV4BXXXX6VETGV4B StartMenuInternet: Google Chrome.bondoslawa - C:\Users\bondoslawa\AppData\Local\Google\Chrome\Application\chrome.exe StartMenuInternet: Google Chrome.Q4GCC7S74NWV3H22TJRW4XB2ZM - C:\Users\Mojo\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 WISvc; C:\ProgramData\Microsoft\Blend\14.0\1033\ResourceCacher.dll [329728 2016-12-02] () [File not signed] <==== ATTENTION R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk, Inc -> Autodesk Inc.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [240640 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed] S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 APPLEsvr; C:\ProgramData\Apple\Lockdown\InstallInfo.dll [527872 2017-02-10] () [File not signed] R2 AsusService; C:\Windows\SysWOW64\AsusService.exe [224680 2010-12-07] (ASUSTeK Computer Inc. -> ) S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc -> Autodesk, Inc.) R2 bilibili; C:\Program Files (x86)\bilibili\bilibili.dll [128000 2017-02-14] () [File not signed] R2 Convxxxx; C:\Users\Mojo\AppData\Roaming\dgadg\UvConverter.exe [393728 2016-12-01] () [File not signed] R2 ed2kidle; C:\Program Files (x86)\amuleC\ed2k.exe [237568 2016-10-08] (hxxp://www.amule.org/) [File not signed] <==== ATTENTION R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [110256 2017-03-16] (Chao Wei -> ) <==== ATTENTION R2 HipfatP; C:\ProgramData\Hipfat\Hipfat.exe [427904 2016-07-06] (Wei Liu -> ) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2010-01-29] (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] (Huawei Software Technologies Co., LTD. -> ) R2 InterHop; C:\Program Files (x86)\InterHop\InterHop.exe [486912 2016-10-31] () [File not signed] R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [622592 2016-12-03] () [File not signed] <==== ATTENTION R2 Kyubey; C:\Users\Mojo\AppData\Roaming\Kyubey\Kyubey.exe [113152 2017-03-01] () [File not signed] <==== ATTENTION R2 MCRL; C:\ProgramData\Microsoft\Blend\14.0\1033\ResourceCacher.dll [329728 2016-12-02] () [File not signed] <==== ATTENTION R2 MCSvc; C:\ProgramData\Microsoft\Blend\14.0\1033\ResourceCacher.dll [329728 2016-12-02] () [File not signed] <==== ATTENTION R2 Monold_protect; C:\ProgramData\Monold\protect\protect.exe [302976 2016-05-19] (Wei Liu -> ) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Windows -> Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation) R2 WinSAPSvc; C:\Users\Mojo\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-17] (Windows) [File not signed] <==== ATTENTION R2 WinSnare; C:\Users\Mojo\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-17] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology Corp. -> Wacom Technology, Corp.) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology Corp. -> Wacom Technology, Corp.) S2 HipfatU; "C:\Program Files (x86)\Hipfat\Update\HipfatUpdate.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdiox64; C:\Windows\System32\DRIVERS\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11278336 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [552960 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [75904 2010-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [38016 2010-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2011-02-09] (ASUSTeK Computer Inc. -> ) R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [125416 2011-01-27] (MCCI Internal Testing Software -> ASMedia Technology Inc) R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [385512 2011-01-27] (MCCI Internal Testing Software -> ASMedia Technology Inc) R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2011-02-09] (ASUSTeK Computer Inc. -> ) R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2012-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira Operations GmbH & Co. KG -> Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira Operations GmbH & Co. KG -> Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira Operations GmbH & Co. KG -> Avira GmbH) R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [3063360 2010-05-08] (Broadcom Corporation -> Broadcom Corporation) S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [341032 2010-05-21] (Broadcom Corporation -> Broadcom Corporation.) S3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [102440 2010-05-21] (Broadcom Corporation -> Broadcom Corporation.) S3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [135720 2010-05-21] (Broadcom Corporation -> Broadcom Corporation.) S3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39464 2010-05-21] (Broadcom Corporation -> Broadcom Corporation.) S3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2010-05-21] (Broadcom Corporation -> Broadcom Corporation.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2012-01-05] (DT Soft Ltd -> DT Soft Ltd) S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [14136 2014-10-25] (Wacom Technology Corp. -> Windows (R) Win 7 DDK provider) S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2016-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] (ASUSTeK Computer Inc. -> ) S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 usbser; C:\Windows\System32\drivers\usbser.sys [33280 2016-05-25] (Microsoft Corporation) [File not signed] S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) R1 {6b393976-0059-40ca-8846-beaf75db5011}Gw64; C:\Windows\System32\drivers\{6b393976-0059-40ca-8846-beaf75db5011}Gw64.sys [48768 2015-09-06] (thirteen degrees -> StdLib) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-01 15:29 - 2019-05-01 15:33 - 000041325 _____ C:\Users\Mojo\Downloads\FRST.txt 2019-05-01 15:25 - 2019-05-01 15:29 - 000000000 ____D C:\FRST 2019-05-01 14:55 - 2019-05-01 15:25 - 002430464 _____ (Farbar) C:\Users\Mojo\Downloads\FRST64.exe 2019-05-01 14:46 - 2019-05-01 14:46 - 001734420 _____ C:\Users\Mojo\Desktop\bookmarks_01.05.2019.html 2019-04-26 15:52 - 2019-04-27 00:46 - 000000000 ____D C:\Users\Mojo\Desktop\STORAGE ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-01 15:00 - 2009-07-14 06:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-05-01 15:00 - 2009-07-14 06:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-05-01 14:53 - 2016-07-06 21:52 - 000000000 _____ C:\Users\Public\Documents\report.dat 2019-05-01 14:47 - 2016-06-26 05:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2019-05-01 14:47 - 2013-10-05 11:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-05-01 14:46 - 2012-06-26 08:41 - 000001090 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938345947-3627495209-2985966000-500UA.job 2019-05-01 12:50 - 2012-06-26 08:41 - 000001038 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938345947-3627495209-2985966000-500Core.job 2019-04-27 00:49 - 2017-03-17 22:28 - 000000000 ____D C:\Users\Mojo\AppData\LocalLow\Mozilla 2019-04-26 17:37 - 2017-07-21 07:59 - 000000000 ____D C:\Users\Mojo\Desktop\MPZP I MAPY 2019-04-26 17:35 - 2017-07-21 07:59 - 000000000 ___RD C:\Users\Mojo\Desktop\FOTO 3 MAJA 2019-04-26 07:30 - 2012-01-07 13:25 - 000739416 _____ C:\Windows\system32\perfh015.dat 2019-04-26 07:30 - 2012-01-07 13:25 - 000155494 _____ C:\Windows\system32\perfc015.dat 2019-04-26 07:30 - 2009-07-14 07:13 - 001666944 _____ C:\Windows\system32\PerfStringBackup.INI 2019-04-26 07:30 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2019-04-26 07:26 - 2016-07-06 21:52 - 000000000 _____ C:\Users\Public\Documents\report1.dat 2019-04-26 07:24 - 2016-10-08 18:37 - 000000373 _____ C:\Users\Public\Documents\temp.dat 2019-04-26 07:24 - 2012-01-07 12:36 - 000000000 ____D C:\Users\Mojo\AppData\Local\Adobe 2019-04-26 07:23 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-04-14 22:38 - 2018-03-14 22:38 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-04-14 22:38 - 2013-10-05 11:41 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-04-14 22:38 - 2012-06-26 08:44 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-04-14 22:38 - 2012-06-26 08:44 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-14 22:38 - 2012-06-26 08:43 - 000000000 ____D C:\Windows\system32\Macromed 2019-04-14 22:38 - 2012-01-15 21:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-04-14 22:22 - 2013-09-18 21:09 - 000002528 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-04-07 11:29 - 2012-10-23 09:06 - 000003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-04-07 11:29 - 2012-10-23 09:06 - 000003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2015-09-08 02:00 - 2016-03-14 22:40 - 000000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2017-03-17 20:24 - 2017-03-17 20:25 - 000000702 _____ () C:\Program Files (x86)\metadata 2017-03-17 20:24 - 2017-10-21 13:08 - 000000040 _____ () C:\Program Files (x86)\settings.dat 2012-04-11 13:47 - 2013-08-28 12:47 - 000000132 _____ () C:\Users\Mojo\AppData\Roaming\Adobe BMP Format CS5 Prefs 2012-04-23 00:45 - 2012-06-10 14:59 - 000000132 _____ () C:\Users\Mojo\AppData\Roaming\Adobe GIF Format CS5 Prefs 2012-05-14 15:33 - 2014-09-07 21:37 - 000001456 _____ () C:\Users\Mojo\AppData\Local\Adobe Save for Web 12.0 Prefs 2014-10-27 00:29 - 2018-04-22 09:58 - 000001456 _____ () C:\Users\Mojo\AppData\Local\Adobe Save for Web 13.0 Prefs 2012-02-03 22:49 - 2012-02-03 22:49 - 000003584 _____ () C:\Users\Mojo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-07 00:53 - 2012-01-07 00:53 - 000007605 _____ () C:\Users\Mojo\AppData\Local\Resmon.ResmonCfg ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2017-10-21 11:51 ==================== End of FRST.txt ============================