Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017 Ran by Korisnik (administrator) on KORISNIK-PC (01-06-2017 21:02:07) Running from C:\Users\Korisnik\Desktop Loaded Profiles: Korisnik (Available Profiles: Korisnik) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc.) C:\Program Files (x86)\Fingerprint Sensor\AtService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (BitTorrent Inc.) C:\Users\Korisnik\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\Korisnik\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe (BitTorrent Inc.) C:\Users\Korisnik\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe (Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe (LULU Software Limited) C:\ProgramData\FIXIO PC Utilities\FIXIO Manager\FIXIO Manager.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-30] () HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [167936 2008-07-07] (PowerISO Computing, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3571712 2009-09-23] (Egis Technology Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [1707080 2017-06-01] () HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2114848 2016-10-27] (TomTom) HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\...\MountPoints2: F - F:\launcher.exe Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64 ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-09-22] ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Korisnik\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 88.84.0.30 88.84.0.60 Tcpip\..\Interfaces\{AC742316-6F4D-4E52-9355-D7D95118519A}: [DhcpNameServer] 192.168.1.1 77.239.64.19 77.239.64.20 Tcpip\..\Interfaces\{FF68920D-7022-4166-A2EB-E68EB8DD01FF}: [DhcpNameServer] 88.84.0.30 88.84.0.60 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRghGIQ9eUA1JRxgSdlhdTA0UQAEOeAkNUBRBFwUTdAkLAAFAQlEFIk0FA1ADB0VXfVBdFElXTwhsNU1KAF4UTkBQBFxZDQ== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1411506059&from=wpc&uid=HitachiXHTS542580K9SA00_071104BB0B00WFG90GZAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1411506059&from=wpc&uid=HitachiXHTS542580K9SA00_071104BB0B00WFG90GZAX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411506059&from=wpc&uid=HitachiXHTS542580K9SA00_071104BB0B00WFG90GZAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ch.search.yahoo.com/?type=715483&fr=spigot-yhp-ie HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/?rd=1&ucc=CH&dcc=CH&opt=0&ocid=iehp HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?bcutc=sp-006 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVxZV19AFQ1FbQgOAFxcFVBCdBQAUQxADAUVcAkMUQoQGQRAJB9aFQQTSEcFME0FCFwEURNNfXZNFUsQRlBMNUp8BFgd&q={searchTerms} SearchScopes: HKLM -> OldSearch URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411506059&from=wpc&uid=HitachiXHTS542580K9SA00_071104BB0B00WFG90GZAX&q={searchTerms} SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVxZV19AFQ1FbQgOAFxcFVBCdBQAUQxADAUVcAkMUQoQGQRAJB9aFQQTSEcFME0FCFwEURNNfXZNFUsQRlBMNUp8BFgd&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411506059&from=wpc&uid=HitachiXHTS542580K9SA00_071104BB0B00WFG90GZAX&q={searchTerms} SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=21239&r=2014/12/22&hid=13133280524884319074&lg=EN&cc=CH&unqvl=72 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> OldSearch URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=21239&r=2014/12/22&hid=13133280524884319074&lg=EN&cc=CH&unqvl=72 SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVxZV19AFQ1FbQgOAFxcFVBCdBQAUQxADAUVcAkMUQoQGQRAJB9aFQQTSEcFME0FCFwEURNNfXZNFUsQRlBMNUp8BFgd&q={searchTerms} SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> {256AA938-A68C-40B3-BC5C-9B433D041FA2} URL = hxxps://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=715483&p={searchTerms} SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=ME636FA61-028D-47C5-941B-B420E7C44905&SearchSource=58&CUI=&UM=2&UP=SP0291F83D-2A00-47BC-8D32-26016DB7182C&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411506059&from=wpc&uid=HitachiXHTS542580K9SA00_071104BB0B00WFG90GZAX&q={searchTerms} SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> {85457F95-206A-4460-9DDD-ECAA38945197} URL = hxxp://q.search-simple.com/?affID=na&q={searchTerms}&r=184 SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://q.search-simple.com/?affID=pr_79aadbad-8f10-413a-a1be-5a7eafbe2dd0&q={searchTerms} SearchScopes: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} BHO: TotalPlus01-3.1V22.09 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\TotalPlus01-3.1V22.09\TotalPlus01-3.1V22.09-bho64.dll => No File BHO: TheTorntv V10 -> {11111111-1111-1111-1111-110611331111} -> C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll => No File BHO: DowNNSaave -> {24c0df77-fd0f-463c-8193-6b57d65957db} -> C:\Program Files (x86)\DowNNSaave\WvlhIU3B9SYFsM.x64.dll => No File BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Korisnik\AppData\Roaming\BrowserExtensions\Coupons64.dll [2017-02-28] () BHO: MinimuumuPerrice -> {53f82a4c-3c0d-4fbd-9688-030fd83828aa} -> C:\Program Files (x86)\MinimuumuPerrice\ndPFNLRzJGuRR8.x64.dll => No File BHO: 500Couponss -> {67ae2572-ccee-4dd7-837b-d000502e8bab} -> C:\Program Files (x86)\500Couponss\RMTcpP3wcAPhlG.x64.dll => No File BHO: No Name -> {94adb81d-9f3e-40cf-b0c1-bb896ea52874} -> No File BHO: No Name -> {ab6be364-727b-4c7f-83c5-513c2eb0ba31} -> No File BHO: YoutuubeAdBlocKe -> {d908e8ba-e0b4-4892-bf05-e7cca0d6d056} -> C:\Program Files (x86)\YoutuubeAdBlocKe\SQC7zCdE3XyacD.x64.dll => No File BHO: No Name -> {d9d63cc1-8eee-4a58-9a10-fd82e65e98e9} -> No File BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Korisnik\AppData\Roaming\BrowserExtensions\Coupons.dll [2017-02-28] () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation) BHO-x32: No Name -> {94adb81d-9f3e-40cf-b0c1-bb896ea52874} -> No File BHO-x32: No Name -> {9d952d11-a78c-4e03-b5ad-ee1f7b1319c9} -> No File BHO-x32: No Name -> {ab6be364-727b-4c7f-83c5-513c2eb0ba31} -> No File BHO-x32: YoutuubeAdBlocKe -> {d908e8ba-e0b4-4892-bf05-e7cca0d6d056} -> C:\Program Files (x86)\YoutuubeAdBlocKe\SQC7zCdE3XyacD.dll => No File BHO-x32: No Name -> {d9d63cc1-8eee-4a58-9a10-fd82e65e98e9} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3772636690-2816259228-2777279056-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2017-06-01] (AVG Secure Search) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File] FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File] FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-16] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-16] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxp://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxp://ch.search.yahoo.com/?fr=hp-ddc-bd&type=756_pr__alt__ddc_dsssyc_bd_com" CHR DefaultSearchURL: Profile 1 -> hxxps://www.facebook.com/rsrc.php/yl/r/H3nktOa7ZMg.ico CHR Profile: C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-01] CHR Extension: (Google Drive) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Facebook) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\celnaknmndcdcjcagffhbhciignkeokb [2017-04-06] CHR Extension: (Adblock for Youtube™) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-01] CHR Extension: (Google Search) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2017-05-01] CHR Extension: (Adblock Super) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-20] CHR Extension: (AVG Secure Search) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2017-06-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16] CHR Extension: (Gmail) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01] CHR Extension: (Chrome Media Router) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-01] CHR Extension: (\) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2016-01-30] CHR Extension: (Logo Browser) - C:\Users\Korisnik\AppData\Local\Logo Browser\Component [2017-05-24] CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [Ä˙] - CHR HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3772636690-2816259228-2777279056-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Ä˙] - CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [Ä˙] - ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.) R2 ATService; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1815800 2009-09-21] (AuthenTec, Inc.) R2 FIXIO Manager; C:\ProgramData\FIXIO PC Utilities\FIXIO Manager\FIXIO Manager.exe [935816 2013-06-26] (LULU Software Limited) R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-23] (Egis Technology Inc.) [File not signed] R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed] S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd) R2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2017-06-01] (AVG Secure Search) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 A310; C:\windows\System32\DRIVERS\AVerA310USB.sys [32256 2009-05-06] (AVerMedia TECHNOLOGIES, Inc.) R3 BDASwCap; C:\windows\System32\drivers\AVerA310Cap.sys [55296 2009-05-06] (AVerMedia TECHNOLOGIES, Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-08-22] (REALiX(tm)) R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-10] () S3 Neo_VPN; C:\windows\System32\DRIVERS\neo_vpn.sys [22784 2016-09-02] (Trust.Zone VPN Project) R3 nuvotoncir; C:\windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation) S3 tapwindscribe0901; C:\windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21] (The OpenVPN Project) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-01 21:02 - 2017-06-01 21:10 - 00021868 _____ C:\Users\Korisnik\Desktop\FRST.txt 2017-06-01 21:01 - 2017-06-01 21:02 - 00000000 ____D C:\Users\Korisnik\Desktop\FRST-OlderVersion 2017-06-01 21:00 - 2017-06-01 21:01 - 02431488 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST64.exe 2017-06-01 19:15 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE 2017-06-01 16:42 - 2017-06-01 16:45 - 00000000 ____D C:\windows\system32\MRT 2017-06-01 16:42 - 2017-06-01 16:42 - 132223576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2017-06-01 15:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2017-06-01 15:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll 2017-06-01 15:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe 2017-06-01 15:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2017-06-01 15:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2017-06-01 15:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll 2017-06-01 15:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe 2017-06-01 15:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll 2017-06-01 14:46 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll 2017-06-01 14:46 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll 2017-06-01 14:46 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll 2017-06-01 14:36 - 2017-06-01 18:36 - 00000000 ____D C:\Users\Korisnik\AppData\Local\AVG Secure Search 2017-06-01 14:35 - 2017-06-01 14:35 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2017-06-01 14:34 - 2017-06-01 14:35 - 00000000 ____D C:\Users\Korisnik\AppData\LocalLow\AVG Secure Search 2017-06-01 14:34 - 2017-06-01 14:35 - 00000000 ____D C:\ProgramData\AVG Secure Search 2017-06-01 14:34 - 2017-06-01 14:34 - 00001220 _____ C:\Users\Public\Desktop\FIXIO Driver Finder.lnk 2017-06-01 14:34 - 2017-06-01 14:34 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2017-06-01 14:33 - 2017-06-01 14:33 - 00002218 _____ C:\Users\Public\Desktop\FIXIO PC Optimizer.lnk 2017-06-01 14:33 - 2017-06-01 14:33 - 00002010 _____ C:\Users\Public\Desktop\FIXIO PC Cleaner.lnk 2017-06-01 14:33 - 2017-06-01 14:33 - 00000000 ____D C:\Program Files\FIXIO PC Utilities 2017-06-01 14:32 - 2017-06-01 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIXIO PC Utilities 2017-06-01 14:32 - 2017-06-01 14:33 - 00000000 ____D C:\ProgramData\FIXIO PC Utilities 2017-06-01 14:32 - 2017-06-01 14:33 - 00000000 ____D C:\Program Files (x86)\FIXIO PC Utilities 2017-06-01 14:30 - 2017-06-01 14:42 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\FIXIO PC Utilities 2017-06-01 13:57 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2017-06-01 13:57 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2017-06-01 13:57 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2017-06-01 13:57 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2017-06-01 13:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2017-06-01 13:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2017-06-01 13:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2017-06-01 13:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2017-06-01 13:10 - 2017-06-01 13:10 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\Google 2017-06-01 13:10 - 2017-06-01 13:10 - 00000000 ____D C:\Users\Korisnik\AppData\LocalLow\uTorrent 2017-05-29 14:03 - 2017-06-01 12:56 - 00000006 ____H C:\windows\Tasks\SA.DAT 2017-05-20 08:39 - 2017-06-01 21:02 - 00000000 ____D C:\FRST ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-01 21:10 - 2014-08-21 12:03 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\uTorrent 2017-06-01 21:06 - 2016-01-29 23:55 - 00000000 ____D C:\Program Files (x86)\Google 2017-06-01 20:56 - 2009-07-14 06:45 - 00006080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-06-01 20:56 - 2009-07-14 06:45 - 00006080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-06-01 20:13 - 2014-08-20 13:50 - 00000000 ____D C:\Users\Korisnik\Desktop\HAL7600 1.2 - Permanent Windows (7NServerEnterprise) Activation{h33t}{mad dog} 2017-06-01 20:05 - 2014-08-20 12:41 - 00000000 ____D C:\Program Files (x86)\GRETECH 2017-06-01 19:55 - 2015-09-28 18:23 - 00000000 ____D C:\Program Files (x86)\Popcorn Time 2017-06-01 19:52 - 2014-11-15 22:25 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2017-06-01 19:39 - 2016-11-18 17:00 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\Canon 2017-06-01 19:39 - 2016-11-18 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2017-06-01 19:39 - 2016-11-18 16:12 - 00000000 ____D C:\Program Files\Canon 2017-06-01 19:39 - 2016-11-18 16:08 - 00000000 ____D C:\Program Files (x86)\Canon 2017-06-01 17:42 - 2014-08-20 14:00 - 00770848 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2017-06-01 17:41 - 2009-07-14 07:13 - 00770848 _____ C:\windows\system32\PerfStringBackup.INI 2017-06-01 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf 2017-06-01 13:47 - 2015-08-07 11:16 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-06-01 13:08 - 2016-02-10 17:17 - 00000000 ___SD C:\Users\Korisnik\AppData\LocalLow\Temp 2017-06-01 12:55 - 2015-12-03 17:51 - 00000000 ____D C:\Program Files\Common Files\AV 2017-06-01 12:55 - 2014-08-20 12:55 - 00000000 ____D C:\ProgramData\AVAST Software 2017-06-01 12:46 - 2014-08-20 11:36 - 00000000 ____D C:\Users\Korisnik 2017-06-01 12:38 - 2014-08-27 12:53 - 00000000 ____D C:\Users\Korisnik\AppData\Local\ElevatedDiagnostics 2017-06-01 12:38 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF 2017-05-29 14:14 - 2016-07-14 18:46 - 00304236 _____ C:\windows\ntbtlog.txt 2017-05-29 14:03 - 2014-09-23 22:59 - 00000008 __RSH C:\ProgramData\ntuser.pol 2017-05-24 06:24 - 2017-03-01 23:23 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\BrowserExtensions 2017-05-24 06:08 - 2016-05-24 12:23 - 00000000 ____D C:\Users\Korisnik\AppData\Local\MalwareProtectionLive 2017-05-24 05:54 - 2015-02-14 14:20 - 00000000 ____D C:\ProgramData\AdPunisher 2017-05-24 04:54 - 2016-02-01 19:19 - 00000000 ____D C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98 2017-05-22 08:02 - 2009-07-14 07:32 - 00028672 _____ C:\windows\system32\config\BCD-Template 2017-05-20 22:28 - 2009-07-14 05:20 - 00000000 ___HD C:\windows\system32\GroupPolicy 2017-05-20 22:28 - 2009-07-14 05:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy ==================== Files in the root of some directories ======= 2015-02-14 14:20 - 2015-03-12 02:41 - 0000020 _____ () C:\Users\Korisnik\AppData\Roaming\appdataFr3.bin 2014-10-28 17:05 - 2015-01-16 01:05 - 0000233 _____ () C:\Users\Korisnik\AppData\Roaming\WB.CFG 2014-10-30 12:05 - 2014-12-17 01:05 - 0000002 _____ () C:\Users\Korisnik\AppData\Local\DSI.DAT 2015-11-22 20:03 - 2015-11-22 20:03 - 0000000 _____ () C:\Users\Korisnik\AppData\Local\{C2B2D875-0A1F-4346-9895-0CB057F9586B} Some files in TEMP: ==================== 2017-06-01 14:31 - 2017-06-01 14:31 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Korisnik\AppData\Local\Temp\avguidx.dll 2017-06-01 14:31 - 2017-06-01 14:31 - 0163936 _____ () C:\Users\Korisnik\AppData\Local\Temp\MachineIdCreator.exe 2017-06-01 19:39 - 2012-12-10 16:16 - 0421032 ____H (CANON INC.) C:\Users\Korisnik\AppData\Local\Temp\Maint001.exe 2017-06-01 14:31 - 2017-06-01 14:31 - 5474888 _____ (AVG Technologies) C:\Users\Korisnik\AppData\Local\Temp\oi_{79CF298A-B80D-4FC9-83EF-15C2678AE6B4}.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=H: path \bootmgr description Windows Boot Manager locale en-us inherit {globalsettings} default {current} resumeobject {eb6be27e-288f-11e4-9cad-d2520c9f213e} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {9b245ece-3eba-11e7-b063-c5b73e532ab9} device ramdisk=[C:]\Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\Winre.wim,{9b245ecf-3eba-11e7-b063-c5b73e532ab9} path \windows\system32\winload.exe description Windows Recovery Environment (recovered) locale osdevice ramdisk=[C:]\Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\Winre.wim,{9b245ecf-3eba-11e7-b063-c5b73e532ab9} systemroot \windows winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \windows\system32\winload.exe description Windows 7 locale en-us inherit {bootloadersettings} osdevice partition=C: systemroot \windows resumeobject {eb6be27e-288f-11e4-9cad-d2520c9f213e} nx OptIn detecthal Yes winpe No Resume from Hibernate --------------------- identifier {eb6be27e-288f-11e4-9cad-d2520c9f213e} device partition=C: path \windows\system32\winresume.exe description Windows Resume Application locale en-us inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=H: path \boot\memtest.exe description Windows Memory Diagnostic locale en-us inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {9b245ecf-3eba-11e7-b063-c5b73e532ab9} ramdisksdidevice partition=C: ramdisksdipath \Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\boot.sdi Device options -------------- identifier {eb6be27d-288f-11e4-9cad-d2520c9f213e} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\boot.sdi LastRegBack: 2017-05-08 21:09 ==================== End of FRST.txt ============================