﻿Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2016
Ran by ABC (administrator) on ABC-PC (28-06-2016 17:52:10)
Running from C:\Users\ABC\Downloads
Loaded Profiles: ABC (Available Profiles: ABC & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(WiseCleaner.com) C:\Program Files\Wise\Wise Care 365\WiseTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\ABC\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(© 2015 Microsoft Corporation) C:\Users\ABC\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12205784 2015-05-09] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-19] (Avast Software s.r.o.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\ABC\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\ABC\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Run: [GoogleChromeAutoLaunch_A3A4144559D1A55A71A7CC6E224D867A] => C:\Program Files\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50377336 2015-12-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Run: [BingSvc] => C:\Users\ABC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-03-15] (Avast Software s.r.o.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.8.136.1 192.168.0.1
Tcpip\..\Interfaces\{c802e849-1b2a-4e7a-9e62-2889e858174c}: [DhcpNameServer] 10.8.136.1 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130855672909430000&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437389151&z=ac166f60ba0f8eaf4337522gczdc9m5c8b0t6g8e1b&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437389151&z=ac166f60ba0f8eaf4337522gczdc9m5c8b0t6g8e1b&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993&q={searchTerms}
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437389151&z=ac166f60ba0f8eaf4337522gczdc9m5c8b0t6g8e1b&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993
HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437389151&z=ac166f60ba0f8eaf4337522gczdc9m5c8b0t6g8e1b&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3526979387-1406197252-2348586671-1000 -> OldSearch URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993&ts=1437389176&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3526979387-1406197252-2348586671-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993&ts=1437389176&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3526979387-1406197252-2348586671-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3526979387-1406197252-2348586671-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993&ts=1437389176&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3526979387-1406197252-2348586671-1000 -> {56109509-801E-4A72-A67D-54436EB80898} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993&ts=1437389176&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3526979387-1406197252-2348586671-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993&ts=1437389176&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3526979387-1406197252-2348586671-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AADS-00M2B0_WD-WCAV5226499364993&ts=1437389176&type=default&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-15] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ABC\AppData\Roaming\Mozilla\Firefox\Profiles\fmrkq1sh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-12-02] (Nero AG)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3526979387-1406197252-2348586671-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ABC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3526979387-1406197252-2348586671-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Extension: Seznam lištička - C:\Users\ABC\AppData\Roaming\Mozilla\Firefox\Profiles\fmrkq1sh.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-12-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-28] [not signed]

Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-27]
CHR Extension: (Dokumenty Google) - C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-27]
CHR Extension: (Disk Google) - C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-27]
CHR Extension: (YouTube) - C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-27]
CHR Extension: (Tabulky Google) - C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-27]
CHR Extension: (Gmail) - C:\Users\ABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKU\S-1-5-21-3526979387-1406197252-2348586671-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-15] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-15] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iprip; C:\WINDOWS\System32\iprip.dll [31232 2016-05-02] (Microsoft Corporation)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-03-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-03-15] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-03-15] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81728 2015-03-15] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-03-15] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-03-15] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427480 2015-03-15] (Avast Software s.r.o.)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [106912 2015-03-15] (Avast Software s.r.o.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [38984 2014-07-18] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206976 2015-03-15] ()
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2014-07-16] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388848 2016-05-09] (Symantec Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-05-02] (REALiX(tm))
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 SSMO4Filter; C:\WINDOWS\system32\drivers\MO4Driver.sys [16896 2011-07-27] (Sagatek Co. Ltd.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2015-07-07] ()
S3 TSSK; C:\WINDOWS\System32\tssk.sys [67896 2015-06-10] (电脑管家)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-15] (Avast Software)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 17:52 - 2016-06-28 17:52 - 00019370 _____ C:\Users\ABC\Downloads\FRST.txt
2016-06-28 17:52 - 2016-06-28 17:52 - 00000000 ___DC C:\FRST
2016-06-28 17:51 - 2016-06-28 17:51 - 01740288 _____ (Farbar) C:\Users\ABC\Downloads\FRST.exe
2016-06-28 17:14 - 2016-06-28 17:14 - 00000000 ____D C:\Users\ABC\AppData\Local\ActiveSync
2016-06-27 20:04 - 2016-06-27 20:04 - 00000000 ___DC C:\AdwCleaner
2016-06-27 19:22 - 2016-06-27 19:22 - 00000000 ____D C:\Users\ABC\AppData\Local\Apps\CAcert Root Certificates
2016-06-27 18:18 - 2016-06-27 18:18 - 00000000 ____D C:\WINDOWS\Panther

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 17:51 - 2015-10-30 07:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-28 17:51 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-28 17:50 - 2015-12-17 18:31 - 00000000 ____D C:\Users\ABC\AppData\Roaming\Skype
2016-06-28 17:19 - 2015-07-16 10:41 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 17:17 - 2014-06-09 20:00 - 00000000 ____D C:\Users\ABC\AppData\Roaming\Seznam.cz
2016-06-28 17:14 - 2015-12-06 17:10 - 00000000 ____D C:\Program Files\Steam
2016-06-28 17:12 - 2015-07-01 19:43 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-28 17:12 - 2014-11-06 23:04 - 00000394 _____ C:\WINDOWS\Tasks\Wise Care 365.job
2016-06-27 20:03 - 2015-10-30 07:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-27 20:03 - 2014-05-30 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-27 20:02 - 2014-05-30 20:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-27 20:02 - 2014-04-28 18:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-27 19:56 - 2014-04-28 18:53 - 139785240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-27 19:36 - 2015-10-30 07:47 - 00000000 ____D C:\WINDOWS\INF
2016-06-27 19:24 - 2016-05-02 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-27 19:23 - 2015-10-30 07:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-27 19:11 - 2015-07-20 12:45 - 00002397 _____ C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
2016-06-27 19:01 - 2015-07-01 19:44 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-27 19:01 - 2015-07-01 19:44 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-27 18:56 - 2016-05-02 18:03 - 00000000 ____D C:\Users\ABC
2016-06-27 18:20 - 2016-05-02 18:47 - 00000000 ___DC C:\Windows.old
2016-06-27 18:18 - 2016-05-02 21:53 - 00000000 ____D C:\Users\ABC\AppData\Local\ElevatedDiagnostics
2016-06-14 20:33 - 2015-10-30 07:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-06-14 20:33 - 2015-10-30 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-05-30 19:47 - 2016-05-02 18:01 - 02009590 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-30 19:47 - 2015-10-30 17:08 - 00833840 _____ C:\WINDOWS\system32\perfh005.dat
2016-05-30 19:47 - 2015-10-30 17:08 - 00186934 _____ C:\WINDOWS\system32\perfc005.dat
2016-05-30 19:45 - 2016-05-02 18:38 - 00002421 _____ C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-30 19:45 - 2016-05-02 18:38 - 00000000 ___RD C:\Users\ABC\OneDrive
2016-05-30 19:41 - 2015-12-17 18:30 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2016-02-11 19:06 - 2016-02-11 19:06 - 6871040 _____ () C:\Program Files\GUT500.tmp
2015-03-31 10:14 - 2015-06-01 15:38 - 0000385 _____ () C:\Users\ABC\AppData\Roaming\kMbfV6bf6gk4
2014-05-06 17:28 - 2014-05-06 17:32 - 0000858 _____ () C:\Users\ABC\AppData\Roaming\launcher_profiles.json
2015-03-31 10:14 - 2015-06-01 15:38 - 0000385 _____ () C:\Users\ABC\AppData\Roaming\NdZwoaUcnl7bZc8YsBJOy80Qk2
2014-04-24 19:42 - 2015-03-11 12:45 - 0138904 _____ () C:\Users\ABC\AppData\Roaming\PnkBstrK.sys
2015-06-23 20:33 - 2015-06-23 20:33 - 0000000 ___SH () C:\Users\ABC\AppData\Local\LumaEmu
2014-05-07 12:45 - 2014-05-07 12:45 - 0001080 _____ () C:\Users\ABC\AppData\Local\MRDownloader.nast
2015-06-17 14:53 - 2015-06-17 14:53 - 0008288 ____H () C:\Users\ABC\AppData\Local\Plugin.dat
2015-12-11 19:05 - 2015-12-11 19:46 - 0000906 _____ () C:\Users\ABC\AppData\Local\_settings.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-27 18:18

==================== End of FRST.txt ============================