Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2014 02 Ran by Tommy (administrator) on PCTOMMY on 22-01-2014 21:39:29 Running from C:\Users\Tommy\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Italian Standard Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe (Ralink Technology, Corp.) C:\Program Files\Sitecom\Common\RegistryWriter.exe () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe () C:\Program Files\ASUS\ASUS Live Update\ALU.exe (ATK0100) C:\Program Files\ATK Hotkey\HControl.exe () C:\Program Files\ATKOSD2\ATKOSD2.exe () C:\Program Files\Wireless Console 2\wcourier.exe (ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files\ATK Hotkey\ATKOSD.exe () C:\Program Files\ATK Hotkey\KBFiltr.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe () C:\Windows\ASScrPro.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (SpeedBit Ltd.) C:\Program Files\DAP\DAP.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\OneClickStarter.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.) HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-06-25] (ASUS) HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\AsScrProlog.exe [47672 2009-04-02] () HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe [33136 2009-04-02] () HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-12-11] (Realtek Semiconductor) HKLM\...\Run: [TrojanScanner] - C:\Program Files\Trojan Remover\Trjscan.exe [1233856 2010-11-24] (Simply Super Software) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.) HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3257640 2013-11-05] (O&O Software GmbH) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [15145352 2011-05-20] (Skype Technologies S.A.) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-02] (Google Inc.) HKCU\...\Run: [DownloadAccelerator] - C:\Program Files\DAP\DAP.EXE [2836656 2011-10-31] (SpeedBit Ltd.) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 MountPoints2: {19cbf40b-efe5-11df-acc4-005056c00008} - K:\LaunchU3.exe -a MountPoints2: {2aeb9828-bd89-11df-87b0-005056c00008} - "I:\WD SmartWare.exe" autoplay=true MountPoints2: {37291547-3d23-11e2-902c-005056c00008} - F:\Startme.exe MountPoints2: {4383ad5a-5123-11df-8057-806e6f6e6963} - I:\AutoRun.exe MountPoints2: {5f3f613d-496d-11df-a47e-001e101f4e71} - E:\AutoRun.exe MountPoints2: {5f3f616f-496d-11df-a47e-001e101f8924} - E:\AutoRun.exe MountPoints2: {9c442d13-48c5-11df-a202-00248c861bee} - E:\AutoRun.exe MountPoints2: {9c442d1d-48c5-11df-a202-001e101f9843} - E:\AutoRun.exe MountPoints2: {a7192716-4a0f-11df-90f8-001e101f8ed0} - E:\AutoRun.exe MountPoints2: {feaf2453-9b45-11df-b198-005056c00008} - E:\KODAK_Software_Downloader.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation) HKU\Guest\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation) HKU\Guest\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2008-06-09] (Hewlett-Packard Company) HKU\Guest\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2011-05-20] (Skype Technologies S.A.) HKU\Guest\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2013-03-22] (TomTom) HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-04-02] (Google Inc.) IFEO\addrbook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\brctrcen.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\brinstck.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\brmfcwnd.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\brolink0.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\brscutil.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\driverbooster.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\pcfxset.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\vmnetcfg.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\vmplayer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\vmware.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUS_itIT343IT343 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUS_itIT343IT343 BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {112857FE-11D5-03FF-9A3F-0080C8D85044} http://cached.gamedesire.com/g_bin/pl/solitaire_2_0_0_31.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {18506D80-11D4-9B80-82C2-0080C8D7ED4A} http://cached.gamedesire.com/g_bin/pl/roulette_2_0_0_30.cab DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2A781DED-4153-C22D-9812-CEA98A32981C} http://cached.gamedesire.com/g_bin/pl/cardsmakao_2_0_0_33.cab DPF: {41ACD49D-791A-1974-0981-AA9872721044} http://cached.gamedesire.com/g_bin/pl/boards_2_0_0_39.cab DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} http://cached.gamedesire.com/g_bin/pl/navy_2_0_0_34.cab DPF: {83AFB5CA-11D4-ED35-A452-0080C8D85045} http://cached.gamedesire.com/g_bin/pl/poker_2_0_0_52.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {9085316E-11D4-42BA-BAA3-0080C8D7ED4A} http://cached.gamedesire.com/g_bin/pl/hunter_2_0_0_31.cab DPF: {A1FE3DEF-11D4-CF77-8340-0080C8D7ED4A} http://cached.gamedesire.com/g_bin/pl/pirate_2_0_0_33.cab DPF: {A7196C8E-4FF0-35A5-9E46-E28918B5CAF6} http://cached.gamedesire.com/g_bin/pl/domino_2_0_0_37.cab DPF: {AC120B1D-4111-9411-AF52-118052D85D45} http://cached.gamedesire.com/g_bin/pl/darts_2_0_0_49.cab DPF: {AD7013FF-4F36-1D9A-94A6-3CD408A663F9} http://cached.gamedesire.com/g_bin/pl/breakout_2_0_0_33.cab DPF: {BFA1F11D-AFE1-3121-4112-894323212DAC} http://cached.gamedesire.com/g_bin/pl/words_2_0_0_55.cab DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} http://cached.gamedesire.com/g_bin/pl/wordssingle_2_0_0_52.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Winsock: Catalog9 11 C:\Program Files\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9 12 C:\Program Files\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250 Tcpip\..\Interfaces\{11CE3600-7B4A-4C95-B077-ECFAF0A33B86}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{29829FB0-CBF5-497E-BEEF-59F7651A7605}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{32FDDD02-557D-4A84-88F7-F8115ADD0A0A}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{34428BD6-9907-40C4-988D-6C7AA30B7FE6}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{67580987-B657-49CA-8E5E-ED86879C4660}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{8CB4D341-5FF0-49ED-BFEB-48219DBCC366}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{928DA54E-C113-407C-B63D-6D36324AF6A1}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{BD85CCC5-A8B8-479C-955D-C809E1C65805}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{E11FC6C0-872F-4B8E-81B1-4D0F5A2D5F30}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{F59E892E-C651-47A7-8E2F-B62FB276E507}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{FB7DCF13-2AAF-49EE-95AD-F72DCE62130B}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\5ycycez0.default-1390137410097 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.1.9 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\Tommy\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-01-10] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-01] FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2011-10-31] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Download Accelerator Plus (DAP) Opera/NS6 plugin) - C:\Program Files\Google\Chrome\Application\plugins\npdap.dll (SpeedBit Ltd.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Octoshape Streaming Services) - C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npoctoshape.dll (Octoshape ApS) CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Octoshape Streaming Services) - C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () CHR Extension: (Google Wallet) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16] CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-06-17] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-04-01] (Flexera Software, Inc.) R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1381672 2013-11-05] (O&O Software GmbH) R2 RalinkRegistryWriter; C:\Program Files\Sitecom\Common\RegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.) R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-10-15] (TuneUp Software) S4 ufad-ws60; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) S4 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.) S4 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.) S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.) S4 VMware NAT Service; C:\Windows\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.) ==================== Drivers (Whitelisted) ==================== R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-01-15] (Emsisoft GmbH) R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35928 2012-10-30] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software) S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-01-15] (Emsisoft GmbH) R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [43792 2008-06-05] (FSPro Labs) R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] () S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( ) R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [702464 2009-01-16] (Ralink Technology Corp.) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [489984 2009-01-22] (Ralink Technology, Corp.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1772544 2008-05-22] () R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [99728 2010-05-09] (Sun Microsystems, Inc.) R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.) S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.) R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36400 2010-01-22] (VMware, Inc.) R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.) R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.) R2 vstor2-ws60; C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 lvupdtio; \??\C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-22 21:38 - 2014-01-22 21:38 - 01222144 _____ (Farbar) C:\Users\Tommy\Downloads\FRST.exe 2014-01-22 21:33 - 2014-01-22 21:35 - 00000000 ____D C:\Users\Tommy\Downloads\FRST-OlderVersion 2014-01-22 18:08 - 2014-01-22 18:08 - 00000093 _____ C:\Users\Tommy\Desktop\potem.txt 2014-01-22 18:07 - 2014-01-22 18:07 - 00448512 _____ (OldTimer Tools) C:\Users\Tommy\Desktop\TFC.exe 2014-01-19 15:40 - 2014-01-19 15:40 - 00000000 _____ C:\Windows\setuperr.log 2014-01-19 15:40 - 2014-01-19 15:40 - 00000000 _____ C:\Windows\setupact.log 2014-01-19 14:57 - 2014-01-21 22:38 - 00000000 ____D C:\AdwCleaner 2014-01-19 14:56 - 2014-01-19 14:56 - 01236282 _____ C:\Users\Tommy\Desktop\adwcleaner.exe 2014-01-19 14:16 - 2014-01-19 14:22 - 00000000 ____D C:\MATS 2014-01-18 23:50 - 2014-01-18 23:50 - 00121634 _____ C:\Users\Tommy\Downloads\Extras.Txt 2014-01-18 23:06 - 2014-01-19 21:14 - 00046634 _____ C:\Users\Tommy\Downloads\Addition.txt 2014-01-18 19:46 - 2014-01-22 21:39 - 00027487 _____ C:\Users\Tommy\Downloads\FRST.txt 2014-01-18 19:44 - 2014-01-18 23:45 - 00125214 _____ C:\Users\Tommy\Downloads\OTL.Txt 2014-01-18 17:40 - 2014-01-18 17:40 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Malwarebytes 2014-01-18 17:40 - 2014-01-18 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-18 17:40 - 2014-01-18 17:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-18 17:40 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-18 17:39 - 2014-01-18 17:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tommy\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-18 17:21 - 2014-01-21 22:41 - 00010378 _____ C:\Windows\PFRO.log 2014-01-16 10:17 - 2014-01-18 17:20 - 00007086 _____ C:\EamClean.log 2014-01-15 20:55 - 2014-01-15 20:55 - 00000000 ____D C:\EEK 2014-01-15 20:49 - 2014-01-15 20:54 - 231562760 _____ C:\Users\Tommy\Downloads\EmsisoftEmergencyKit.exe 2014-01-15 20:32 - 2014-01-22 21:35 - 00000000 ____D C:\FRST 2014-01-15 18:17 - 2014-01-15 18:17 - 00602112 _____ (OldTimer Tools) C:\Users\Tommy\Downloads\OTL.exe 2014-01-15 17:54 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-15 17:54 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-15 17:54 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-15 17:54 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-15 17:53 - 2014-01-15 17:54 - 00005471 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-08 17:47 - 2014-01-08 17:47 - 00078944 _____ C:\Users\Tommy\Downloads\InstallIMVU_496.0_st.exe 2014-01-07 22:37 - 2014-01-07 22:37 - 00000853 _____ C:\Users\Tommy\Desktop\Mozilla Firefox.lnk 2014-01-07 16:41 - 2014-01-07 16:41 - 00000000 ____D C:\Users\Tommy\AppData\Local\Chromium ==================== One Month Modified Files and Folders ======= 2014-01-23 06:13 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles 2014-01-22 21:39 - 2014-01-18 19:46 - 00027487 _____ C:\Users\Tommy\Downloads\FRST.txt 2014-01-22 21:38 - 2014-01-22 21:38 - 01222144 _____ (Farbar) C:\Users\Tommy\Downloads\FRST.exe 2014-01-22 21:35 - 2014-01-22 21:33 - 00000000 ____D C:\Users\Tommy\Downloads\FRST-OlderVersion 2014-01-22 21:35 - 2014-01-15 20:32 - 00000000 ____D C:\FRST 2014-01-22 21:32 - 2009-09-07 13:38 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Skype 2014-01-22 21:31 - 2010-02-22 19:32 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-22 21:29 - 2012-03-21 19:28 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2014-01-22 21:28 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-22 21:28 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-22 21:28 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-22 18:12 - 2006-11-02 14:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-22 18:08 - 2014-01-22 18:08 - 00000093 _____ C:\Users\Tommy\Desktop\potem.txt 2014-01-22 18:07 - 2014-01-22 18:07 - 00448512 _____ (OldTimer Tools) C:\Users\Tommy\Desktop\TFC.exe 2014-01-22 18:02 - 2013-12-10 21:42 - 00000000 ____D C:\Program Files\IObit 2014-01-22 18:01 - 2013-03-19 17:29 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-21 22:41 - 2014-01-18 17:21 - 00010378 _____ C:\Windows\PFRO.log 2014-01-21 22:38 - 2014-01-19 14:57 - 00000000 ____D C:\AdwCleaner 2014-01-21 20:34 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Provisioning 2014-01-20 15:24 - 2011-07-26 14:47 - 00000000 ____D C:\ProgramData\RDRM 2014-01-20 14:58 - 2010-05-01 19:03 - 00000000 ____D C:\ProgramData\ipla 2014-01-20 14:52 - 2010-05-01 19:03 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\ipla 2014-01-20 14:51 - 2010-05-01 19:03 - 00000000 ____D C:\Program Files\ipla 2014-01-20 01:55 - 2012-11-16 19:07 - 00000038 _____ C:\Windows\AviSplitter.INI 2014-01-20 01:54 - 2012-12-04 21:25 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\vlc 2014-01-20 01:53 - 2009-09-07 00:35 - 00110592 _____ C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-19 21:14 - 2014-01-18 23:06 - 00046634 _____ C:\Users\Tommy\Downloads\Addition.txt 2014-01-19 16:24 - 2009-09-14 14:29 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\BitTorrent 2014-01-19 16:04 - 2012-11-03 12:49 - 00000000 ____D C:\Users\Tommy\Desktop\MOJE DOKUMENTY 2014-01-19 16:03 - 2012-11-03 12:56 - 00000000 ____D C:\Users\Tommy\Desktop\PROGRAMY 2014-01-19 16:01 - 2012-11-03 12:55 - 00000000 ____D C:\Users\Tommy\Desktop\GRY 2014-01-19 15:40 - 2014-01-19 15:40 - 00000000 _____ C:\Windows\setuperr.log 2014-01-19 15:40 - 2014-01-19 15:40 - 00000000 _____ C:\Windows\setupact.log 2014-01-19 15:02 - 2009-09-06 19:20 - 00000968 _____ C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-19 14:56 - 2014-01-19 14:56 - 01236282 _____ C:\Users\Tommy\Desktop\adwcleaner.exe 2014-01-19 14:22 - 2014-01-19 14:16 - 00000000 ____D C:\MATS 2014-01-19 14:09 - 2010-02-22 19:32 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-19 00:43 - 2009-09-06 19:58 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{22BE0F7E-A3EF-470C-B67B-E4DF4E521FF8}.job 2014-01-18 23:50 - 2014-01-18 23:50 - 00121634 _____ C:\Users\Tommy\Downloads\Extras.Txt 2014-01-18 23:45 - 2014-01-18 19:44 - 00125214 _____ C:\Users\Tommy\Downloads\OTL.Txt 2014-01-18 17:40 - 2014-01-18 17:40 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Malwarebytes 2014-01-18 17:40 - 2014-01-18 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-18 17:40 - 2014-01-18 17:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-18 17:39 - 2014-01-18 17:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tommy\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-18 17:20 - 2014-01-16 10:17 - 00007086 _____ C:\EamClean.log 2014-01-18 12:18 - 2012-11-10 13:03 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013 2014-01-16 01:12 - 2013-12-13 15:50 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\SexGameDevil 2014-01-15 21:05 - 2012-04-27 17:12 - 00000000 ____D C:\Program Files\Passcape 2014-01-15 20:55 - 2014-01-15 20:55 - 00000000 ____D C:\EEK 2014-01-15 20:54 - 2014-01-15 20:49 - 231562760 _____ C:\Users\Tommy\Downloads\EmsisoftEmergencyKit.exe 2014-01-15 20:33 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public 2014-01-15 18:17 - 2014-01-15 18:17 - 00602112 _____ (OldTimer Tools) C:\Users\Tommy\Downloads\OTL.exe 2014-01-15 17:54 - 2014-01-15 17:53 - 00005471 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-15 17:54 - 2013-11-16 14:34 - 00000000 ____D C:\ProgramData\Oracle 2014-01-15 17:54 - 2009-09-19 20:57 - 00000000 ____D C:\Program Files\Java 2014-01-14 22:32 - 2008-04-16 12:21 - 00713476 _____ C:\Windows\system32\perfh010.dat 2014-01-14 22:32 - 2008-04-16 12:21 - 00141444 _____ C:\Windows\system32\perfc010.dat 2014-01-14 22:32 - 2006-11-02 11:33 - 01600196 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-14 10:12 - 2012-10-20 12:31 - 00000404 _____ C:\Windows\BRWMARK.INI 2014-01-14 10:12 - 2012-10-20 12:31 - 00000027 _____ C:\Windows\BRPP2KA.INI 2014-01-14 10:11 - 2009-04-02 22:27 - 00000000 ____D C:\Program Files\Common Files\LightScribe 2014-01-12 22:16 - 2013-07-03 10:20 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype 2014-01-09 19:57 - 2009-09-06 19:04 - 00000000 ____D C:\Users\Tommy 2014-01-09 16:29 - 2011-03-29 20:57 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Kamerzysta 2014-01-08 18:47 - 2013-05-06 12:08 - 00000000 ____D C:\Program Files\Trojan Remover 2014-01-08 17:47 - 2014-01-08 17:47 - 00078944 _____ C:\Users\Tommy\Downloads\InstallIMVU_496.0_st.exe 2014-01-07 22:37 - 2014-01-07 22:37 - 00000853 _____ C:\Users\Tommy\Desktop\Mozilla Firefox.lnk 2014-01-07 21:54 - 2013-12-19 18:33 - 00000000 ____D C:\Windows\pss 2014-01-07 16:45 - 2010-03-18 08:15 - 00773712 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll 2014-01-07 16:45 - 2010-03-18 08:15 - 00420944 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll 2014-01-07 16:41 - 2014-01-07 16:41 - 00000000 ____D C:\Users\Tommy\AppData\Local\Chromium 2013-12-28 13:32 - 2013-09-18 10:00 - 00000000 ____D C:\Users\Guest\AppData\Roaming\BitTorrent 2013-12-23 15:31 - 2012-05-08 19:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Tommy\AppData\Local\Temp\ipl3BDE.tmp.exe C:\Users\Tommy\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2009-09-07 22:20] - [2009-03-03 05:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-22 21:34 ==================== End Of Log ============================