Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 ([color=red]ATTENTION: ====> FRST version is 26 days old and could be outdated[/color]) Ran by user (administrator) on USER-KOMPUTER on 08-04-2014 00:02:37 Running from C:\Users\user\Downloads Microsoft Windows 7 Home Premium (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVK\AVKWCtl.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\Firewall\GDFwSvc.exe (G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\Firewall\GDFirewallTray.exe () C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe () C:\Program Files\Mega Browse\updateMegaBrowse.exe () C:\Program Files\Mega Browse\bin\FilterApp_C.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\Mega Browse\bin\XTLSApp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\user\Downloads\OTL.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [37888 2009-07-01] () HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Run: [fst_pl_96] - [X] HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\TotalProtection\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG) HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\TotalProtection\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files\g data\totalprotection\avkkid\avkcks.exe HKU\S-1-5-21-101661676-3665781825-895367130-1000\...\Run: [GG] - C:\Users\user\AppData\Local\GG\Application\gghub.exe [4047424 2013-12-11] (GG Network S.A.) HKU\S-1-5-21-101661676-3665781825-895367130-1000\...\Run: [LiveSupport] - "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log HKU\S-1-5-21-101661676-3665781825-895367130-1000\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\user\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-101661676-3665781825-895367130-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-05] (DT Soft Ltd) HKU\S-1-5-21-101661676-3665781825-895367130-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-101661676-3665781825-895367130-1000\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited) HKU\S-1-5-21-101661676-3665781825-895367130-1000\...\MountPoints2: {5a093940-7ed3-11e3-94ac-806e6f6e6963} - G:\setup.exe AppInit_DLLs: c:\progra~1\optimi~1\optpro~2.dll => C:\Program Files\Optimizer Pro\OptProCrash.dll [4110808 2014-04-07] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: http=http://127.0.0.1:9880 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC&q={searchTerms} URLSearchHook: HKLM - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) URLSearchHook: HKCU - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC&q={searchTerms} SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20140105145753022&tb_oid=05-01-2014&tb_mrud=05-01-2014 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1389564027&from=cor&uid=ST500LT012-1DG142_W3P0TLLCXXXXW3P0TLLC&q={searchTerms} SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20140105145753022&tb_oid=05-01-2014&tb_mrud=05-01-2014 BHO: Mega Browse - {4e6cd411-ce62-4584-97ff-6afbcf6900af} - C:\Program Files\Mega Browse\MegaBrowsebho.dll (Mega Browse) BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKCU - Winamp Toolbar - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.168.1 FireFox: ======== FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-01-11] FF Extension: Pirrit Suggestor - C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-01-03] Chrome: ======= CHR HomePage: CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-13] CHR Extension: (Szukaj w Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-12] CHR Extension: (BBlockUTubeAd) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmmblheahejclpkeoblapfenoaobjbih [2014-02-02] CHR Extension: (RockAlone2k) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efnnamhbbligjdkgkcolmmaoffobkbee [2014-01-12] CHR Extension: (Channel Sub Box for YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmgiaknfepbhamafcfdhhfoidnoidge [2014-01-12] CHR Extension: (Channel Sub Box for YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopiffhbcoggbhmlnmgobalhofjjcoab [2014-01-12] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02] CHR Extension: (Battlefield Play4Free) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2014-01-12] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-12] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG) R2 AVKService; C:\Program Files\G Data\TotalProtection\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG) R2 AVKWCtl; C:\Program Files\G Data\TotalProtection\AVK\AVKWCtl.exe [2101280 2013-10-15] (G Data Software AG) S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2014-01-13] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2014-01-13] (BonanzaDeals) R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-07] () S2 GDBackupSvc; C:\Program Files\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [1947768 2013-08-21] (G Data Software AG) R3 GDFwSvc; C:\Program Files\G Data\TotalProtection\Firewall\GDFwSvc.exe [2373712 2013-10-17] (G Data Software AG) R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG) S3 GDTunerSvc; C:\Program Files\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [1711568 2013-02-25] (G Data Software AG) S2 PirritDesktop; C:\Users\user\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-14] () S2 PirritUpdater; C:\Program Files\Pirrit\AutoUpdater.exe [55296 2014-01-10] () S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-18] () S3 TSNxGService; C:\Program Files\G Data\TotalProtection\TSNxG\TSNxGService.exe [255608 2013-09-23] (G Data Software) R2 Update Mega Browse; C:\Program Files\Mega Browse\updateMegaBrowse.exe [350496 2014-04-04] () R2 Util Mega Browse; C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe [350496 2014-04-07] () S2 WinRST; C:\Program Files\WinRST\WinRST.exe [59904 2014-02-26] () S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [499856 2014-01-13] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2014-04-07] (G Data Software AG) S3 gddcd; C:\Windows\system32\drivers\gddcd32.sys [70488 2014-04-07] (G Data Software AG) R1 gddcv; C:\Windows\system32\drivers\gddcv32.sys [53208 2014-04-07] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [96600 2014-04-07] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52056 2014-04-07] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54104 2014-04-07] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [30040 2014-04-07] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [51032 2014-04-07] (G Data Software AG) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2014-01-03] (Duplex Secure Ltd.) R0 TS4NT; C:\Windows\System32\Drivers\TS4nt.sys [103928 2014-04-07] (G Data Software) R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-04-07] (StdLib) U3 amqv4yj9; C:\Windows\system32\Drivers\amqv4yj9.sys [0 ] (Microsoft Corporation) S3 cpuz134; \??\C:\Users\user\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-08 00:01 - 2014-04-08 00:01 - 00046048 _____ () C:\Users\user\Downloads\Extras.Txt 2014-04-07 23:58 - 2014-04-07 23:58 - 00602112 _____ (OldTimer Tools) C:\Users\user\Downloads\OTL.exe 2014-04-07 23:49 - 2014-04-07 23:58 - 00023189 _____ () C:\Users\user\Downloads\Addition.txt 2014-04-07 23:48 - 2014-04-08 00:02 - 00014370 _____ () C:\Users\user\Downloads\FRST.txt 2014-04-07 23:48 - 2014-04-08 00:02 - 00000000 ____D () C:\FRST 2014-04-07 23:48 - 2014-04-07 23:48 - 01145856 _____ (Farbar) C:\Users\user\Downloads\FRST.exe 2014-04-07 23:05 - 2014-04-07 23:05 - 00000000 ____H () C:\Users\user\AppData\Local\BIT2C6A.tmp 2014-04-07 23:05 - 2014-04-07 23:05 - 00000000 _____ () C:\Users\user\AppData\Local\{6303A451-8642-457B-A55E-60A00DB72522} 2014-04-07 23:03 - 2014-03-27 20:00 - 00573968 _____ (WindowexeAllkiller.com) C:\Users\user\Desktop\WindowexeAllkiller.exe 2014-04-07 23:03 - 2014-03-27 19:56 - 00000000 ____D () C:\Users\user\Desktop\lang 2014-04-07 23:02 - 2014-04-07 23:03 - 00165407 _____ () C:\Users\user\Downloads\WindowexeAllkiller.zip 2014-04-07 22:36 - 2014-04-07 22:36 - 00000000 ____D () C:\Users\user\AppData\Local\G DATA 2014-04-07 22:26 - 2014-04-07 22:26 - 00000000 ____D () C:\Program Files\predm 2014-04-07 22:25 - 2014-04-07 22:25 - 00030040 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-04-07 22:25 - 2014-04-07 22:25 - 00016048 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2014-04-07 22:07 - 2014-04-07 22:07 - 00052056 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-04-07 22:07 - 2014-04-07 22:07 - 00002001 _____ () C:\Users\Public\Desktop\G Data TotalProtection 2014.lnk 2014-04-07 22:07 - 2014-04-07 22:07 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-04-07 22:06 - 2014-04-07 22:46 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-04-07 22:06 - 2014-04-07 22:06 - 00103928 _____ (G Data Software) C:\Windows\system32\Drivers\TS4nt.sys 2014-04-07 22:06 - 2014-04-07 22:06 - 00070488 _____ (G Data Software AG) C:\Windows\system32\Drivers\gddcd32.sys 2014-04-07 22:06 - 2014-04-07 22:06 - 00053208 _____ (G Data Software AG) C:\Windows\system32\Drivers\gddcv32.sys 2014-04-07 22:06 - 2014-04-07 22:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_gddcd32_01007.Wdf 2014-04-07 22:06 - 2014-04-07 22:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-04-07 22:05 - 2014-04-07 22:05 - 00096600 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-04-07 22:05 - 2014-04-07 22:05 - 00054104 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys 2014-04-07 22:05 - 2014-04-07 22:05 - 00051032 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-04-07 22:05 - 2014-04-07 22:05 - 00045912 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-04-07 22:02 - 2014-04-07 22:02 - 00000000 ____D () C:\ProgramData\G DATA Software 2014-04-07 22:00 - 2014-04-07 22:03 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe 2014-04-07 22:00 - 2014-04-07 22:00 - 00000000 ____D () C:\Program Files\G Data 2014-04-07 22:00 - 2014-04-07 22:00 - 00000000 ____D () C:\Program Files\Common Files\G Data 2014-04-07 21:59 - 2014-04-07 22:10 - 00000000 ____D () C:\ProgramData\G Data 2014-04-07 21:27 - 2014-04-07 21:27 - 00000813 _____ () C:\Users\user\fixlist.txt 2014-04-07 21:16 - 2014-04-07 21:16 - 00000000 ____D () C:\Program Files\Reimage 2014-04-07 21:14 - 2014-04-07 21:52 - 00000000 ____D () C:\Users\user\AppData\Local\Lollipop 2014-04-07 21:14 - 2014-04-07 21:45 - 00000000 ____D () C:\Program Files\Optimizer Pro 2014-04-07 21:14 - 2014-04-07 21:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop 2014-04-07 21:13 - 2014-04-07 21:13 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2014-04-07 21:13 - 2014-04-07 21:13 - 00000000 ____D () C:\Users\user\AppData\Local\FilesFrog Update Checker 2014-04-07 21:06 - 2014-04-07 21:06 - 00000000 ____D () C:\ProgramData\CDB 2014-04-07 21:04 - 2014-04-07 21:07 - 00000163 _____ () C:\Windows\Reimage.ini 2014-04-07 21:03 - 2014-04-07 21:04 - 00785888 _____ (Reimage®) C:\Users\user\Downloads\ReimageRepair.exe 2014-04-07 19:44 - 2014-04-07 19:44 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys 2014-04-07 18:38 - 2014-04-07 18:38 - 00000000 ____D () C:\ProgramData\Ubisoft 2014-04-07 18:32 - 2014-04-07 18:32 - 00000000 ____D () C:\ProgramData\BonanzaDealsLive 2014-04-07 18:21 - 2014-04-07 23:00 - 00000000 ____D () C:\Users\user\AppData\Local\PMB Files 2014-04-07 18:21 - 2014-04-07 18:21 - 00000000 ____D () C:\ProgramData\PMB Files 2014-04-07 18:19 - 2014-04-07 18:20 - 34249488 _____ (Riot Games) C:\Users\user\Downloads\LeagueofLegends_EUNE_Installer_06_17_13 (1).exe 2014-04-07 18:16 - 2014-04-07 18:22 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin 2014-04-07 18:13 - 2014-04-07 21:44 - 00000000 ____D () C:\Program Files\Mega Browse 2014-04-07 18:12 - 2014-04-07 18:12 - 00684088 _____ () C:\Users\user\Downloads\pando-media-booster.exe 2014-04-07 18:06 - 2014-04-07 18:06 - 04765152 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup411.exe 2014-04-07 17:59 - 2014-04-07 17:59 - 00000000 ____D () C:\Program Files\BBlockUTubeAd 2014-04-07 16:56 - 2014-04-07 16:58 - 00000000 ____D () C:\Users\user\AppData\Roaming\Origin 2014-04-07 16:56 - 2014-04-07 16:56 - 00000000 ____D () C:\Users\user\AppData\Local\Origin 2014-04-07 16:53 - 2014-04-07 17:23 - 00000000 ____D () C:\ProgramData\Origin 2014-03-22 11:31 - 2014-03-22 11:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\Ubisoft 2014-03-22 11:24 - 2014-03-22 11:25 - 00140656 _____ () C:\Windows\DirectX.log 2014-03-22 11:10 - 2014-03-22 11:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\InstallShield 2014-03-22 11:10 - 2014-03-22 11:10 - 00000000 ____D () C:\Program Files\Ubisoft ==================== One Month Modified Files and Folders ======= 2014-04-08 00:02 - 2014-04-07 23:48 - 00014370 _____ () C:\Users\user\Downloads\FRST.txt 2014-04-08 00:02 - 2014-04-07 23:48 - 00000000 ____D () C:\FRST 2014-04-08 00:01 - 2014-04-08 00:01 - 00046048 _____ () C:\Users\user\Downloads\Extras.Txt 2014-04-07 23:58 - 2014-04-07 23:58 - 00602112 _____ (OldTimer Tools) C:\Users\user\Downloads\OTL.exe 2014-04-07 23:58 - 2014-04-07 23:49 - 00023189 _____ () C:\Users\user\Downloads\Addition.txt 2014-04-07 23:48 - 2014-04-07 23:48 - 01145856 _____ (Farbar) C:\Users\user\Downloads\FRST.exe 2014-04-07 23:46 - 2014-01-02 13:32 - 00318930 _____ () C:\Windows\WindowsUpdate.log 2014-04-07 23:18 - 2014-01-02 17:04 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-07 23:05 - 2014-04-07 23:05 - 00000000 ____H () C:\Users\user\AppData\Local\BIT2C6A.tmp 2014-04-07 23:05 - 2014-04-07 23:05 - 00000000 _____ () C:\Users\user\AppData\Local\{6303A451-8642-457B-A55E-60A00DB72522} 2014-04-07 23:05 - 2014-01-13 00:00 - 00000910 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2014-04-07 23:05 - 2014-01-13 00:00 - 00000906 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2014-04-07 23:05 - 2014-01-02 17:04 - 00001028 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-07 23:05 - 2009-07-14 04:04 - 00000505 _____ () C:\Windows\win.ini 2014-04-07 23:03 - 2014-04-07 23:02 - 00165407 _____ () C:\Users\user\Downloads\WindowexeAllkiller.zip 2014-04-07 23:00 - 2014-04-07 18:21 - 00000000 ____D () C:\Users\user\AppData\Local\PMB Files 2014-04-07 22:46 - 2014-04-07 22:06 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-04-07 22:36 - 2014-04-07 22:36 - 00000000 ____D () C:\Users\user\AppData\Local\G DATA 2014-04-07 22:26 - 2014-04-07 22:26 - 00000000 ____D () C:\Program Files\predm 2014-04-07 22:25 - 2014-04-07 22:25 - 00030040 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-04-07 22:25 - 2014-04-07 22:25 - 00016048 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2014-04-07 22:24 - 2014-02-15 21:34 - 00000000 ____D () C:\Users\user\AppData\Local\PirritSuggestor 2014-04-07 22:10 - 2014-04-07 21:59 - 00000000 ____D () C:\ProgramData\G Data 2014-04-07 22:07 - 2014-04-07 22:07 - 00052056 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-04-07 22:07 - 2014-04-07 22:07 - 00002001 _____ () C:\Users\Public\Desktop\G Data TotalProtection 2014.lnk 2014-04-07 22:07 - 2014-04-07 22:07 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-04-07 22:06 - 2014-04-07 22:06 - 00103928 _____ (G Data Software) C:\Windows\system32\Drivers\TS4nt.sys 2014-04-07 22:06 - 2014-04-07 22:06 - 00070488 _____ (G Data Software AG) C:\Windows\system32\Drivers\gddcd32.sys 2014-04-07 22:06 - 2014-04-07 22:06 - 00053208 _____ (G Data Software AG) C:\Windows\system32\Drivers\gddcv32.sys 2014-04-07 22:06 - 2014-04-07 22:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_gddcd32_01007.Wdf 2014-04-07 22:06 - 2014-04-07 22:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-04-07 22:06 - 2009-07-14 06:39 - 00023041 _____ () C:\Windows\setupact.log 2014-04-07 22:06 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-04-07 22:05 - 2014-04-07 22:05 - 00096600 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-04-07 22:05 - 2014-04-07 22:05 - 00054104 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys 2014-04-07 22:05 - 2014-04-07 22:05 - 00051032 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-04-07 22:05 - 2014-04-07 22:05 - 00045912 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-04-07 22:03 - 2014-04-07 22:00 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe 2014-04-07 22:02 - 2014-04-07 22:02 - 00000000 ____D () C:\ProgramData\G DATA Software 2014-04-07 22:00 - 2014-04-07 22:00 - 00000000 ____D () C:\Program Files\G Data 2014-04-07 22:00 - 2014-04-07 22:00 - 00000000 ____D () C:\Program Files\Common Files\G Data 2014-04-07 21:54 - 2009-07-14 06:34 - 00014784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-07 21:54 - 2009-07-14 06:34 - 00014784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-07 21:52 - 2014-04-07 21:14 - 00000000 ____D () C:\Users\user\AppData\Local\Lollipop 2014-04-07 21:50 - 2014-01-02 15:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-04-07 21:50 - 2014-01-02 14:23 - 01661232 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-07 21:50 - 2009-07-14 10:07 - 00737480 _____ () C:\Windows\system32\perfh015.dat 2014-04-07 21:50 - 2009-07-14 10:07 - 00154136 _____ () C:\Windows\system32\perfc015.dat 2014-04-07 21:48 - 2014-01-02 17:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\GG 2014-04-07 21:48 - 2014-01-02 17:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-04-07 21:47 - 2014-01-13 00:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\newnext.me 2014-04-07 21:45 - 2014-04-07 21:14 - 00000000 ____D () C:\Program Files\Optimizer Pro 2014-04-07 21:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 21:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-04-07 21:44 - 2014-04-07 21:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop 2014-04-07 21:44 - 2014-04-07 18:13 - 00000000 ____D () C:\Program Files\Mega Browse 2014-04-07 21:44 - 2014-02-02 03:51 - 00000000 ____D () C:\ProgramData\BBlockUTubeAd 2014-04-07 21:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-04-07 21:27 - 2014-04-07 21:27 - 00000813 _____ () C:\Users\user\fixlist.txt 2014-04-07 21:16 - 2014-04-07 21:16 - 00000000 ____D () C:\Program Files\Reimage 2014-04-07 21:13 - 2014-04-07 21:13 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2014-04-07 21:13 - 2014-04-07 21:13 - 00000000 ____D () C:\Users\user\AppData\Local\FilesFrog Update Checker 2014-04-07 21:07 - 2014-04-07 21:04 - 00000163 _____ () C:\Windows\Reimage.ini 2014-04-07 21:06 - 2014-04-07 21:06 - 00000000 ____D () C:\ProgramData\CDB 2014-04-07 21:04 - 2014-04-07 21:03 - 00785888 _____ (Reimage®) C:\Users\user\Downloads\ReimageRepair.exe 2014-04-07 19:44 - 2014-04-07 19:44 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys 2014-04-07 18:38 - 2014-04-07 18:38 - 00000000 ____D () C:\ProgramData\Ubisoft 2014-04-07 18:32 - 2014-04-07 18:32 - 00000000 ____D () C:\ProgramData\BonanzaDealsLive 2014-04-07 18:32 - 2014-01-13 00:01 - 00000000 ____D () C:\ProgramData\WPM 2014-04-07 18:32 - 2014-01-13 00:00 - 00000000 ____D () C:\Program Files\BonanzaDealsLive 2014-04-07 18:24 - 2014-01-30 17:27 - 00000000 ____D () C:\Users\user\Desktop\GRY 2014-04-07 18:22 - 2014-04-07 18:16 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin 2014-04-07 18:21 - 2014-04-07 18:21 - 00000000 ____D () C:\ProgramData\PMB Files 2014-04-07 18:20 - 2014-04-07 18:19 - 34249488 _____ (Riot Games) C:\Users\user\Downloads\LeagueofLegends_EUNE_Installer_06_17_13 (1).exe 2014-04-07 18:12 - 2014-04-07 18:12 - 00684088 _____ () C:\Users\user\Downloads\pando-media-booster.exe 2014-04-07 18:06 - 2014-04-07 18:06 - 04765152 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup411.exe 2014-04-07 18:00 - 2014-01-02 17:30 - 00000000 ____D () C:\Program Files\Steam 2014-04-07 17:59 - 2014-04-07 17:59 - 00000000 ____D () C:\Program Files\BBlockUTubeAd 2014-04-07 17:59 - 2014-01-12 16:39 - 00000000 ____D () C:\ProgramData\eec33f7f144d96af 2014-04-07 17:31 - 2009-07-14 10:27 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-04-07 17:30 - 2014-01-16 19:34 - 00000000 ____D () C:\Program Files\DAEMON Tools Toolbar 2014-04-07 17:30 - 2014-01-13 00:01 - 00000000 ____D () C:\Users\user\AppData\Local\genienext 2014-04-07 17:30 - 2014-01-13 00:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2014-04-07 17:30 - 2014-01-13 00:00 - 00000000 ____D () C:\Program Files\Mobogenie 2014-04-07 17:30 - 2014-01-12 16:39 - 00000000 ____D () C:\Users\user\AppData\Local\Torch 2014-04-07 17:30 - 2014-01-12 16:39 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker 2014-04-07 17:30 - 2014-01-12 16:39 - 00000000 ____D () C:\Program Files\YoutubeAdblocker 2014-04-07 17:30 - 2014-01-05 16:58 - 00000000 ____D () C:\ProgramData\Winamp Toolbar 2014-04-07 17:30 - 2014-01-05 16:58 - 00000000 ____D () C:\Program Files\Winamp Toolbar 2014-04-07 17:30 - 2014-01-02 17:25 - 00000000 ____D () C:\Program Files\osu! 2014-04-07 17:30 - 2014-01-02 17:17 - 00000000 ____D () C:\Users\user\AppData\Roaming\Pirrit 2014-04-07 17:30 - 2014-01-02 17:17 - 00000000 ____D () C:\Program Files\Pirrit 2014-04-07 17:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2014-04-07 17:29 - 2014-02-16 23:15 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-04-07 17:23 - 2014-04-07 16:53 - 00000000 ____D () C:\ProgramData\Origin 2014-04-07 16:58 - 2014-04-07 16:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Origin 2014-04-07 16:56 - 2014-04-07 16:56 - 00000000 ____D () C:\Users\user\AppData\Local\Origin 2014-03-27 20:00 - 2014-04-07 23:03 - 00573968 _____ (WindowexeAllkiller.com) C:\Users\user\Desktop\WindowexeAllkiller.exe 2014-03-27 19:56 - 2014-04-07 23:03 - 00000000 ____D () C:\Users\user\Desktop\lang 2014-03-22 11:31 - 2014-03-22 11:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\Ubisoft 2014-03-22 11:25 - 2014-03-22 11:24 - 00140656 _____ () C:\Windows\DirectX.log 2014-03-22 11:10 - 2014-03-22 11:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\InstallShield 2014-03-22 11:10 - 2014-03-22 11:10 - 00000000 ____D () C:\Program Files\Ubisoft 2014-03-22 10:39 - 2014-02-02 03:52 - 00000266 __RSH () C:\ProgramData\ntuser.pol 2014-03-15 21:24 - 2014-02-15 21:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client 2014-03-15 20:03 - 2014-02-15 21:12 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-03-15 13:53 - 2014-01-31 22:34 - 00000000 ____D () C:\Users\user\AppData\Local\dxhr 2014-03-15 13:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\biclient.exe C:\Users\user\AppData\Local\Temp\bitool.dll C:\Users\user\AppData\Local\Temp\ExpressSetup.exe C:\Users\user\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\user\AppData\Local\Temp\OptimizerPro.exe C:\Users\user\AppData\Local\Temp\ReimageExpressPackage.exe C:\Users\user\AppData\Local\Temp\ReimageExpressSetup.exe C:\Users\user\AppData\Local\Temp\ReimagePackage.exe C:\Users\user\AppData\Local\Temp\setup_fst_pl.exe C:\Users\user\AppData\Local\Temp\SHSetup.exe C:\Users\user\AppData\Local\Temp\swt-win32-3349.dll C:\Users\user\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\user\AppData\Local\Temp\_is2285.exe C:\Users\user\AppData\Local\Temp\_is589B.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-05 23:14 ==================== End Of Log ============================