Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014 Ran by x (administrator) on X-KOMPUTER on 06-06-2014 17:01:40 Running from C:\Users\x\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Spotify Ltd) C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Spotify Ltd) C:\Users\x\AppData\Roaming\Spotify\spotify.exe (WTW.im, Kaworu) C:\Program Files\K2T\WTW\wtw.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.204\deploy\LoLLauncher.exe () D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\x\Downloads\OTL.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (CipSoft GmbH) D:\Program Files\Tibia\Tibia.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X] HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKU\S-1-5-21-1725041692-303553113-1489231641-1000\...\Run: [Spotify Web Helper] => C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd) HKU\S-1-5-21-1725041692-303553113-1489231641-1000\...\Run: [Google Update] => C:\Users\x\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-09-10] (Google Inc.) HKU\S-1-5-21-1725041692-303553113-1489231641-1000\...\Run: [GoogleChromeAutoLaunch_0DD987A1035D7802942B4006FF646164] => C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.) HKU\S-1-5-21-1725041692-303553113-1489231641-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1725041692-303553113-1489231641-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1725041692-303553113-1489231641-1000\...\MountPoints2: K - K:\ HKU\S-1-5-21-1725041692-303553113-1489231641-1000\...\MountPoints2: {1f1485e7-59e7-11e3-b4da-6cf04912e0ea} - K:\ HKU\S-1-5-21-1725041692-303553113-1489231641-1000\...\MountPoints2: {c7812b40-11b9-11e3-92b5-806e6f6e6963} - F:\ AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll File Not Found ==================== Internet (Whitelisted) ==================== ProxyServer: 88.199.92.130:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com/?babsrc=HP_ss_wls_Btisdt6&mntrId=187E6CF04912E0EA&affID=119357&tsp=4993 HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - ${searchCLSID} URL = http://startsear.ch/?aff=2&src=sp&cf=d5c1e390-1e0a-11e1-9803-6cf04912e0ea&q={searchTerms} SearchScopes: HKCU - DefaultScope ${searchCLSID} URL = http://startsear.ch/?aff=2&src=sp&cf=d5c1e390-1e0a-11e1-9803-6cf04912e0ea&q={searchTerms} SearchScopes: HKCU - ${searchCLSID} URL = http://startsear.ch/?aff=2&src=sp&cf=d5c1e390-1e0a-11e1-9803-6cf04912e0ea&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=187E6CF04912E0EA&affID=119357&tsp=4993 SearchScopes: HKCU - {5D8588E8-A1D1-4913-B362-6DA984CBD2FE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} SearchScopes: HKCU - {9FFD6468-0C27-4E87-8ADB-4AE3771ECF60} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1601497 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: savaenSheare - {A6B2F022-B5AF-05C1-4731-8DE2879218CF} - C:\ProgramData\savaenSheare\zi6vGak0y.dll () BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {fe063412-bea4-4d76-8ed3-183be6220d17} - No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{99F25937-20F4-4A25-B8F7-7FB51A28381D}: [NameServer]192.168.0.1,8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\taxuqupi.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\x\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\x\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\taxuqupi.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Extension: BitComet Video Downloader - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\taxuqupi.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-05-05] FF Extension: Adblock Plus - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\taxuqupi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-23] FF Extension: YTD Toolbar - C:\Program Files\YTD Toolbar\FF [2014-05-03] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\x\AppData\Roaming\IDM\idmmzcc5 Chrome: ======= CHR HomePage: hxxp://search.babylon.com/?babsrc=HP_ss&affID=100395&mntrId=187e21c700000000000000ff833a79e9 CHR StartupUrls: "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100395&mntrId=187e21c700000000000000ff833a79e9", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=187e21c70000000000006cf04912e0ea", "hxxp://search.babylon.com/?babsrc=HP_ss_wls&mntrId=187E6CF04912E0EA&affID=119357&tsp=4993" CHR Plugin: (Shockwave Flash) - C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet) CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Google Update) - C:\Users\x\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Angry Birds) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-10-20] CHR Extension: (Dokumenty Google) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12] CHR Extension: (Dysk Google) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12] CHR Extension: (YouTube) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12] CHR Extension: (Szukaj w Google) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12] CHR Extension: (AdBlock) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20] CHR Extension: (Evolved gry online) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2013-10-20] CHR Extension: (Mirkohelper) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidefldfjoggdbebpaioplmhofgdahnk [2013-11-18] CHR Extension: (League of Legends Events) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnfkjennojjkajjmghdgkibohcnefdk [2014-02-27] CHR Extension: (Sprawdzanie poczty Google) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-10-20] CHR Extension: (Rozszerzenie Subskrypcje RSS (od Google)) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2013-10-20] CHR Extension: (Google Wallet) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12] CHR Extension: (RSS Feed Reader) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2013-10-20] CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\x\AppData\Local\Temp\crx568C.tmp [2013-10-20] CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-10-20] CHR HKLM\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files\BonanzaDeals\BonanzaDeals.crx [2013-10-20] CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx [2013-10-20] CHR StartMenuInternet: Google Chrome - C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= S4 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S3 BITCOMET_HELPER_SERVICE; D:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) S4 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-12-12] (Nero AG) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S4 npggsvc; C:\Windows\system32\GameMon.des [3608448 2010-07-01] (INCA Internet Co., Ltd.) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-10-01] () S3 gdrv; C:\Windows\gdrv.sys [17488 2013-07-30] (Windows (R) 2000 DDK provider) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-10-01] () S3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [3328 2010-04-21] (Famatech International Corp.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R1 nm3; C:\Windows\System32\DRIVERS\nm3.sys [39736 2010-06-09] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-07-06] (CACE Technologies) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2013-11-30] (Duplex Secure Ltd.) S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH) S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X] S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X] S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X] U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 17:01 - 2014-06-06 17:01 - 00021665 _____ () C:\Users\x\Downloads\FRST.txt 2014-06-06 17:00 - 2014-06-06 17:01 - 00000000 ____D () C:\FRST 2014-06-06 17:00 - 2014-06-06 17:00 - 01063424 _____ (Farbar) C:\Users\x\Downloads\FRST.exe 2014-06-06 16:55 - 2014-06-06 16:55 - 00000000 ____D () C:\Users\x\Desktop\OTLik 2014-06-06 16:47 - 2014-06-06 16:55 - 00081918 _____ () C:\Users\x\Downloads\Extras.Txt 2014-06-06 16:46 - 2014-06-06 16:46 - 00142364 _____ () C:\Users\x\Downloads\OTL.Txt 2014-06-06 16:34 - 2014-06-06 16:34 - 00602112 _____ (OldTimer Tools) C:\Users\x\Downloads\OTL.exe 2014-05-20 06:37 - 2014-05-20 06:38 - 02962726 _____ () C:\Users\x\Downloads\Tibia C Maps.zip 2014-05-18 13:16 - 2014-05-18 13:16 - 00000667 _____ () C:\Users\Public\Desktop\Tibia.lnk 2014-05-18 13:03 - 2014-05-18 13:09 - 36298059 _____ (CipSoft GmbH ) C:\Users\x\Downloads\tibia1039.exe 2014-05-16 19:39 - 2014-05-16 19:39 - 00000839 _____ () C:\Users\x\Desktop\AIDA64 Extreme.lnk 2014-05-16 19:39 - 2014-05-16 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2014-05-16 19:35 - 2014-05-16 19:38 - 15871712 _____ (FinalWire Ltd. ) C:\Users\x\Downloads\aida64extreme430.exe 2014-05-10 13:08 - 2014-05-10 13:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-09 23:17 - 2014-05-09 23:17 - 00000000 ____D () C:\Users\x\Desktop\allegro-nauka 2014-05-09 23:16 - 2013-07-06 19:43 - 00000000 ____D () C:\Users\x\Desktop\allegro-5.0.10-mingw-4.7.0 2014-05-09 23:11 - 2014-05-09 23:13 - 08290728 _____ () C:\Users\x\Downloads\allegro-5.0.10-mingw-4.7.0.7z 2014-05-09 22:56 - 2014-05-09 22:57 - 03927768 _____ () C:\Users\x\Downloads\allegro-5.0.10 (1).zip 2014-05-09 22:46 - 2014-05-09 22:47 - 03927768 _____ () C:\Users\x\Downloads\allegro-5.0.10.zip ==================== One Month Modified Files and Folders ======= 2014-06-06 17:02 - 2010-07-16 22:52 - 00000000 ____D () C:\Users\x\AppData\Local\Temp 2014-06-06 17:01 - 2014-06-06 17:01 - 00021665 _____ () C:\Users\x\Downloads\FRST.txt 2014-06-06 17:01 - 2014-06-06 17:00 - 00000000 ____D () C:\FRST 2014-06-06 17:00 - 2014-06-06 17:00 - 01063424 _____ (Farbar) C:\Users\x\Downloads\FRST.exe 2014-06-06 17:00 - 2010-09-10 20:23 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1000UA.job 2014-06-06 16:55 - 2014-06-06 16:55 - 00000000 ____D () C:\Users\x\Desktop\OTLik 2014-06-06 16:55 - 2014-06-06 16:47 - 00081918 _____ () C:\Users\x\Downloads\Extras.Txt 2014-06-06 16:55 - 2013-09-02 21:50 - 00000904 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2014-06-06 16:49 - 2012-07-01 22:47 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-06 16:46 - 2014-06-06 16:46 - 00142364 _____ () C:\Users\x\Downloads\OTL.Txt 2014-06-06 16:34 - 2014-06-06 16:34 - 00602112 _____ (OldTimer Tools) C:\Users\x\Downloads\OTL.exe 2014-06-06 16:33 - 2011-07-19 07:28 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1003UA.job 2014-06-06 16:20 - 2010-07-16 22:52 - 01554605 _____ () C:\Windows\WindowsUpdate.log 2014-06-06 16:07 - 2011-03-16 15:52 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-06 16:00 - 2013-08-10 12:32 - 00000000 ____D () C:\Users\x\AppData\Roaming\Spotify 2014-06-06 15:12 - 2011-10-14 23:19 - 00015968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-06 15:12 - 2011-10-14 23:19 - 00015968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-06 15:05 - 2013-09-02 21:50 - 00000900 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2014-06-06 15:05 - 2011-03-16 15:52 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-06 15:04 - 2014-05-03 13:52 - 00003506 _____ () C:\Windows\setupact.log 2014-06-06 15:04 - 2010-07-16 22:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-06 15:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-06 15:04 - 2009-07-14 06:34 - 00015360 _____ () C:\Windows\system32\umstartup.etl 2014-06-06 07:36 - 2009-07-14 06:34 - 00024576 _____ () C:\Windows\system32\umstartup000.etl 2014-06-06 07:33 - 2011-07-19 07:28 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1003Core.job 2014-06-06 07:07 - 2012-08-27 13:59 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-06-06 05:00 - 2010-09-10 20:23 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1000Core.job 2014-06-05 23:24 - 2014-02-23 17:57 - 00000000 ____D () C:\Users\x\AppData\Local\screenSHU 2014-06-05 16:15 - 2014-04-10 16:05 - 00000000 ____D () C:\Users\x\AppData\Local\Spotify 2014-05-22 20:23 - 2013-07-06 14:34 - 00254464 ___SH () C:\Users\x\Documents\Thumbs.db 2014-05-22 20:23 - 2010-09-25 18:20 - 00000000 ___HD () C:\Users\x\Documents\.picasaoriginals 2014-05-22 01:09 - 2010-09-10 20:27 - 00002368 _____ () C:\Users\x\Desktop\Google Chrome.lnk 2014-05-20 21:38 - 2010-07-20 21:04 - 00000000 ____D () C:\Users\x\AppData\Roaming\Skype 2014-05-20 06:39 - 2012-02-04 20:43 - 00000000 ____D () C:\Users\x\AppData\Roaming\Tibia 2014-05-20 06:38 - 2014-05-20 06:37 - 02962726 _____ () C:\Users\x\Downloads\Tibia C Maps.zip 2014-05-19 14:10 - 2009-07-14 06:53 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-18 13:16 - 2014-05-18 13:16 - 00000667 _____ () C:\Users\Public\Desktop\Tibia.lnk 2014-05-18 13:16 - 2012-07-13 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia 2014-05-18 13:09 - 2014-05-18 13:03 - 36298059 _____ (CipSoft GmbH ) C:\Users\x\Downloads\tibia1039.exe 2014-05-16 19:39 - 2014-05-16 19:39 - 00000839 _____ () C:\Users\x\Desktop\AIDA64 Extreme.lnk 2014-05-16 19:39 - 2014-05-16 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2014-05-16 19:38 - 2014-05-16 19:35 - 15871712 _____ (FinalWire Ltd. ) C:\Users\x\Downloads\aida64extreme430.exe 2014-05-13 22:51 - 2012-04-08 12:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-13 22:51 - 2011-08-29 13:05 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-12 16:43 - 2012-04-26 14:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-10 13:09 - 2014-05-10 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 02:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-09 23:44 - 2010-07-17 19:15 - 00000000 ____D () C:\Users\x\AppData\Roaming\codeblocks 2014-05-09 23:37 - 2012-07-01 09:02 - 00000000 ____D () C:\Users\x\AppData\Local\CrashDumps 2014-05-09 23:17 - 2014-05-09 23:17 - 00000000 ____D () C:\Users\x\Desktop\allegro-nauka 2014-05-09 23:13 - 2014-05-09 23:11 - 08290728 _____ () C:\Users\x\Downloads\allegro-5.0.10-mingw-4.7.0.7z 2014-05-09 22:57 - 2014-05-09 22:56 - 03927768 _____ () C:\Users\x\Downloads\allegro-5.0.10 (1).zip 2014-05-09 22:47 - 2014-05-09 22:46 - 03927768 _____ () C:\Users\x\Downloads\allegro-5.0.10.zip Some content of TEMP: ==================== C:\Users\x\AppData\Local\Temp\wtw-update.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 01:44 ==================== End Of Log ============================