Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014 Ran by Okurwiencze (administrator) on OKURWIENCZE-PC on 30-09-2014 09:57:38 Running from D:\Instalki nowe Loaded Profile: Okurwiencze (Available profiles: Okurwiencze) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Niemiecki (Niemcy) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files (x86)\LPT\srpts.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe () C:\Program Files (x86)\LPT\srptm.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe () C:\Program Files (x86)\Surftastic\updateSurftastic.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe () C:\Users\Okurwiencze\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8061984 2009-08-13] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software) HKLM-x32\...\Run: [fst_de_7] => [X] AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-03-21] () AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-03-21] () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: SmartFTP Drop -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => D:\sfShellTools.dll (SmartSoft Ltd.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1402092449&from=cor&uid=ST9320320AS_5SX4K3AKXXXX5SX4K3AK&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1402092449&from=cor&uid=ST9320320AS_5SX4K3AKXXXX5SX4K3AK&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1402092449&from=cor&uid=ST9320320AS_5SX4K3AKXXXX5SX4K3AK&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1402092449&from=cor&uid=ST9320320AS_5SX4K3AKXXXX5SX4K3AK&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1389823694&from=cor&uid=ST9320320AS_5SX4K3AKXXXX5SX4K3AK SearchScopes: HKLM - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.sweet-page.com/web/?type=ds&ts=1389823694&from=cor&uid=ST9320320AS_5SX4K3AKXXXX5SX4K3AK&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04ensW1Y9tWfcKY8_9HgKig_UQ7mxIYo82FlJl8EeQMAe2WF0m1GavOvyfDaV4QcyvPSFPDpodeKEwLNjXDzU4Ls1qwBFMFNJbfR608fJbE3eOmo2P-MGoxTUMD7qShw,,&q={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04ensW1Y9tWfcKY8_9HgKig_UQ7mxIYo82FlJl8EeQMAe2WF0m1GavOvyfDaV4QcyvPSFPDpodeKEwLNjXDzU4Ls1qwBFMFNJbfR608fJbE3eOmo2P-MGoxTUMD7qSgA,,&q={searchTerms} SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60327 BHO: Plus-HD-9.5 -> {11111111-1111-1111-1111-110511311166} -> C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-bho64.dll (Plus HD) BHO: MediaPlayerplus -> {11111111-1111-1111-1111-110511421146} -> C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven) BHO: Freeven Pro 1.3 -> {11111111-1111-1111-1111-110511421155} -> C:\Program Files (x86)\Freeven Pro 1.3\Freeven Pro 1.3-bho64.dll (Freeven) BHO: KINgCoupuon -> {56D3A495-004A-5305-3EC2-0C0D3D6E3D48} -> C:\ProgramData\KINgCoupuon\1CyZFc.x64.dll () BHO: KKingCoupion -> {6C277649-83C1-7382-6F9E-920426A91EFD} -> C:\ProgramData\KKingCoupion\SR8O97rf_.x64.dll () BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {11111111-1111-1111-1111-110411771118} -> No File BHO-x32: &Crawler Toolbar Helper -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -> C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com) BHO-x32: KINgCoupuon -> {56D3A495-004A-5305-3EC2-0C0D3D6E3D48} -> C:\ProgramData\KINgCoupuon\1CyZFc.dll () BHO-x32: KKingCoupion -> {6C277649-83C1-7382-6F9E-920426A91EFD} -> C:\ProgramData\KKingCoupion\SR8O97rf_.dll () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com) Hosts: 127.0.0.1 validation.sls.microsoft.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04ensW1Y9tWfcKY8_9HgKig_UQ7mxIYo82FlJl8EeQMAe2WF0m1GavOvyfDaV4Qcyl5YsHgd7rTWTb_WoopklggiHKH2v1FXpTs-N9u167KlR_phsWQDU8FFuSv4yblA,, FF DefaultSearchEngine: Web Search FF SelectedSearchEngine: Web Search FF Homepage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04ensW1Y9tWfcKY8_9HgKig_UQ7mxIYo82FlJl8EeQMAe2WF0m1GavOvyfDaV4QcyjUFI54FK7iM3Ke7rMvHmvLXV93uj0kKg2voO7hN-qh8uQlprngoGwAzX2mGq36Q,, FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna04ensW1Y9tWfcKY8_9HgKig_UQ7mxIYo82FlJl8EeQMAe2WF0m1GavOvyfDaV4QcyvPSFPDpodeKEwLNjXDzU4Ls1qwBFMFNJbfR608fJbE3eOmo2P-MGoxTUMD7qShw,,&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF SearchPlugin: C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml FF Extension: SmartSaver+ 8 - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com [2014-04-28] FF Extension: ExtraShoPper - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\2tqt3-c3@vbyyoyieyo-.co.uk [2014-09-24] FF Extension: MediaPlayerplus - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-05-24] FF Extension: Freeven Pro 1.3 - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\e20dc619-d8c4-48f1-ae07-641cefb43165@3c4d943f-ad97-4f6e-aa94-d9671175a3d0.com [2014-04-15] FF Extension: Plus-HD-9.5 - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com [2014-05-24] FF Extension: saviNSHop - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\hbu@rqpdd.net [2014-04-23] FF Extension: QuEaenCoupOn - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\mdxc_9up@we-mf.org [2014-09-24] FF Extension: QueeenCoupon - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\oueoengniwj@ioao-jfw.edu [2014-09-24] FF Extension: LuckyShopppEir - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\sisos14f@jgppcb.co.uk [2014-09-24] FF Extension: Surftastic - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\{01531192-f7ef-415f-a549-cfdb11836731}.xpi [2014-02-22] FF Extension: Adblock Plus - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Firefox\Profiles\ed4hawx8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-22] FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff FF Extension: flash-Enhancer - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2014-02-20] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-24] FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home579.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home579\ff FF HKLM-x32\...\Firefox\Extensions: [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] - C:\Program Files (x86)\Crawler\Toolbar\firefox FF Extension: Crawler Toolbar - C:\Program Files (x86)\Crawler\Toolbar\firefox [2014-06-14] FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-01-15] FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\Okurwiencze\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-01-15] FF HKCU\...\Firefox\Extensions: [{13b2a6cd-c8be-4191-a05b-b843a6b780cb}] - C:\Program Files (x86)\Re-markit\155.xpi FF Extension: Re-markit - C:\Program Files (x86)\Re-markit\155.xpi [2014-02-19] FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi FF Extension: Wajam - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013-12-19] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1402092449&from=cor&uid=ST9320320AS_5SX4K3AKXXXX5SX4K3AK" CHR Profile: C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Re-markit) - C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2014-02-01] CHR Extension: (avast! Online Security) - C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-24] CHR Extension: (CoolPreviews) - C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbhbhdjmllabhmeoehogilodnpbmhgj [2014-09-01] CHR Extension: (Lightning Newtab) - C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-02-27] CHR Extension: (Vecteezy) - C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin [2014-09-05] CHR Extension: (SmartSaver+ 8) - C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj [2014-06-08] CHR Extension: (Google Wallet) - C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-21] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Okurwiencze\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-02-26] CHR HKLM-x32\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Okurwiencze\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-21] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-09] (AVAST Software) R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-09] () <==== ATTENTION R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-26] (SaveSense) S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-26] (SaveSense) R2 spmgr; C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-13] (Crawler.com) R2 Update Surftastic; C:\Program Files (x86)\Surftastic\updateSurftastic.exe [111392 2014-02-21] () S2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-10-25] (Wajam) [File not signed] <==== ATTENTION R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X] S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-21] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-21] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-21] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-21] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-15] (Disc Soft Ltd) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () R2 ghaio; C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] () R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] () R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-06-14] (Windows (R) Win 7 DDK provider) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-12-19] (Microsoft Corporation) [File not signed] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 09:53 - 2014-09-30 09:57 - 00000000 ____D () C:\FRST 2014-09-28 22:01 - 2014-09-28 22:01 - 00414320 _____ () C:\Users\Okurwiencze\Desktop\OTL1.Txt 2014-09-28 22:01 - 2014-09-28 22:01 - 00055348 _____ () C:\Users\Okurwiencze\Desktop\Extras.Txt 2014-09-21 22:13 - 2014-09-21 22:13 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-09-21 09:24 - 2014-09-21 09:24 - 00003194 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl 2014-09-21 01:42 - 2014-09-21 02:10 - 00001391 _____ () C:\Users\Okurwiencze\Desktop\I feel good every time.txt 2014-09-09 21:00 - 2014-09-30 09:45 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3CCCC1C7-D6EC-45D0-BF0C-C64CA505C80F} 2014-09-05 11:57 - 2014-09-05 11:59 - 00000000 ____D () C:\ProgramData\KKingCoupion 2014-09-01 12:23 - 2014-09-01 12:48 - 00000000 ____D () C:\ProgramData\ReoyalShOppERAPp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 09:59 - 2014-04-15 21:58 - 00001550 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job 2014-09-30 09:58 - 2014-04-15 21:58 - 00001470 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job 2014-09-30 09:58 - 2014-04-15 21:58 - 00001402 _____ () C:\Windows\Tasks\512823f1-87fd-4b5e-bf0a-0e1c683e9223-1.job 2014-09-30 09:58 - 2014-04-15 21:57 - 00002248 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job 2014-09-30 09:58 - 2014-04-15 21:57 - 00002172 _____ () C:\Windows\Tasks\512823f1-87fd-4b5e-bf0a-0e1c683e9223-4.job 2014-09-30 09:54 - 2014-01-16 00:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-30 09:38 - 2014-01-26 13:06 - 00000942 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2014-09-30 09:38 - 2014-01-16 00:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-30 09:38 - 2014-01-16 00:07 - 00000289 _____ () C:\Users\Okurwiencze\AppData\Roaming\WB.CFG 2014-09-30 09:37 - 2014-01-15 14:38 - 01118022 _____ () C:\Windows\WindowsUpdate.log 2014-09-30 09:37 - 2009-07-14 06:45 - 00005872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-30 09:37 - 2009-07-14 06:45 - 00005872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-30 09:36 - 2014-01-26 13:05 - 00000304 _____ () C:\Windows\Tasks\DSite.job 2014-09-29 12:17 - 2014-01-28 22:33 - 00000380 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-09-29 12:11 - 2014-01-26 13:06 - 00000938 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2014-09-29 11:03 - 2009-07-14 06:51 - 00062778 _____ () C:\Windows\setupact.log 2014-09-27 11:01 - 2014-01-16 00:58 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-26 12:03 - 2014-01-22 21:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-26 11:57 - 2014-02-24 00:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-25 21:13 - 2014-01-16 23:40 - 00731746 _____ () C:\Windows\system32\perfh015.dat 2014-09-25 21:13 - 2014-01-16 23:40 - 00155324 _____ () C:\Windows\system32\perfc015.dat 2014-09-25 21:13 - 2011-04-12 09:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat 2014-09-25 21:13 - 2011-04-12 09:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat 2014-09-25 21:13 - 2009-07-14 07:13 - 02505248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-24 11:43 - 2014-01-16 00:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 11:42 - 2014-01-16 00:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 11:42 - 2014-01-16 00:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-24 11:38 - 2014-02-07 22:49 - 00000370 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job 2014-09-21 22:14 - 2014-02-24 00:55 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-09-21 22:14 - 2014-02-24 00:54 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-09-21 22:13 - 2014-06-09 22:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-09-21 22:13 - 2014-02-24 00:54 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-09-21 22:13 - 2014-02-24 00:54 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1411330452943 2014-09-21 22:13 - 2014-02-24 00:54 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-09-21 22:13 - 2014-02-24 00:54 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-09-21 22:13 - 2014-02-24 00:54 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-09-21 22:13 - 2014-02-24 00:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-09-21 22:13 - 2014-02-24 00:54 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-09-21 22:13 - 2014-02-24 00:54 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-09-21 09:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-21 09:19 - 2010-11-21 05:47 - 00055732 _____ () C:\Windows\PFRO.log 2014-09-21 03:46 - 2014-02-07 22:49 - 00002750 _____ () C:\Windows\System32\Tasks\DriverToolkit Autorun 2014-09-19 19:30 - 2014-02-26 12:57 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-08 20:06 - 2014-02-11 10:51 - 00000000 ____D () C:\Users\Okurwiencze\Desktop\Bewerbungi Nowe Bonduellle 2014-09-08 20:05 - 2014-01-26 13:17 - 00000000 ____D () C:\Users\Okurwiencze\AppData\Local\CUSTPDF Writer 2014-09-08 18:50 - 2014-06-14 19:42 - 00000000 ____D () C:\ProgramData\Spyware Terminator 2014-09-06 23:39 - 2014-06-19 15:15 - 00000000 ____D () C:\Users\Okurwiencze\AppData\Roaming\ipla 2014-09-05 11:59 - 2014-04-21 19:54 - 00000000 ____D () C:\ProgramData\26291a5eae6fc8d4 Some content of TEMP: ==================== C:\Users\Okurwiencze\AppData\Local\Temp\1374509789_SmartPCFixInstaller_ITNTDigiC_appsP.exe C:\Users\Okurwiencze\AppData\Local\Temp\1390490966_the_wedownload_manager_1.exe C:\Users\Okurwiencze\AppData\Local\Temp\41346uninstall.exe C:\Users\Okurwiencze\AppData\Local\Temp\applinstall.exe C:\Users\Okurwiencze\AppData\Local\Temp\BackupSetup.exe C:\Users\Okurwiencze\AppData\Local\Temp\BetterBrowseSetup.exe C:\Users\Okurwiencze\AppData\Local\Temp\dlLogic.exe C:\Users\Okurwiencze\AppData\Local\Temp\DownloadManager.exe C:\Users\Okurwiencze\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3_muxm.dll C:\Users\Okurwiencze\AppData\Local\Temp\EnableExtDll.dll C:\Users\Okurwiencze\AppData\Local\Temp\ffdshow.exe C:\Users\Okurwiencze\AppData\Local\Temp\GCVerifier.dll C:\Users\Okurwiencze\AppData\Local\Temp\htmlayout.dll C:\Users\Okurwiencze\AppData\Local\Temp\IEHistory.exe C:\Users\Okurwiencze\AppData\Local\Temp\InstalledPrograms.exe C:\Users\Okurwiencze\AppData\Local\Temp\install_helper.exe C:\Users\Okurwiencze\AppData\Local\Temp\ipl536C.tmp.exe C:\Users\Okurwiencze\AppData\Local\Temp\iplACA3.tmp.exe C:\Users\Okurwiencze\AppData\Local\Temp\iplD44E.tmp.exe C:\Users\Okurwiencze\AppData\Local\Temp\iplEA.tmp.exe C:\Users\Okurwiencze\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Okurwiencze\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Okurwiencze\AppData\Local\Temp\MatroskaSplitter.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsa410F.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsaF945.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsd31E2.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsd6F00.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsd8F6D.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsi9383.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsnF471.exe C:\Users\Okurwiencze\AppData\Local\Temp\nss2830.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsy67DE.exe C:\Users\Okurwiencze\AppData\Local\Temp\nsyFBC3.exe C:\Users\Okurwiencze\AppData\Local\Temp\nvStInst.exe C:\Users\Okurwiencze\AppData\Local\Temp\rcpsetup_isppi.exe C:\Users\Okurwiencze\AppData\Local\Temp\set-app.exe C:\Users\Okurwiencze\AppData\Local\Temp\setapp.exe C:\Users\Okurwiencze\AppData\Local\Temp\Setup-b.exe C:\Users\Okurwiencze\AppData\Local\Temp\ShoppinHelper2.exe C:\Users\Okurwiencze\AppData\Local\Temp\SHSetup.exe C:\Users\Okurwiencze\AppData\Local\Temp\spstub.exe C:\Users\Okurwiencze\AppData\Local\Temp\sp_downloader.exe C:\Users\Okurwiencze\AppData\Local\Temp\Sqlite3.dll C:\Users\Okurwiencze\AppData\Local\Temp\SurftasticSetup.exe C:\Users\Okurwiencze\AppData\Local\Temp\toolbar501650964.exe C:\Users\Okurwiencze\AppData\Local\Temp\Tsu10C43D26.dll C:\Users\Okurwiencze\AppData\Local\Temp\Tsu30A8D7EF.dll C:\Users\Okurwiencze\AppData\Local\Temp\uninstall612849.exe C:\Users\Okurwiencze\AppData\Local\Temp\uninstall617561.exe C:\Users\Okurwiencze\AppData\Local\Temp\uninstall617732.exe C:\Users\Okurwiencze\AppData\Local\Temp\vcredist_x64.exe C:\Users\Okurwiencze\AppData\Local\Temp\vcredist_x86.exe C:\Users\Okurwiencze\AppData\Local\Temp\verifier.exe C:\Users\Okurwiencze\AppData\Local\Temp\Worms_Armageddon.exe C:\Users\Okurwiencze\AppData\Local\Temp\_ReMarkit_up.exe C:\Users\Okurwiencze\AppData\Local\Temp\?odec Performer803975.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION! LastRegBack: 2014-09-29 12:56 ==================== End Of Log ============================