Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013 Ran by Ozi (administrator) on OZI-KOMPUTER on 21-09-2013 15:03:43 Running from C:\Users\Ozi\Desktop Windows 7 Home Premium (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Comodo Security Solutions, Inc.) C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Comodo Security Solutions, Inc.) C:\Program Files\COMODO\COMODO System Utilities\CSU_CLI.exe () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Immunet) C:\Program Files\Immunet\3.0.8\iptray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Sourcefire, Inc.) C:\Program Files\Immunet\3.0.8\agent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKCU\...\Run: [SDP] - C:\Users\Ozi\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto) HKLM-x32\...\Run: [Immunet Protect] - C:\Program Files\Immunet\3.0.8\iptray.exe [3508552 2012-09-25] (Immunet) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ConvertAd] - C:\Users\Ozi\AppData\Local\ConvertAd\ConvertAd.exe [1784832 2013-08-10] (TODO: ) Startup: C:\Users\Ozi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rjlzjr1a.lnk ShortcutTarget: rjlzjr1a.lnk -> C:\PROGRA~3\a1rjzljr.plz (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=7A61001F1F0656BC&affID=124742&tsp=5005 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?affID=116220&tt=4412_5&babsrc=HP_ss&mntrId=7a61c9c2000000000000001f1f0656bc HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF210245102451&ts=1378745199 URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF210245102451&ts=1378745199 SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF210245102451&ts=1378745199 SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF210245102451&ts=1378745199 SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF210245102451&ts=1378745199 SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={4783D86F-25D9-11E2-B5FB-E88695DB8A5A} SearchScopes: HKCU - bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKCU - {015DCE87-D2DD-45B4-B625-4A11EE1C3A59} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=7761968F-6BA2-4FB0-91A3-7F14BD87D134&apn_sauid=845D3666-F257-4642-AA3E-B084F0393BEF SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7A61001F1F0656BC&affID=124742&tsp=5005 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF210245102451&ts=1378745199 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={4783D86F-25D9-11E2-B5FB-E88695DB8A5A} BHO: No Name - {336D0C35-8A85-403a-B9D2-65C292C39087} - No File BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) BHO-x32: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) Toolbar: HKLM-x32 - No Name - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 87.199.0.12 81.15.194.39 FireFox: ======== FF ProfilePath: C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default FF user.js: detected! => C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\user.js FF NewTab: hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=7A61001F1F0656BC&affID=124742&tsp=5005 FF Homepage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=7A61001F1F0656BC&affID=124742&tsp=5005 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 - C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\searchplugins\MyStart Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml FF Extension: DoNotTrackMe - C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\Extensions\donottrackplus@abine.com FF Extension: Delta Toolbar - C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\Extensions\ffxtlbr@delta.com FF Extension: incredibar.com - C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\Extensions\ffxtlbr@incredibar.com FF Extension: AppsHat - C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} FF Extension: No Name - C:\Users\Ozi\AppData\Roaming\Mozilla\Firefox\Profiles\ok6c9wmt.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox FF HKCU\...\Firefox\Extensions: [{eb865f6a-a922-424b-abd5-a19d0f5301d1}] - C:\Program Files (x86)\Lyrmix\132.xpi FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF210245102451&ts=1378745199 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (IB Updater) - C:\Users\Ozi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.575_0 CHR Extension: (SweetIM for Facebook) - C:\Users\Ozi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1 CHR Extension: () - C:\Users\Ozi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Ozi\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Ozi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM-x32\...\Chrome\Extension: [kidmhllhjmmmnpbiaihafgchacpmokof] - C:\Program Files (x86)\Lyrmix\132.crx CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Ozi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx ==================== Services (Whitelisted) ================= R2 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.) R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] () R2 ImmunetProtect; C:\Program Files\Immunet\3.0.8\agent.exe [514408 2012-09-25] (Sourcefire, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 scan; C:\Program Files\Immunet\tetra\scan.dll [411648 2012-09-25] (S.C. BitDefender S.R.L) S2 IB Updater Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [x] ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-04] (DT Soft Ltd) R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-21] (Windows (R) Server 2003 DDK provider) R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-21] (Windows (R) Server 2003 DDK provider) R2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [98632 2012-09-25] (Sourcefire, Inc.) R1 ImmunetProtectDriver; C:\Windows\System32\DRIVERS\ImmunetProtect.sys [57672 2012-09-25] (Windows (R) Win 7 DDK provider) R1 ImmunetSelfProtectDriver; C:\Windows\System32\DRIVERS\ImmunetSelfProtect.sys [32584 2012-09-25] (Windows (R) Win 7 DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [284232 2012-09-25] (BitDefender S.R.L.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-21 15:03 - 2013-09-21 15:03 - 00000000 ____D C:\FRST 2013-09-21 15:02 - 2013-09-21 15:02 - 01956670 _____ (Farbar) C:\Users\Ozi\Desktop\FRST64.exe 2013-09-21 15:01 - 2013-09-21 15:01 - 00602112 _____ (OldTimer Tools) C:\Users\Ozi\Desktop\OTL.com 2013-09-21 14:35 - 2013-09-21 14:35 - 00021453 _____ C:\ComboFix.txt 2013-09-21 13:42 - 2013-09-21 13:42 - 00001202 _____ C:\Windows\PFRO.log 2013-09-21 13:31 - 2013-09-21 13:31 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-21 13:31 - 2013-09-21 13:31 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\Malwarebytes 2013-09-21 13:31 - 2013-09-21 13:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-21 13:31 - 2013-09-21 13:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-21 13:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-21 13:30 - 2013-09-21 13:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ozi\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-21 13:29 - 2013-09-21 13:29 - 00685248 _____ C:\Users\Ozi\Desktop\Malwarebytes-AntiMalware(13117).exe 2013-09-21 13:16 - 2013-09-21 14:35 - 00000000 ____D C:\Qoobox 2013-09-21 13:16 - 2013-09-21 13:22 - 00000000 ____D C:\Windows\erdnt 2013-09-21 13:16 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-21 13:16 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-21 13:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-21 13:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-21 13:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-21 13:16 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-21 13:16 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-21 13:16 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-21 13:15 - 2013-09-21 13:16 - 05128554 ____R (Swearware) C:\Users\Ozi\Desktop\ComboFix.exe 2013-09-21 12:58 - 2013-09-21 14:08 - 00008990 _____ C:\Windows\WindowsUpdate.log 2013-09-21 12:52 - 2013-09-21 12:52 - 00000285 _____ C:\ProgramData\rjlzjr1a.reg 2013-09-21 12:46 - 2013-09-21 12:52 - 95025368 ____T C:\ProgramData\rjlzjr1a.pff 2013-09-21 12:46 - 2013-09-21 12:52 - 00000000 _____ C:\ProgramData\rjlzjr1a.ctrl 2013-09-19 12:50 - 2013-09-19 12:50 - 00000000 ____D C:\Program Files (x86)\Techland 2013-09-14 22:58 - 2013-09-14 22:59 - 00000000 ____D C:\Users\Ozi\Documents\NFS Carbon 2013-09-14 22:08 - 2013-09-14 22:08 - 00000000 ____D C:\Users\Ozi\Documents\Optimizer Pro 2013-09-14 22:08 - 2013-09-14 22:08 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\Optimizer Pro 2013-09-14 22:03 - 2013-09-15 14:20 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-09-14 22:03 - 2013-09-14 22:03 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat 2013-09-14 22:03 - 2013-09-14 22:03 - 00000000 ____D C:\Users\Ozi\AppData\Local\WebPlayer 2013-09-14 22:03 - 2013-09-14 22:03 - 00000000 ____D C:\Program Files (x86)\Minibar 2013-09-14 22:02 - 2013-09-14 22:02 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2013-09-14 22:02 - 2013-09-14 22:02 - 00000000 ____D C:\Users\Ozi\AppData\Local\FilesFrog Update Checker 2013-09-14 22:02 - 2013-09-14 22:02 - 00000000 ____D C:\ProgramData\BitGuard 2013-09-12 19:41 - 2013-09-21 14:05 - 00000784 _____ C:\Windows\setupact.log 2013-09-12 19:41 - 2013-09-12 19:41 - 00000000 _____ C:\Windows\setuperr.log 2013-09-11 21:43 - 2013-09-11 21:43 - 02347384 _____ (ESET) C:\Users\Ozi\Desktop\esetsmartinstaller_plk.exe 2013-09-11 21:43 - 2013-09-11 21:43 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-09 20:06 - 2013-09-09 20:39 - 00001719 _____ C:\Users\Ozi\Desktop\allegro.txt 2013-09-09 19:07 - 2013-09-09 19:07 - 00003096 _____ C:\Windows\System32\Tasks\{69D2669B-2D7B-4229-A391-DBAC4FBFF709} 2013-09-09 18:47 - 2013-09-11 22:45 - 00000000 ____D C:\Program Files (x86)\Lyrmix 2013-09-09 18:47 - 2013-09-09 18:47 - 00003002 _____ C:\Windows\System32\Tasks\Lyrmix Update 2013-09-09 18:47 - 2013-09-09 18:47 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\0C1I1L1R1J0M1P0I1G 2013-09-09 18:47 - 2013-09-09 18:47 - 00000000 ____D C:\Users\Ozi\AppData\Local\ConvertAd 2013-09-09 18:46 - 2013-09-11 15:17 - 00000000 ____D C:\ProgramData\eSafe 2013-09-09 18:46 - 2013-09-09 18:46 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\1J1F1H1E2Y2Z1P1C1B2W1L1T2ZtF1E1I 2013-09-09 18:46 - 2013-09-09 18:46 - 00000000 ____D C:\User Data 2013-09-09 18:45 - 2013-09-09 18:45 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-07 12:05 - 2013-09-07 12:05 - 00003832 _____ C:\Windows\System32\Tasks\Disk Cleaner 07-09-2013 12-05-37 2013-09-07 09:35 - 2013-09-07 09:37 - 95025368 ____T C:\ProgramData\bowlwlt.pff 2013-09-07 09:35 - 2013-09-07 09:35 - 00000000 _____ C:\ProgramData\bowlwlt.ctrl 2013-09-03 13:43 - 2013-09-03 21:25 - 00000509 _____ C:\Users\Ozi\Desktop\adrian.txt 2013-08-25 21:27 - 2013-08-25 21:27 - 00798720 _____ (Firelight Technologies) C:\Windows\system32\fmodex.dll ==================== One Month Modified Files and Folders ======= 2013-09-21 15:03 - 2013-09-21 15:03 - 00000000 ____D C:\FRST 2013-09-21 15:02 - 2013-09-21 15:02 - 01956670 _____ (Farbar) C:\Users\Ozi\Desktop\FRST64.exe 2013-09-21 15:01 - 2013-09-21 15:01 - 00602112 _____ (OldTimer Tools) C:\Users\Ozi\Desktop\OTL.com 2013-09-21 15:00 - 2012-09-25 22:28 - 00062904 _____ C:\Users\Ozi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-21 15:00 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-21 15:00 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-21 14:35 - 2013-09-21 14:35 - 00021453 _____ C:\ComboFix.txt 2013-09-21 14:35 - 2013-09-21 13:16 - 00000000 ____D C:\Qoobox 2013-09-21 14:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-09-21 14:29 - 2012-09-25 22:14 - 00000200 _____ C:\service.log 2013-09-21 14:17 - 2013-07-03 23:07 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-21 14:08 - 2013-09-21 12:58 - 00008990 _____ C:\Windows\WindowsUpdate.log 2013-09-21 14:05 - 2013-09-12 19:41 - 00000784 _____ C:\Windows\setupact.log 2013-09-21 14:05 - 2013-07-03 23:07 - 00001038 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-21 14:05 - 2012-09-25 23:14 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-21 14:05 - 2012-09-25 22:24 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2013-09-21 14:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-21 13:42 - 2013-09-21 13:42 - 00001202 _____ C:\Windows\PFRO.log 2013-09-21 13:31 - 2013-09-21 13:31 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-21 13:31 - 2013-09-21 13:31 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\Malwarebytes 2013-09-21 13:31 - 2013-09-21 13:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-21 13:31 - 2013-09-21 13:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-21 13:30 - 2013-09-21 13:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ozi\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-21 13:29 - 2013-09-21 13:29 - 00685248 _____ C:\Users\Ozi\Desktop\Malwarebytes-AntiMalware(13117).exe 2013-09-21 13:23 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-21 13:22 - 2013-09-21 13:16 - 00000000 ____D C:\Windows\erdnt 2013-09-21 13:16 - 2013-09-21 13:15 - 05128554 ____R (Swearware) C:\Users\Ozi\Desktop\ComboFix.exe 2013-09-21 12:52 - 2013-09-21 12:52 - 00000285 _____ C:\ProgramData\rjlzjr1a.reg 2013-09-21 12:52 - 2013-09-21 12:46 - 95025368 ____T C:\ProgramData\rjlzjr1a.pff 2013-09-21 12:52 - 2013-09-21 12:46 - 00000000 _____ C:\ProgramData\rjlzjr1a.ctrl 2013-09-21 12:46 - 2012-09-25 22:12 - 00000000 ___RD C:\Users\Ozi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-21 12:05 - 2012-09-25 22:31 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-20 10:12 - 2012-09-25 22:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-20 10:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-09-20 10:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2013-09-20 10:05 - 2012-09-25 22:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-20 10:05 - 2012-09-25 22:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-20 10:05 - 2012-09-25 22:31 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-20 09:34 - 2012-10-03 18:14 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\OpenOffice.org2 2013-09-20 09:14 - 2012-09-25 22:11 - 00000000 ____D C:\Users\Ozi 2013-09-20 09:14 - 2009-07-14 06:45 - 00291584 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-19 12:50 - 2013-09-19 12:50 - 00000000 ____D C:\Program Files (x86)\Techland 2013-09-15 14:20 - 2013-09-14 22:03 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-09-14 22:59 - 2013-09-14 22:58 - 00000000 ____D C:\Users\Ozi\Documents\NFS Carbon 2013-09-14 22:08 - 2013-09-14 22:08 - 00000000 ____D C:\Users\Ozi\Documents\Optimizer Pro 2013-09-14 22:08 - 2013-09-14 22:08 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\Optimizer Pro 2013-09-14 22:03 - 2013-09-14 22:03 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat 2013-09-14 22:03 - 2013-09-14 22:03 - 00000000 ____D C:\Users\Ozi\AppData\Local\WebPlayer 2013-09-14 22:03 - 2013-09-14 22:03 - 00000000 ____D C:\Program Files (x86)\Minibar 2013-09-14 22:02 - 2013-09-14 22:02 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2013-09-14 22:02 - 2013-09-14 22:02 - 00000000 ____D C:\Users\Ozi\AppData\Local\FilesFrog Update Checker 2013-09-14 22:02 - 2013-09-14 22:02 - 00000000 ____D C:\ProgramData\BitGuard 2013-09-14 22:02 - 2013-05-04 20:25 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater 2013-09-12 19:41 - 2013-09-12 19:41 - 00000000 _____ C:\Windows\setuperr.log 2013-09-11 22:45 - 2013-09-09 18:47 - 00000000 ____D C:\Program Files (x86)\Lyrmix 2013-09-11 22:45 - 2013-04-10 10:22 - 00000000 ____D C:\Windows\SysWOW64\ARFC 2013-09-11 22:45 - 2012-10-30 12:49 - 00000000 ____D C:\Program Files\IB Updater 2013-09-11 22:45 - 2009-07-14 05:20 - 00000000 ___HD C:\Users\Ozi\Security 2013-09-11 21:43 - 2013-09-11 21:43 - 02347384 _____ (ESET) C:\Users\Ozi\Desktop\esetsmartinstaller_plk.exe 2013-09-11 21:43 - 2013-09-11 21:43 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-11 15:17 - 2013-09-09 18:46 - 00000000 ____D C:\ProgramData\eSafe 2013-09-09 20:39 - 2013-09-09 20:06 - 00001719 _____ C:\Users\Ozi\Desktop\allegro.txt 2013-09-09 20:11 - 2009-07-14 19:55 - 00737242 _____ C:\Windows\system32\perfh015.dat 2013-09-09 20:11 - 2009-07-14 19:55 - 00153930 _____ C:\Windows\system32\perfc015.dat 2013-09-09 20:11 - 2009-07-14 07:13 - 01661232 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-09 19:07 - 2013-09-09 19:07 - 00003096 _____ C:\Windows\System32\Tasks\{69D2669B-2D7B-4229-A391-DBAC4FBFF709} 2013-09-09 19:07 - 2012-11-28 12:18 - 00000000 ____D C:\Users\Ozi\Documents\EA Games 2013-09-09 18:47 - 2013-09-09 18:47 - 00003002 _____ C:\Windows\System32\Tasks\Lyrmix Update 2013-09-09 18:47 - 2013-09-09 18:47 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\0C1I1L1R1J0M1P0I1G 2013-09-09 18:47 - 2013-09-09 18:47 - 00000000 ____D C:\Users\Ozi\AppData\Local\ConvertAd 2013-09-09 18:46 - 2013-09-09 18:46 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\1J1F1H1E2Y2Z1P1C1B2W1L1T2ZtF1E1I 2013-09-09 18:46 - 2013-09-09 18:46 - 00000000 ____D C:\User Data 2013-09-09 18:46 - 2012-09-25 22:40 - 00001432 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-09 18:46 - 2012-09-25 22:12 - 00001753 _____ C:\Users\Ozi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-09 18:46 - 2012-09-25 22:12 - 00001731 _____ C:\Users\Ozi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-09-09 18:45 - 2013-09-09 18:45 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-09-09 18:45 - 2013-05-04 20:25 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\BabSolution 2013-09-07 12:05 - 2013-09-07 12:05 - 00003832 _____ C:\Windows\System32\Tasks\Disk Cleaner 07-09-2013 12-05-37 2013-09-07 12:04 - 2013-06-24 15:32 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\GG 2013-09-07 12:00 - 2013-04-22 14:45 - 00000000 ____D C:\Windows\Minidump 2013-09-07 10:03 - 2013-06-24 15:32 - 00001276 _____ C:\Users\Ozi\Desktop\GG.lnk 2013-09-07 10:03 - 2013-02-26 23:23 - 00000000 ____D C:\ProgramData\ipla 2013-09-07 10:00 - 2013-02-26 23:23 - 00000000 ____D C:\Users\Ozi\AppData\Roaming\ipla 2013-09-07 09:59 - 2013-06-14 12:47 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-09-07 09:37 - 2013-09-07 09:35 - 95025368 ____T C:\ProgramData\bowlwlt.pff 2013-09-07 09:35 - 2013-09-07 09:35 - 00000000 _____ C:\ProgramData\bowlwlt.ctrl 2013-09-05 14:43 - 2013-06-24 15:32 - 00000000 ____D C:\Users\Ozi\AppData\Local\GG 2013-09-03 21:25 - 2013-09-03 13:43 - 00000509 _____ C:\Users\Ozi\Desktop\adrian.txt 2013-08-25 21:27 - 2013-08-25 21:27 - 00798720 _____ (Firelight Technologies) C:\Windows\system32\fmodex.dll Files to move or delete: ==================== C:\Users\Ozi\AppData\Roaming\cache.ini C:\ProgramData\bowlwlt.ctrl C:\ProgramData\bowlwlt.pff C:\ProgramData\rjlzjr1a.ctrl C:\ProgramData\rjlzjr1a.pff C:\ProgramData\rjlzjr1a.reg ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-21 09:23 ==================== End Of Log ============================