Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 03 Ran by Roman (administrator) on ROMAN-PC on 27-01-2014 00:20:44 Running from G:\ Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Users\Roman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [192512 2007-07-26] (Wistron) HKLM\...\Run: [recinfo91] - c:\RecInfo\RecInfo.exe [2768896 2007-06-06] () HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269 2008-12-06] (RealNetworks, Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation) HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-17] (Synaptics, Inc.) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1648264 2013-04-30] (Ask) HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-20] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [SkyDrive] - C:\Users\Roman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Roman_2\...\Run: [Gadu-Gadu] - C:\Program Files\Gadu-Gadu\gg.exe [ 2008-03-20] (Gadu-Gadu S.A.) HKU\Roman_2\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2013-10-28] (Disc Soft Ltd) HKU\Roman_2\...\Run: [lollipop] - lollipop Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_PL HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - {05D8CBD0-8D82-4DF3-B4B6-5A0A2A2C6410} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=kw&q={searchTerms}&locale=en_PL&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^PL&apn_uid=728588bb-b7ce-4639-b23f-b0f75e69bfd4&apn_sauid=E313DDD7-F1AE-45B7-9E7C-A4D00FE2449E BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Roman\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 32 File Not found () Winsock: Catalog9 33 File Not found () FireFox: ======== FF ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\4teqiovc.default-1354027098553 FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Google FF Homepage: www.onet.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @ganymede/NAVY,version=1.0 - C:\Program Files\Ganymede\Plugins\NAVY\NPNAVY.dll (Ganymede Technologies) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.1864 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.1924 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.857 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @research.microsoft.com/HDView - C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPBOARDS.dll (Ganymede Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMAKAOV2.dll (Ganymede Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPNAVY.dll (Ganymede Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSOCCER.dll (Ganymede Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npVividasPlayer.dll ( ) FF SearchPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\4teqiovc.default-1354027098553\searchplugins\askcom.xml FF Extension: Vividas player plugin - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\4teqiovc.default-1354027098553\Extensions\player@vividas.com [2013-02-27] FF Extension: Ask Toolbar - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\4teqiovc.default-1354027098553\Extensions\toolbar@ask.com [2013-02-26] FF Extension: Adblock Plus - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\4teqiovc.default-1354027098553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-12] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-12] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR HomePage: hxxp://www.onet.pl/ CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Ganymede Boards Plugin) - C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll (Ganymede Technologies) CHR Plugin: (LizardTech DjVu) - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll (LizardTech) CHR Plugin: (GanymedeNet.Detector) - C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll ( ) CHR Plugin: (Ganymede Plugin) - C:\Program Files\Mozilla Firefox\plugins\NPMAKAOV2.dll (Ganymede Technologies) CHR Plugin: (Ganymede Navy Plugin) - C:\Program Files\Mozilla Firefox\plugins\NPNAVY.dll (Ganymede Technologies) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Ganymede Plugin) - C:\Program Files\Mozilla Firefox\plugins\NPSOCCER.dll (Ganymede Technologies) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (HD View) - C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research) CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Dokumenty Google) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-10] CHR Extension: (Dysk Google) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-10] CHR Extension: (YouTube) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-10] CHR Extension: (Szukaj w Google) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-10] CHR Extension: (Chrome In-App Payments service) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19] CHR Extension: (Gmail) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-10] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-20] (Avira Operations GmbH & Co. KG) S3 lxby_device; C:\Windows\system32\lxbycoms.exe [462848 2005-01-06] (Lexmark International, Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2006-11-17] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-11] (Disc Soft Ltd) R1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] () S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP) S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-01-11] (Duplex Secure Ltd.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-18] (Avira GmbH) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-01-06] (Symantec Corporation) S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.) S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd) U3 avnkcah5; C:\Windows\System32\Drivers\avnkcah5.sys [0 ] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 zgdcat; system32\DRIVERS\zgdcat.sys [x] S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [x] S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [x] S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [x] S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-27 00:20 - 2014-01-27 00:20 - 00000000 ____D C:\FRST 2014-01-26 23:55 - 2014-01-26 23:55 - 00000872 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-26 23:55 - 2014-01-26 23:55 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Malwarebytes 2014-01-26 23:55 - 2014-01-26 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-26 23:55 - 2014-01-26 23:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-26 23:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-26 23:54 - 2014-01-26 23:54 - 00007362 _____ C:\Users\Roman\Desktop\01262014_233516.log 2014-01-23 21:13 - 2014-01-23 21:13 - 00045970 _____ C:\Users\Roman\Desktop\Extras.Txt 2014-01-23 20:37 - 2014-01-23 21:12 - 00088006 _____ C:\Users\Roman\Desktop\OTL.Txt 2014-01-23 19:59 - 2014-01-23 19:57 - 00602112 _____ (OldTimer Tools) C:\Users\Roman\Desktop\OTL.exe 2014-01-23 18:46 - 2014-01-26 23:59 - 00046766 _____ C:\Windows\WindowsUpdate.log 2014-01-23 18:35 - 2014-01-23 18:35 - 00001068 _____ C:\Users\Roman\Documents\cc_20140123_183519.reg 2014-01-23 17:20 - 2014-01-23 17:16 - 01293667 _____ C:\Users\Roman\Desktop\vista-7.7.0.498-whql.zip 2014-01-23 13:25 - 2014-01-23 13:25 - 00000000 ____D C:\ia64 2014-01-23 13:25 - 2014-01-23 13:25 - 00000000 ____D C:\i386 2014-01-23 12:05 - 2014-01-23 12:05 - 00000000 ____D C:\Users\Roman\devcon 2014-01-21 20:18 - 2007-06-22 10:28 - 00030578 _____ C:\Windows\system32\athrext.cat 2014-01-21 20:18 - 2007-06-18 18:03 - 00737280 _____ (Atheros Communications, Inc.) C:\Windows\system32\athr.sys 2014-01-21 19:51 - 2014-01-21 19:50 - 00079024 _____ C:\Users\Roman\Desktop\devcon.exe 2014-01-21 14:59 - 2014-01-21 14:59 - 00043122 _____ C:\Users\Roman\Documents\cc_20140121_145935.reg 2014-01-21 09:21 - 2014-01-21 09:23 - 00000000 ____D C:\Users\Roman_2\Desktop\szkolenie 2014-01-21 09:16 - 2014-01-21 09:24 - 00000000 ____D C:\Users\Roman_2\Desktop\DOGSO SPA 2014-01-18 21:10 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-18 21:10 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-18 21:10 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-18 21:10 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-18 21:09 - 2014-01-18 21:10 - 00005163 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-11 23:00 - 2014-01-11 23:00 - 00000000 ____D C:\Users\Roman_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spolszczenie do Europa Universalis III 2014-01-11 22:51 - 2014-01-11 22:51 - 00000619 _____ C:\Users\Public\Desktop\Europa Universalis III.lnk 2014-01-11 22:44 - 2014-01-11 22:44 - 00000836 _____ C:\Users\Public\Desktop\Europa Universalis 2.lnk 2014-01-11 22:44 - 2014-01-11 22:07 - 310957325 _____ C:\Users\Roman_2\Desktop\Europa Universalis 3 PL.rar 2014-01-11 22:37 - 2014-01-11 22:37 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-01-11 22:26 - 2014-01-21 09:21 - 00000000 ____D C:\Users\Roman_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop 2014-01-11 22:25 - 2014-01-11 22:37 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2014-01-11 22:25 - 2014-01-11 22:36 - 00000000 ____D C:\Users\Roman_2\AppData\Roaming\DAEMON Tools Lite 2014-01-11 22:25 - 2014-01-11 22:25 - 00001701 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2014-01-10 20:34 - 2014-01-10 20:34 - 00000000 __SHD C:\found.006 2014-01-08 17:16 - 2014-01-08 17:16 - 00030944 _____ C:\Users\Roman\Documents\cc_20140108_171602.reg 2014-01-06 23:48 - 2014-01-07 11:58 - 00000000 ____D C:\Users\Roman\AppData\Roaming\systweak 2014-01-06 23:48 - 2012-01-20 14:14 - 00017280 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe 2014-01-06 23:45 - 2014-01-06 23:45 - 10885600 _____ (Pazera Jacek ) C:\Users\Roman\Documents\Pazera_Free_FLV_to_AVI_Converter.exe 2014-01-05 23:31 - 2014-01-05 23:31 - 00001668 _____ C:\Users\Roman\Desktop\Europa Universalis.lnk 2014-01-05 23:31 - 2014-01-05 23:31 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Universalis 2014-01-05 23:28 - 2014-01-05 23:32 - 00000000 ____D C:\Program Files\Europa Universalis 2014-01-03 19:27 - 2014-01-03 19:50 - 00000000 ____D C:\DVD 2 2012 ==================== One Month Modified Files and Folders ======= 2014-01-27 00:20 - 2014-01-27 00:20 - 00000000 ____D C:\FRST 2014-01-27 00:01 - 2012-08-21 11:59 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-26 23:59 - 2014-01-23 18:46 - 00046766 _____ C:\Windows\WindowsUpdate.log 2014-01-26 23:58 - 2006-12-05 06:19 - 00672390 _____ C:\Windows\system32\perfh015.dat 2014-01-26 23:58 - 2006-12-05 06:19 - 00130766 _____ C:\Windows\system32\perfc015.dat 2014-01-26 23:58 - 2006-11-02 11:33 - 01495500 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-26 23:55 - 2014-01-26 23:55 - 00000872 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-26 23:55 - 2014-01-26 23:55 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Malwarebytes 2014-01-26 23:55 - 2014-01-26 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-26 23:55 - 2014-01-26 23:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-26 23:54 - 2014-01-26 23:54 - 00007362 _____ C:\Users\Roman\Desktop\01262014_233516.log 2014-01-26 23:52 - 2012-08-21 11:58 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-26 23:50 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-26 23:50 - 2006-11-02 13:45 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-26 23:50 - 2006-11-02 13:45 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-26 23:48 - 2006-11-02 13:58 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-26 23:46 - 2012-04-01 17:01 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-23 21:13 - 2014-01-23 21:13 - 00045970 _____ C:\Users\Roman\Desktop\Extras.Txt 2014-01-23 21:12 - 2014-01-23 20:37 - 00088006 _____ C:\Users\Roman\Desktop\OTL.Txt 2014-01-23 19:57 - 2014-01-23 19:59 - 00602112 _____ (OldTimer Tools) C:\Users\Roman\Desktop\OTL.exe 2014-01-23 18:35 - 2014-01-23 18:35 - 00001068 _____ C:\Users\Roman\Documents\cc_20140123_183519.reg 2014-01-23 17:16 - 2014-01-23 17:20 - 01293667 _____ C:\Users\Roman\Desktop\vista-7.7.0.498-whql.zip 2014-01-23 13:25 - 2014-01-23 13:25 - 00000000 ____D C:\ia64 2014-01-23 13:25 - 2014-01-23 13:25 - 00000000 ____D C:\i386 2014-01-23 12:14 - 2008-01-18 19:35 - 00000000 ____D C:\Users\Roman 2014-01-23 12:05 - 2014-01-23 12:05 - 00000000 ____D C:\Users\Roman\devcon 2014-01-21 20:18 - 2007-12-13 16:31 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2014-01-21 19:50 - 2014-01-21 19:51 - 00079024 _____ C:\Users\Roman\Desktop\devcon.exe 2014-01-21 15:20 - 2009-11-21 00:25 - 00006648 _____ C:\Users\Roman\AppData\Local\d3d9caps.dat 2014-01-21 14:59 - 2014-01-21 14:59 - 00043122 _____ C:\Users\Roman\Documents\cc_20140121_145935.reg 2014-01-21 14:30 - 2013-06-04 17:53 - 00000000 ___RD C:\Users\Roman\SkyDrive 2014-01-21 14:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing 2014-01-21 09:30 - 2010-11-16 10:43 - 00049664 _____ C:\Users\Roman_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-21 09:24 - 2014-01-21 09:16 - 00000000 ____D C:\Users\Roman_2\Desktop\DOGSO SPA 2014-01-21 09:23 - 2014-01-21 09:21 - 00000000 ____D C:\Users\Roman_2\Desktop\szkolenie 2014-01-21 09:21 - 2014-01-11 22:26 - 00000000 ____D C:\Users\Roman_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop 2014-01-18 21:26 - 2013-07-21 17:10 - 00000000 ____D C:\Windows\system32\MRT 2014-01-18 21:17 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-01-18 21:10 - 2014-01-18 21:09 - 00005163 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-18 21:10 - 2013-07-08 11:46 - 00000000 ____D C:\Program Files\Java 2014-01-18 21:06 - 2012-12-23 12:38 - 00000000 ____D C:\Program Files\Common Files\Adobe 2014-01-12 20:36 - 2008-01-18 19:47 - 00225280 _____ C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-11 23:00 - 2014-01-11 23:00 - 00000000 ____D C:\Users\Roman_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spolszczenie do Europa Universalis III 2014-01-11 22:51 - 2014-01-11 22:51 - 00000619 _____ C:\Users\Public\Desktop\Europa Universalis III.lnk 2014-01-11 22:44 - 2014-01-11 22:44 - 00000836 _____ C:\Users\Public\Desktop\Europa Universalis 2.lnk 2014-01-11 22:40 - 2009-02-12 21:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2014-01-11 22:37 - 2014-01-11 22:37 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-01-11 22:37 - 2014-01-11 22:25 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2014-01-11 22:37 - 2010-10-11 17:42 - 00000000 ____D C:\Users\Roman_2 2014-01-11 22:36 - 2014-01-11 22:25 - 00000000 ____D C:\Users\Roman_2\AppData\Roaming\DAEMON Tools Lite 2014-01-11 22:25 - 2014-01-11 22:25 - 00001701 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2014-01-11 22:25 - 2009-02-12 21:10 - 00324096 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2014-01-11 22:07 - 2014-01-11 22:44 - 310957325 _____ C:\Users\Roman_2\Desktop\Europa Universalis 3 PL.rar 2014-01-10 20:34 - 2014-01-10 20:34 - 00000000 __SHD C:\found.006 2014-01-08 17:16 - 2014-01-08 17:16 - 00030944 _____ C:\Users\Roman\Documents\cc_20140108_171602.reg 2014-01-08 17:01 - 2009-01-17 13:29 - 00000000 ____D C:\Program Files\Google 2014-01-07 11:58 - 2014-01-06 23:48 - 00000000 ____D C:\Users\Roman\AppData\Roaming\systweak 2014-01-07 10:57 - 2009-11-19 22:37 - 00000000 ____D C:\Users\Roman\AppData\Roaming\ipla 2014-01-07 10:28 - 2012-10-17 19:16 - 00000000 ____D C:\Users\Roman\AppData\Local\Windows Live 2014-01-06 23:45 - 2014-01-06 23:45 - 10885600 _____ (Pazera Jacek ) C:\Users\Roman\Documents\Pazera_Free_FLV_to_AVI_Converter.exe 2014-01-05 23:32 - 2014-01-05 23:28 - 00000000 ____D C:\Program Files\Europa Universalis 2014-01-05 23:31 - 2014-01-05 23:31 - 00001668 _____ C:\Users\Roman\Desktop\Europa Universalis.lnk 2014-01-05 23:31 - 2014-01-05 23:31 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Universalis 2014-01-03 19:50 - 2014-01-03 19:27 - 00000000 ____D C:\DVD 2 2012 2013-12-28 23:27 - 2009-11-19 22:37 - 00000000 ____D C:\ProgramData\ipla 2013-12-28 23:27 - 2009-11-19 22:36 - 00000000 ____D C:\Program Files\ipla Some content of TEMP: ==================== C:\Users\Roman\AppData\Local\temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-27 00:16 ==================== End Of Log ============================