Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014 Ran by Ja (administrator) on JA-KOMPUTER on 21-02-2014 20:11:16 Running from C:\Users\Ja\Desktop\1\repair Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AMD) C:\Windows\system32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Scarlet.Crush Productions) C:\ScpServer\bin\ScpService.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (OldTimer Tools) C:\Users\Ja\Desktop\1\repair\OTL.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-06] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-2050157462-3771309269-2174251743-1000\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Ja\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 7428941a924b47d0b54f19294685dba0-5ec0df5c7ad297c48671080a2d9e94ef07673fe6 --CMPID 0913b HKU\S-1-5-21-2050157462-3771309269-2174251743-1000\...\Run: [Raptr] - C:\Program Files\Raptr\raptrstub.exe [55360 2014-02-18] (Raptr, Inc) HKU\S-1-5-21-2050157462-3771309269-2174251743-1000\...\MountPoints2: {76e66cb8-0549-11e2-9066-c86000613253} - H:\setup.exe HKU\S-1-5-21-2050157462-3771309269-2174251743-1000\...\MountPoints2: {e1e9711a-ac6b-11e1-b035-c86000613253} - G:\Startme.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1388523169&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U377518675186&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=43251&st=home&tid=3623&ver=3.1&ts=1367846070841&tguid=43251-3623-1367846070841-BECAC9D111A3B10EA8652BBA783B3F73 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1388523169&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U377518675186&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1388523169&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U377518675186&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1388523169&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U377518675186&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=43251&st=home&tid=3623&ver=3.1&ts=1367846070841&tguid=43251-3623-1367846070841-BECAC9D111A3B10EA8652BBA783B3F73 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=43251&st=bs&tid=3623&ver=3.1&ts=1367846070841&tguid=43251-3623-1367846070841-BECAC9D111A3B10EA8652BBA783B3F73&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=43251&st=bs&tid=3623&ver=3.1&ts=1367846070841&tguid=43251-3623-1367846070841-BECAC9D111A3B10EA8652BBA783B3F73&q={searchTerms} SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=43251&st=bs&tid=3623&ver=2.9&ts=1367846070841&tguid=43251-3623-1367846070841-BECAC9D111A3B10EA8652BBA783B3F73&q={searchTerms} SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.mocaflix.com/?l=1&q={searchTerms} SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=43251&st=bs&tid=3623&ver=2.9&ts=1367846070841&tguid=43251-3623-1367846070841-BECAC9D111A3B10EA8652BBA783B3F73&q={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: continueytoesaave - {6CF4BCD6-4A43-F5EF-E8B0-7A22F9D7E0A2} - C:\ProgramData\continueytoesaave\513de073a1a4a.dll No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Hosts: 64.120.230.218 karachan.org www.karachan.org FireFox: ======== FF ProfilePath: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\g3rd9gbx.default-1369740492541 FF user.js: detected! => C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\g3rd9gbx.default-1369740492541\user.js FF NetworkProxy: "backup.ftp", "" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "87.98.239.3" FF NetworkProxy: "http", "87.98.239.3" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "87.98.239.3" FF NetworkProxy: "ssl", "87.98.239.3" FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: Adblock Plus - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\g3rd9gbx.default-1369740492541\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-27] FF Extension: Greasemonkey - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\g3rd9gbx.default-1369740492541\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-08-16] Chrome: ======= CHR HomePage: hxxp://search.certified-toolbar.com?si=43251&st=home&tid=3623&ver=3.1&ts=1367846070841&tguid=43251-3623-1367846070841-BECAC9D111A3B10EA8652BBA783B3F73 CHR Extension: (continueytoesaave) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dghejoldgoiogjolgdkdeehnldkoaoif [2013-03-11] CHR Extension: (DealPly Shopping) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci [2013-05-25] CHR HKLM\...\Chrome\Extension: [afahcbnbnlolfhfmbigbdkdkaebmjpid] - C:\ProgramData\Download and Sa\afahcbnbnlolfhfmbigbdkdkaebmjpid.crx [2013-05-25] CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click12.crx [2013-05-25] CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Ja\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-04-17] CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Ja\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader10.crx [2012-04-17] CHR HKCU\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Ja\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-04-17] CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Ja\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17] ========================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-12-06] (Advanced Micro Devices, Inc.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-05-28] () R2 Ds3Service; C:\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1677648 2014-02-04] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-02-04] (LogMeIn, Inc.) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50432 2013-09-19] (Advanced Micro Devices) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-08-23] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2014-02-21] () R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-06-09] (DT Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2014-02-21] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-17] () R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-01] (MCCI Corporation) R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [33024 2013-05-05] (Scarlet.Crush Productions) S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WinRing0_1_2_0; \??\C:\gry\Game Booster 3\Driver\WinRing0.sys [X] S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-21 20:09 - 2014-02-21 20:09 - 00131072 ____N () C:\Windows\Minidump\022114-28236-01.dmp 2014-02-21 20:04 - 2014-02-21 20:04 - 00144328 _____ () C:\Windows\Minidump\022114-31418-01.dmp 2014-02-21 20:00 - 2014-02-21 20:00 - 00208288 _____ (Tagès SA) C:\Users\Ja\Downloads\TagesSetup.exe 2014-02-21 19:56 - 2014-02-21 20:00 - 00000000 ____D () C:\Program Files\Driver Cleaner 2014-02-21 19:55 - 2014-02-21 19:55 - 00000000 ____D () C:\Users\Ja\Downloads\Driver_Cleaner3.3[www.instalki.pl] 2014-02-21 17:43 - 2014-02-21 20:11 - 00000000 ____D () C:\FRST 2014-02-21 15:38 - 2014-02-21 15:38 - 00144328 _____ () C:\Windows\Minidump\022114-25116-01.dmp 2014-02-21 15:23 - 2014-02-21 15:23 - 00144328 _____ () C:\Windows\Minidump\022114-25084-01.dmp 2014-02-21 14:44 - 2014-02-21 14:44 - 00144328 _____ () C:\Windows\Minidump\022114-32214-01.dmp 2014-02-21 14:29 - 2014-02-21 14:29 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax 2014-02-20 20:21 - 2014-02-21 19:50 - 00000000 ____D () C:\Users\Ja\Documents\g-senjou no maou english savedata 2014-02-20 20:21 - 2014-02-20 22:10 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\savedata 2014-02-20 18:07 - 2014-02-20 18:07 - 00131072 ____N () C:\Windows\Minidump\022014-28891-01.dmp 2014-02-20 17:11 - 2014-02-20 17:11 - 00000000 ____D () C:\Program Files\Sapphire TRIXX 2014-02-20 16:49 - 2014-02-20 16:49 - 00131072 ____N () C:\Windows\Minidump\022014-40373-01.dmp 2014-02-20 16:07 - 2014-02-20 16:07 - 00131072 ____N () C:\Windows\Minidump\022014-40201-01.dmp 2014-02-20 15:47 - 2014-02-20 15:47 - 00144328 _____ () C:\Windows\Minidump\022014-50107-01.dmp 2014-02-20 15:38 - 2014-02-20 15:38 - 00000000 ____D () C:\ProgramData\ATI 2014-02-20 15:37 - 2014-02-20 15:37 - 00059023 _____ () C:\Windows\system32\CCCInstall_201402201537356233.log 2014-02-20 15:37 - 2014-02-20 15:37 - 00000000 ____D () C:\Program Files\AMD AVT 2014-02-20 15:23 - 2014-02-20 15:23 - 00000000 ____D () C:\ProgramData\Package Cache 2014-02-20 15:19 - 2014-02-21 20:09 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\Raptr 2014-02-20 15:19 - 2014-02-20 15:19 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2014-02-20 15:19 - 2014-02-20 15:19 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\library_dir 2014-02-20 15:18 - 2014-02-20 17:02 - 00000000 ____D () C:\Program Files\Raptr 2014-02-20 14:16 - 2014-02-20 14:16 - 00131072 ____N () C:\Windows\Minidump\022014-33181-01.dmp 2014-02-20 11:29 - 2014-02-20 11:29 - 00131072 ____N () C:\Windows\Minidump\022014-30529-01.dmp 2014-02-20 11:19 - 2014-02-20 11:19 - 00000000 ____D () C:\Users\Ja\Documents\Vindictus EU 2014-02-20 09:39 - 2014-02-20 09:39 - 00000000 ____D () C:\Users\Ja\AppData\Local\Akamai 2014-02-20 08:57 - 2014-02-20 08:57 - 00000790 _____ () C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-02-16 08:46 - 2014-02-20 11:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-09 15:44 - 2014-02-19 12:51 - 00000000 ____D () C:\Users\Ja\Downloads\VisualBoyAdvance1.8.0-beta3 2014-02-09 15:39 - 2014-02-09 15:39 - 00000000 ____D () C:\Program Files\Pokemon ROM Downloader 2014-02-05 13:39 - 2014-02-05 13:39 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-01-31 20:13 - 2014-01-31 20:13 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-31 20:13 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-31 20:13 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-31 20:13 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-31 20:13 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-30 20:09 - 2014-02-03 19:28 - 00000000 ____D () C:\Users\Ja\Documents\Witcher 2 2014-01-30 20:09 - 2014-01-30 20:09 - 00000000 ____D () C:\Users\Ja\AppData\Local\The Witcher 2 2014-01-26 19:27 - 2014-01-27 21:17 - 00013473 _____ () C:\post regiment.m3u ==================== One Month Modified Files and Folders ======= 2014-02-21 20:11 - 2014-02-21 17:43 - 00000000 ____D () C:\FRST 2014-02-21 20:10 - 2013-04-02 12:56 - 00000000 ____D () C:\Users\Ja\Desktop\1 2014-02-21 20:10 - 2012-08-24 16:00 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\Skype 2014-02-21 20:09 - 2014-02-21 20:09 - 00131072 ____N () C:\Windows\Minidump\022114-28236-01.dmp 2014-02-21 20:09 - 2014-02-20 15:19 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\Raptr 2014-02-21 20:09 - 2012-09-02 14:20 - 00000000 ____D () C:\Users\Ja\AppData\Local\LogMeIn Hamachi 2014-02-21 20:09 - 2012-06-18 06:32 - 00000000 ____D () C:\Windows\Minidump 2014-02-21 20:09 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-21 20:09 - 2009-07-14 05:39 - 00328342 _____ () C:\Windows\setupact.log 2014-02-21 20:04 - 2014-02-21 20:04 - 00144328 _____ () C:\Windows\Minidump\022114-31418-01.dmp 2014-02-21 20:04 - 2013-01-31 13:44 - 311202881 _____ () C:\Windows\MEMORY.DMP 2014-02-21 20:01 - 2013-03-30 16:56 - 00083872 _____ () C:\Windows\system32\Drivers\atksgt.sys 2014-02-21 20:01 - 2013-03-30 16:56 - 00025888 _____ () C:\Windows\system32\Drivers\lirsgt.sys 2014-02-21 20:00 - 2014-02-21 20:00 - 00208288 _____ (Tagès SA) C:\Users\Ja\Downloads\TagesSetup.exe 2014-02-21 20:00 - 2014-02-21 19:56 - 00000000 ____D () C:\Program Files\Driver Cleaner 2014-02-21 19:55 - 2014-02-21 19:55 - 00000000 ____D () C:\Users\Ja\Downloads\Driver_Cleaner3.3[www.instalki.pl] 2014-02-21 19:50 - 2014-02-20 20:21 - 00000000 ____D () C:\Users\Ja\Documents\g-senjou no maou english savedata 2014-02-21 17:54 - 2009-07-14 05:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-21 17:54 - 2009-07-14 05:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-21 17:21 - 2012-05-12 14:34 - 00000000 ____D () C:\ProgramData\MFAData 2014-02-21 16:41 - 2012-05-11 00:50 - 01635932 _____ () C:\Windows\WindowsUpdate.log 2014-02-21 15:42 - 2012-05-11 06:56 - 01664708 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-21 15:42 - 2009-08-04 08:21 - 00730322 _____ () C:\Windows\system32\perfh015.dat 2014-02-21 15:42 - 2009-08-04 08:21 - 00154436 _____ () C:\Windows\system32\perfc015.dat 2014-02-21 15:38 - 2014-02-21 15:38 - 00144328 _____ () C:\Windows\Minidump\022114-25116-01.dmp 2014-02-21 15:38 - 2012-05-12 14:02 - 00566472 _____ () C:\Windows\PFRO.log 2014-02-21 15:23 - 2014-02-21 15:23 - 00144328 _____ () C:\Windows\Minidump\022114-25084-01.dmp 2014-02-21 15:18 - 2012-05-12 16:18 - 00000000 ____D () C:\gry 2014-02-21 15:17 - 2013-03-30 16:44 - 00000000 ____D () C:\Users\Public\Documents\The Witcher 2014-02-21 15:15 - 2012-05-12 13:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-21 15:10 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-21 14:44 - 2014-02-21 14:44 - 00144328 _____ () C:\Windows\Minidump\022114-32214-01.dmp 2014-02-21 14:29 - 2014-02-21 14:29 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax 2014-02-21 14:04 - 2012-05-11 06:53 - 00000000 ____D () C:\Users\Ja 2014-02-21 13:47 - 2012-08-03 08:50 - 00000000 ____D () C:\Users\Ja\AppData\Local\PMB Files 2014-02-21 13:47 - 2012-08-03 08:50 - 00000000 ____D () C:\ProgramData\PMB Files 2014-02-21 12:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-20 22:10 - 2014-02-20 20:21 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\savedata 2014-02-20 20:21 - 2012-05-12 20:00 - 00000000 ____D () C:\Program Files\download 2014-02-20 18:07 - 2014-02-20 18:07 - 00131072 ____N () C:\Windows\Minidump\022014-28891-01.dmp 2014-02-20 17:11 - 2014-02-20 17:11 - 00000000 ____D () C:\Program Files\Sapphire TRIXX 2014-02-20 17:02 - 2014-02-20 15:18 - 00000000 ____D () C:\Program Files\Raptr 2014-02-20 16:49 - 2014-02-20 16:49 - 00131072 ____N () C:\Windows\Minidump\022014-40373-01.dmp 2014-02-20 16:07 - 2014-02-20 16:07 - 00131072 ____N () C:\Windows\Minidump\022014-40201-01.dmp 2014-02-20 15:47 - 2014-02-20 15:47 - 00144328 _____ () C:\Windows\Minidump\022014-50107-01.dmp 2014-02-20 15:38 - 2014-02-20 15:38 - 00000000 ____D () C:\ProgramData\ATI 2014-02-20 15:37 - 2014-02-20 15:37 - 00059023 _____ () C:\Windows\system32\CCCInstall_201402201537356233.log 2014-02-20 15:37 - 2014-02-20 15:37 - 00000000 ____D () C:\Program Files\AMD AVT 2014-02-20 15:37 - 2013-04-30 17:09 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-02-20 15:37 - 2013-04-29 17:20 - 00000000 ____D () C:\ProgramData\AMD 2014-02-20 15:34 - 2013-04-30 17:12 - 00000000 ____D () C:\Program Files\AMD 2014-02-20 15:23 - 2014-02-20 15:23 - 00000000 ____D () C:\ProgramData\Package Cache 2014-02-20 15:19 - 2014-02-20 15:19 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2014-02-20 15:19 - 2014-02-20 15:19 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\library_dir 2014-02-20 14:16 - 2014-02-20 14:16 - 00131072 ____N () C:\Windows\Minidump\022014-33181-01.dmp 2014-02-20 11:52 - 2013-02-24 14:37 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\VDownloader 2014-02-20 11:51 - 2013-02-24 14:37 - 00000000 ____D () C:\Program Files\VDownloader 2014-02-20 11:42 - 2012-05-30 19:00 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\uTorrent 2014-02-20 11:29 - 2014-02-20 11:29 - 00131072 ____N () C:\Windows\Minidump\022014-30529-01.dmp 2014-02-20 11:22 - 2012-05-12 14:10 - 00000000 ____D () C:\Users\Ja\AppData\Roaming\GG 2014-02-20 11:19 - 2014-02-20 11:19 - 00000000 ____D () C:\Users\Ja\Documents\Vindictus EU 2014-02-20 11:02 - 2014-02-16 08:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-20 10:59 - 2012-07-15 09:19 - 00000000 ____D () C:\Program Files\BandiMPEG1 2014-02-20 09:39 - 2014-02-20 09:39 - 00000000 ____D () C:\Users\Ja\AppData\Local\Akamai 2014-02-20 09:34 - 2013-05-12 17:02 - 00000000 ____D () C:\Users\Ja\AppData\Local\Warframe 2014-02-20 08:57 - 2014-02-20 08:57 - 00000790 _____ () C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-02-20 08:57 - 2012-05-30 19:01 - 00000000 ____D () C:\Program Files\uTorrent 2014-02-19 12:51 - 2014-02-09 15:44 - 00000000 ____D () C:\Users\Ja\Downloads\VisualBoyAdvance1.8.0-beta3 2014-02-16 14:30 - 2012-05-11 19:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-16 12:51 - 2013-12-31 19:58 - 00000000 ____D () C:\tor 2014-02-09 15:39 - 2014-02-09 15:39 - 00000000 ____D () C:\Program Files\Pokemon ROM Downloader 2014-02-09 13:49 - 2013-12-31 21:53 - 00000000 ____D () C:\Users\Ja\AppData\Local\genienext 2014-02-09 13:49 - 2013-12-31 21:53 - 00000000 ____D () C:\Program Files\Mobogenie 2014-02-09 13:49 - 2012-11-28 18:14 - 00000000 ____D () C:\ProgramData\InstallMate 2014-02-09 13:49 - 2012-06-09 19:59 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter 2014-02-05 13:39 - 2014-02-05 13:39 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-02-03 19:28 - 2014-01-30 20:09 - 00000000 ____D () C:\Users\Ja\Documents\Witcher 2 2014-02-03 18:47 - 2012-05-13 10:57 - 00000000 ____D () C:\Users\Ja\Documents\My Games 2014-01-31 20:14 - 2013-09-11 15:00 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-31 20:13 - 2014-01-31 20:13 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-31 20:13 - 2012-05-12 14:06 - 00000000 ____D () C:\Program Files\Java 2014-01-30 20:09 - 2014-01-30 20:09 - 00000000 ____D () C:\Users\Ja\AppData\Local\The Witcher 2 2014-01-28 22:19 - 2013-11-20 17:12 - 00000000 ____D () C:\Users\Ja\AppData\Local\The Witcher 2014-01-27 21:17 - 2014-01-26 19:27 - 00013473 _____ () C:\post regiment.m3u 2014-01-26 19:24 - 2013-12-07 09:26 - 00000000 ____D () C:\mu 2014-01-25 23:07 - 2012-12-27 16:01 - 00000000 ____D () C:\MHFU save Some content of TEMP: ==================== C:\Users\Ja\AppData\Local\Temp\13-12_win7_win8_32_dd_ccc_whql.exe C:\Users\Ja\AppData\Local\Temp\6_Offer_5.exe C:\Users\Ja\AppData\Local\Temp\app.EXE C:\Users\Ja\AppData\Local\Temp\AutoRun.exe C:\Users\Ja\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Ja\AppData\Local\Temp\bdfilters.dll C:\Users\Ja\AppData\Local\Temp\binkw32.dll C:\Users\Ja\AppData\Local\Temp\Core.dll C:\Users\Ja\AppData\Local\Temp\cres.dll C:\Users\Ja\AppData\Local\Temp\cshell.dll C:\Users\Ja\AppData\Local\Temp\d2l_Install.exe C:\Users\Ja\AppData\Local\Temp\DownloadManager.exe C:\Users\Ja\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Ja\AppData\Local\Temp\drm_dyndata_7380014.dll C:\Users\Ja\AppData\Local\Temp\drm_dyndata_7400009.dll C:\Users\Ja\AppData\Local\Temp\drm_dyndata_7410004.dll C:\Users\Ja\AppData\Local\Temp\eauninstall.exe C:\Users\Ja\AppData\Local\Temp\etc3vaqs.dll C:\Users\Ja\AppData\Local\Temp\FastDownload.exe C:\Users\Ja\AppData\Local\Temp\gg10.upgr.exe C:\Users\Ja\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Ja\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Ja\AppData\Local\Temp\installstats.exe C:\Users\Ja\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.1-R2.0-b2340jnks.dll C:\Users\Ja\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\Ja\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Ja\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe C:\Users\Ja\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Ja\AppData\Local\Temp\msvcr80.dll C:\Users\Ja\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\Ja\AppData\Local\Temp\NGM.exe C:\Users\Ja\AppData\Local\Temp\NGMDll.dll C:\Users\Ja\AppData\Local\Temp\NGMResource.dll C:\Users\Ja\AppData\Local\Temp\raptrpatch.exe C:\Users\Ja\AppData\Local\Temp\Setup.exe C:\Users\Ja\AppData\Local\Temp\SimPack.exe C:\Users\Ja\AppData\Local\Temp\SkypeSetup.exe C:\Users\Ja\AppData\Local\Temp\sres.dll C:\Users\Ja\AppData\Local\Temp\SRLDetectionLibrary4610501813414630313.dll C:\Users\Ja\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Ja\AppData\Local\Temp\tmpCA9E.exe C:\Users\Ja\AppData\Local\Temp\tmpF72A.exe C:\Users\Ja\AppData\Local\Temp\Tsu6A7FE846.dll C:\Users\Ja\AppData\Local\Temp\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll C:\Users\Ja\AppData\Local\Temp\ubiE5BE.tmp.exe C:\Users\Ja\AppData\Local\Temp\unicows.dll C:\Users\Ja\AppData\Local\Temp\utt8C90.tmp.exe C:\Users\Ja\AppData\Local\Temp\Window.dll C:\Users\Ja\AppData\Local\Temp\YontooSetup-S.exe C:\Users\Ja\AppData\Local\Temp\zlib1.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-21 12:48 ==================== End Of Log ============================