Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-05-2014 Ran by user (administrator) on MATRIX on 05-05-2014 10:54:55 Running from C:\Users\user\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe () C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe () C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\Jump Flip\bin\JumpFlip.BrowserAdapter.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () D:\GRY\League of Legends\RADS\system\rads_user_kernel.exe () D:\GRY\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.206\deploy\LoLLauncher.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-31] (AVAST Software) HKU\S-1-5-21-2665649171-2446866970-2032620597-1000\...\Run: [BANDICAM] => C:\Program Files (x86)\Bandicam\bdcam.exe [1053872 2011-10-24] (www.Bandisoft.com) HKU\S-1-5-21-2665649171-2446866970-2032620597-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-2665649171-2446866970-2032620597-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [740216 2012-03-03] (BitTorrent, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: No Name - {11111111-1111-1111-1111-110411411160} - No File BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File DPF: HKLM-x32 {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} http://192.162.92.22/IPCamPluginMegaDM.cab DPF: HKLM-x32 {8768D5EA-5412-4810-A032-09AD2A726C69} http://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default FF Homepage: google.pl FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2836015&SearchSource=2&CUI=UN68443508318049254&UM=&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: 4game.com/plugin - C:\Program Files (x86)\4game\4game\npplugin4game.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\searchplugins\conduit.xml FF Extension: Widget context - C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-01-13] FF Extension: vis - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-11-03] FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2011-09-18] FF Extension: DownloadHelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-29] FF Extension: Iplex to ALLPlayer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2011-12-02] FF Extension: Easy YouTube Video Downloader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-07-28] FF Extension: Web Developer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-08-07] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-27] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-31] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-07-31] Chrome: ======= CHR HomePage: hxxp://www.gazeta.pl/0,0.html?p=128 CHR StartupUrls: "hxxp://google.pl/" CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (4game) - C:\Program Files (x86)\4game\npplugin4game.dll No File CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) CHR Plugin: (SOE Web Installer) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jc3ig7oo.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-30] CHR Extension: (Dysk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-30] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-30] CHR Extension: (Szukaj w Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-30] CHR Extension: (Photoblog.pl) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfmdpbbamddodobfneccfclbmjolhfn [2013-10-11] CHR Extension: (VIS) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-10-27] CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-30] CHR Extension: (Custom new tab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkijekempmdlleaimfelifcejbkmcd [2013-08-13] CHR Extension: (Przycisk Google +1) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2013-10-11] CHR Extension: (Download Master) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2013-07-28] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-08-12] CHR Extension: (Widget context) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-01-14] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-30] CHR HKLM-x32\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files (x86)\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx [2013-05-30] CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-31] (AVAST Software) S3 DAUpdaterSvc; D:\GRY\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-07-26] (BioWare) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] () S2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-03-02] () R2 Update Jump Flip; C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [316704 2014-05-04] () R2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [316704 2014-05-04] () ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-31] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-31] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-31] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-31] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-31] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-31] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-31] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-04-05] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-21] (Disc Soft Ltd) S4 e499e4613efaba4d; C:\Windows\System32\Drivers\e499e4613efaba4d.sys [77776 2014-03-31] () R0 FancyCcD; C:\Windows\System32\DRIVERS\rxfcd.sys [129984 2012-04-19] (Romex Software) S3 flashusb; C:\Windows\System32\DRIVERS\flashusb.sys [19968 2012-02-27] (Danish Wireless Design A/S) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-04-05] () S4 LMIRfsClientNP; No ImagePath S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203104 2012-09-19] (DEVGURU Co., LTD.(www.devguru.co.kr)) R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG) R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-17] (StdLib) U3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] S4 NVHDA; system32\drivers\nvhda64v.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] S3 Passthru; system32\DRIVERS\PPFlt.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 X6va005; \??\C:\Users\user\AppData\Local\Temp\0058067.tmp [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-05 10:54 - 2014-05-05 10:55 - 00022112 _____ () C:\Users\user\Desktop\FRST.txt 2014-05-05 10:53 - 2014-05-05 10:54 - 00000000 ____D () C:\FRST 2014-05-05 10:52 - 2014-05-05 10:53 - 02062336 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-05-05 10:52 - 2014-05-05 10:52 - 00370943 _____ () C:\Users\user\Desktop\gmer.zip 2014-05-05 10:16 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-05 10:16 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-05 10:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-05 10:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-05 10:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-05 10:16 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-05 10:16 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-05 10:16 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-05 10:15 - 2014-05-05 10:27 - 00000000 ____D () C:\Qoobox 2014-05-05 10:15 - 2014-05-05 10:25 - 00000000 ____D () C:\Windows\erdnt 2014-05-05 10:14 - 2014-05-05 10:27 - 00000000 ____D () C:\Users\user\Desktop\logi 2014-05-05 09:58 - 2014-05-05 10:00 - 05197895 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2014-05-05 08:40 - 2014-05-05 10:45 - 00000336 _____ () C:\Windows\setupact.log 2014-05-05 08:40 - 2014-05-05 08:40 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-01 21:39 - 2014-05-01 21:39 - 00001102 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-05-01 21:39 - 2014-05-01 21:39 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-05-01 21:39 - 2014-05-01 21:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software 2014-05-01 21:39 - 2014-05-01 21:39 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software 2014-05-01 21:38 - 2014-05-01 21:39 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-01 21:28 - 2014-05-01 21:37 - 34718824 _____ (Opera Software ASA) C:\Users\user\Desktop\Opera_20.0.1387.91_Setup.exe 2014-04-17 09:41 - 2014-04-17 09:41 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys ==================== One Month Modified Files and Folders ======= 2014-05-05 10:55 - 2014-05-05 10:54 - 00022112 _____ () C:\Users\user\Desktop\FRST.txt 2014-05-05 10:54 - 2014-05-05 10:53 - 00000000 ____D () C:\FRST 2014-05-05 10:53 - 2014-05-05 10:52 - 02062336 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-05-05 10:52 - 2014-05-05 10:52 - 00370943 _____ () C:\Users\user\Desktop\gmer.zip 2014-05-05 10:49 - 2014-03-31 20:06 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-05 10:48 - 2011-12-23 17:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-05-05 10:45 - 2014-05-05 08:40 - 00000336 _____ () C:\Windows\setupact.log 2014-05-05 10:36 - 2014-01-03 08:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\AIMP3 2014-05-05 10:28 - 2011-11-02 22:04 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2665649171-2446866970-2032620597-1000UA.job 2014-05-05 10:27 - 2014-05-05 10:15 - 00000000 ____D () C:\Qoobox 2014-05-05 10:27 - 2014-05-05 10:14 - 00000000 ____D () C:\Users\user\Desktop\logi 2014-05-05 10:27 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-05-05 10:26 - 2012-11-19 18:42 - 00000000 ____D () C:\Dxtory Records 2014-05-05 10:25 - 2014-05-05 10:15 - 00000000 ____D () C:\Windows\erdnt 2014-05-05 10:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-05 10:14 - 2013-02-10 01:25 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-05 10:07 - 2011-07-27 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-05 10:00 - 2014-05-05 09:58 - 05197895 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2014-05-05 09:31 - 2011-07-28 00:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent 2014-05-05 09:28 - 2011-11-02 22:04 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2665649171-2446866970-2032620597-1000Core.job 2014-05-05 09:24 - 2013-07-17 17:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic 2014-05-05 08:40 - 2014-05-05 08:40 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-05 08:22 - 2009-07-14 06:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-05 08:22 - 2009-07-14 06:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-05 08:20 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini 2014-05-05 08:18 - 2013-03-21 16:43 - 01643161 ____N () C:\Windows\WindowsUpdate.log 2014-05-05 08:15 - 2012-11-19 17:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-05 08:14 - 2013-02-10 01:25 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-05 08:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-04 19:48 - 2011-09-13 20:29 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C8AAF173-64DE-477B-957F-7C01EF08ED17} 2014-05-02 08:21 - 2013-10-14 13:26 - 00000000 ____D () C:\Users\user\Desktop\karinaaa 2014-05-01 23:34 - 2013-07-10 14:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\GG 2014-05-01 21:39 - 2014-05-01 21:39 - 00001102 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-05-01 21:39 - 2014-05-01 21:39 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-05-01 21:39 - 2014-05-01 21:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software 2014-05-01 21:39 - 2014-05-01 21:39 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software 2014-05-01 21:39 - 2014-05-01 21:38 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-01 21:37 - 2014-05-01 21:28 - 34718824 _____ (Opera Software ASA) C:\Users\user\Desktop\Opera_20.0.1387.91_Setup.exe 2014-04-29 17:09 - 2014-01-07 17:48 - 00000000 ____D () C:\Users\user\Desktop\anita 2014-04-29 17:09 - 2013-08-25 10:55 - 00019456 ____H () C:\Users\user\Desktop\photothumb.db 2014-04-29 16:51 - 2014-03-31 20:06 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 16:50 - 2014-03-31 20:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 16:50 - 2014-03-31 20:06 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 09:54 - 2013-07-10 14:31 - 00000000 ____D () C:\Users\user\AppData\Local\GG 2014-04-22 08:40 - 2014-01-21 16:45 - 00000000 ____D () C:\Program Files (x86)\Jump Flip 2014-04-19 17:37 - 2009-07-14 07:13 - 00013924 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-19 14:03 - 2011-11-02 22:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-18 09:34 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-17 19:09 - 2012-08-22 08:09 - 00000000 ____D () C:\Users\user\Documents\Pliki programu Outlook 2014-04-17 19:08 - 2011-08-20 10:25 - 00013924 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-17 09:41 - 2014-04-17 09:41 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-04-06 13:18 - 2011-07-04 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-06 10:40 - 2014-01-04 20:19 - 00002030 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk 2014-04-05 18:09 - 2013-02-10 01:25 - 00004040 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-05 18:09 - 2013-02-10 01:25 - 00003788 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-04-30 08:05 ==================== End Of Log ============================