Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01 Ran by młody (administrator) on TURBOMUZOL on 31-01-2014 20:09:48 Running from C:\Users\młody\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 8\MacDrive8ServiceD.exe (Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 8\MacDriveD.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Filefacts.net) C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MacDrive 8 application for Digidesign] - C:\Program Files\Mediafour\MacDrive 8\MacDriveD.exe [228864 2010-06-02] (Mediafour Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Smart File Advisor] - C:\Program Files (x86)\Smart File Advisor\sfa.exe [283712 2013-07-24] (Filefacts.net) HKLM-x32\...\Run: [SFAUpdater] - C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [620608 2013-10-08] (Filefacts.net) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [735936 2013-09-28] () HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-15] (Google Inc.) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 87.204.204.204 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\młody\AppData\Roaming\Mozilla\Firefox\Profiles\whv4enl2.default FF Homepage: hxxp://google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npVividasPlayer.dll ( ) FF Extension: Vividas player plugin - C:\Users\młody\AppData\Roaming\Mozilla\Firefox\Profiles\whv4enl2.default\Extensions\player@vividas.com [2013-06-12] Chrome: ======= CHR DefaultSearchKeyword: qvo6 CHR DefaultSearchProvider: qvo6 CHR DefaultSearchURL: http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD20EZRX-00DC0B0_WD-WCC30002021720217&ts=1381492144&type=default&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Extended Protection) - C:\Users\młody\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-09] CHR Extension: (Lightning Newtab) - C:\Users\młody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-10-11] CHR Extension: (Chrome In-App Payments service) - C:\Users\młody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Users\młody\AppData\Roaming\BabSolution\CR\searchgol.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\młody\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-10-11] ==================== Services (Whitelisted) ================= S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [190464 2013-09-12] (Avid Technology, Inc.) R2 MacDrive8ServiceD; C:\Program Files\Mediafour\MacDrive 8\MacDrive8ServiceD.exe [167424 2010-06-07] (Mediafour Corporation) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [499856 2014-01-02] (Cherished Technololgy LIMITED) S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 hypaudio; C:\Windows\System32\DRIVERS\hypaudio64.sys [1484800 2009-10-26] (Universal Audio, Inc.) R3 hypkern; C:\Windows\System32\drivers\hypkern64.sys [225792 2009-10-26] () R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] () R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [306280 2010-05-18] (Mediafour Corporation) R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32352 2010-05-05] (Mediafour Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-11] (Duplex Secure Ltd.) U3 swmidi; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-31 20:09 - 2014-01-31 20:09 - 02079744 _____ (Farbar) C:\Users\młody\Downloads\FRST64.exe 2014-01-31 20:09 - 2014-01-31 20:09 - 00008992 _____ C:\Users\młody\Downloads\FRST.txt 2014-01-31 20:09 - 2014-01-31 20:09 - 00000000 ____D C:\FRST 2014-01-31 17:59 - 2014-01-31 17:59 - 00000000 ____D C:\Users\młody\Documents\REAPER Media 2014-01-31 17:57 - 2014-01-31 18:02 - 00000000 ____D C:\Users\młody\AppData\Roaming\REAPER 2014-01-31 17:57 - 2014-01-31 17:57 - 00000828 _____ C:\Users\Public\Desktop\REAPER (x64).lnk 2014-01-31 17:57 - 2014-01-31 17:57 - 00000000 ____D C:\Program Files\REAPER (x64) 2014-01-31 17:57 - 2014-01-31 17:57 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2014-01-09 08:18 - 2014-01-09 08:18 - 00000000 ____D C:\Windows\SysWOW64\log 2014-01-09 08:18 - 2014-01-09 08:18 - 00000000 ____D C:\ProgramData\WPM 2014-01-05 20:09 - 2014-01-05 20:09 - 00000000 ____D C:\Program Files (x86)\PSPaudioware 2014-01-05 19:56 - 2014-01-05 19:56 - 12388721 _____ C:\Users\młody\Desktop\trailer hardzi 2.flac 2014-01-05 19:53 - 2014-01-05 19:53 - 22437750 _____ C:\Users\młody\Desktop\trailer hardzi 2 all.flac ==================== One Month Modified Files and Folders ======= 2014-01-31 20:09 - 2014-01-31 20:09 - 02079744 _____ (Farbar) C:\Users\młody\Downloads\FRST64.exe 2014-01-31 20:09 - 2014-01-31 20:09 - 00008992 _____ C:\Users\młody\Downloads\FRST.txt 2014-01-31 20:09 - 2014-01-31 20:09 - 00000000 ____D C:\FRST 2014-01-31 20:07 - 2013-07-15 16:48 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-31 20:06 - 2009-07-14 05:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-31 20:06 - 2009-07-14 05:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-31 20:03 - 2011-04-12 14:21 - 00687590 _____ C:\Windows\system32\perfh015.dat 2014-01-31 20:03 - 2011-04-12 14:21 - 00131176 _____ C:\Windows\system32\perfc015.dat 2014-01-31 20:03 - 2009-07-14 06:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-31 20:02 - 2013-04-06 20:32 - 01395104 _____ C:\Windows\WindowsUpdate.log 2014-01-31 19:59 - 2013-07-15 16:48 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-31 19:59 - 2013-05-01 21:16 - 00000000 ____D C:\ProgramData\PACE 2014-01-31 19:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-31 19:58 - 2009-07-14 05:51 - 00097381 _____ C:\Windows\setupact.log 2014-01-31 19:50 - 2013-04-18 18:50 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-31 18:45 - 2013-11-18 22:17 - 00000000 ____D C:\Users\Public\Pro Tools 2014-01-31 18:39 - 2013-11-18 22:14 - 00001943 _____ C:\Users\Public\Desktop\Pro Tools 11.lnk 2014-01-31 18:02 - 2014-01-31 17:57 - 00000000 ____D C:\Users\młody\AppData\Roaming\REAPER 2014-01-31 17:59 - 2014-01-31 17:59 - 00000000 ____D C:\Users\młody\Documents\REAPER Media 2014-01-31 17:57 - 2014-01-31 17:57 - 00000828 _____ C:\Users\Public\Desktop\REAPER (x64).lnk 2014-01-31 17:57 - 2014-01-31 17:57 - 00000000 ____D C:\Program Files\REAPER (x64) 2014-01-31 17:57 - 2014-01-31 17:57 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2014-01-31 15:44 - 2013-04-18 19:09 - 00000000 ____D C:\Users\młody\AppData\Roaming\foobar2000 2014-01-31 14:27 - 2013-07-15 16:48 - 00000000 ____D C:\Users\młody\AppData\Local\Google 2014-01-31 14:09 - 2013-07-15 16:48 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-20 16:45 - 2013-11-16 18:54 - 00000000 ____D C:\Users\młody\AppData\Roaming\Modartt 2014-01-10 08:05 - 2013-04-23 22:09 - 00000000 ____D C:\Users\młody\AppData\Roaming\vlc 2014-01-09 08:18 - 2014-01-09 08:18 - 00000000 ____D C:\Windows\SysWOW64\log 2014-01-09 08:18 - 2014-01-09 08:18 - 00000000 ____D C:\ProgramData\WPM 2014-01-09 08:18 - 2013-10-11 12:49 - 00000000 ____D C:\ProgramData\eSafe 2014-01-05 20:10 - 2013-07-16 20:30 - 00000000 ____D C:\Users\młody\Documents\Vegas Movie Studio HD Platinum 10.0 Projects 2014-01-05 20:09 - 2014-01-05 20:09 - 00000000 ____D C:\Program Files (x86)\PSPaudioware 2014-01-05 19:56 - 2014-01-05 19:56 - 12388721 _____ C:\Users\młody\Desktop\trailer hardzi 2.flac 2014-01-05 19:53 - 2014-01-05 19:53 - 22437750 _____ C:\Users\młody\Desktop\trailer hardzi 2 all.flac Some content of TEMP: ==================== C:\Users\młody\AppData\Local\Temp\AxSFADownloader.exe C:\Users\młody\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-24 14:44 ==================== End Of Log ============================