Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 ([color=red]ATTENTION: ====> FRST version is 27 days old and could be outdated[/color]) Ran by Grzegorz (administrator) on 1Q21WS on 09-04-2014 09:59:27 Running from C:\Users\Grzegorz\Downloads Microsoft Windows 7 Home Premium (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe () C:\Program Files\Expresso\ExtensionUpdaterService.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Sony DADC Austria AG.) C:\Windows\system32\UAService7.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgemcx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices, Inc.) C:\Users\Grzegorz\AppData\Roaming\AMD 3DVision Control Center\atidimsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MsoSync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [GG] - C:\Users\Grzegorz\AppData\Local\GG\Application\gghub.exe [4023360 2014-04-04] (GG Network S.A.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [AMD CATALYST™ HydraVision Dynamic Link] - C:\Users\Grzegorz\AppData\Roaming\Innuendo Logic\aticfx32.exe [275968 2013-08-13] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: J - J:\RunGame.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: K - K:\RunGame.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {45c060a6-263a-11e0-86df-001a4d6d98b2} - J:\RunGame.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {5b0c5aca-24e2-11e2-8f52-001a4d6d98b2} - K:\autorun.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {d915cbae-5dcf-11e0-a283-001a4d6d98b2} - K:\OriginInstaller.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {e8aec489-cddb-11e1-9677-001a4d6d98b2} - J:\RunGame.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Winlogon: [Shell] C:\Users\Grzegorz\AppData\Local\84197c4d\X [30720 2011-12-03] () ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - URL http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=38AF001A4D6D98B2&affID=125032&tsp=5028 SearchScopes: HKCU - 63C312B198E8492E95F9B7F42AF38624 URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=cd320bb6-32b0-4533-ab37-8424e67dcb00&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=2&src=sp&cf=&q={searchTerms} SearchScopes: HKCU - {B4D1E127-FE08-43F0-A8D2-7323A321C978} URL = http://www.resultscan.com/?prt=RstscnAMON&keywords={searchTerms} SearchScopes: HKCU - {BC7F5443-FD45-476F-9DEB-149AA5C0BC52} URL = SearchScopes: HKCU - {C84D42AB-FE3E-467F-B2E2-06740616EA76} URL = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=718 SearchScopes: HKCU - {D5A8030F-1D56-4552-A780-B58ABF59EC19} URL = http://search.avg.com/?d=4de0c382&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: sleekseek - {33026f2b-918a-904c-b97b-dd0ced5c9d54} - C:\Windows\system32\eec92006.dll () BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Expresso - {A6629839-6636-4998-95D6-2B0F52141861} - C:\Program Files\Expresso\Extension32.dll () BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) FireFox: ======== FF ProfilePath: C:\Users\Grzegorz\AppData\Roaming\Mozilla\Firefox\Profiles\0pprcq4t.default FF SearchEngineOrder.3: Bing FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Grzegorz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Extension: ImTranslator - C:\Users\Grzegorz\AppData\Roaming\Mozilla\Firefox\Profiles\0pprcq4t.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-10-26] FF Extension: z - C:\Program Files\Mozilla Firefox\extensions\{1436b050-09ff-484a-516e-7ce6b124a3b7} [2014-03-29] FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\ FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4\ [] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-01] FF HKLM\...\Firefox\Extensions: [{A6629839-6636-4998-95D6-2B0F52141861}] - C:\Program Files\Expresso\Firefox FF Extension: Expresso - C:\Program Files\Expresso\Firefox [2012-04-24] ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.) R2 Expresso Updater; C:\Program Files\Expresso\ExtensionUpdaterService.exe [183296 2012-03-05] () R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-08-10] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-08-10] () R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) R2 UserAccess7; C:\Windows\system32\UAService7.exe [139264 2011-05-13] (Sony DADC Austria AG.) ==================== Drivers (Whitelisted) ==================== U3 84197c4d; C:\Windows\1299978628:2078704562.exe [0 ] () R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-08-16] (ATI Technologies, Inc.) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] () R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-14] (DT Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-30] (LogMeIn, Inc.) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) S3 sony_ssm.sys; C:\Users\Grzegorz\AppData\Local\Temp\sony_ssm.sys [6432 2013-12-25] (Sony DADC Austria AG.) R3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 09:59 - 2014-04-09 09:59 - 00016124 _____ () C:\Users\Grzegorz\Downloads\FRST.txt 2014-04-09 09:59 - 2014-04-09 09:59 - 00000000 ____D () C:\Users\Grzegorz\Desktop\Nowy folder 2014-04-09 09:58 - 2014-04-09 09:59 - 00000000 ____D () C:\FRST 2014-04-09 09:57 - 2014-04-09 09:57 - 01145856 _____ (Farbar) C:\Users\Grzegorz\Downloads\FRST.exe 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-04-08 20:55 - 2013-12-01 15:10 - 00218200 _____ () C:\Windows\system32\unrar.dll 2014-03-29 20:39 - 2014-03-29 20:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-27 19:44 - 2014-03-27 19:44 - 00045056 _____ (ToCA EDIT) C:\Users\Grzegorz\Desktop\Need For Speed Underground 2 - trainer.exe 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ___RD () C:\Program Files\Skype 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Skype 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2014-04-09 09:59 - 2014-04-09 09:59 - 00016124 _____ () C:\Users\Grzegorz\Downloads\FRST.txt 2014-04-09 09:59 - 2014-04-09 09:59 - 00000000 ____D () C:\Users\Grzegorz\Desktop\Nowy folder 2014-04-09 09:59 - 2014-04-09 09:58 - 00000000 ____D () C:\FRST 2014-04-09 09:57 - 2014-04-09 09:57 - 01145856 _____ (Farbar) C:\Users\Grzegorz\Downloads\FRST.exe 2014-04-09 09:54 - 2013-09-05 16:07 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-09 09:42 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 09:42 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 09:38 - 2011-01-22 17:40 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\Skype 2014-04-09 09:37 - 2013-12-16 14:40 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\GG 2014-04-09 09:37 - 2013-12-08 14:37 - 00011471 _____ () C:\Windows\setupact.log 2014-04-09 09:37 - 2011-01-28 15:52 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Adobe 2014-04-09 09:37 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-09 09:36 - 2011-01-20 22:44 - 00443490 _____ () C:\Windows\PFRO.log 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-04-06 18:00 - 2011-01-20 23:00 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-06 18:00 - 2009-07-14 10:07 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2014-04-06 18:00 - 2009-07-14 10:07 - 00155268 _____ () C:\Windows\system32\perfc015.dat 2014-04-05 13:18 - 2014-01-25 19:47 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\.minecraft 2014-04-05 11:58 - 2011-01-20 22:48 - 01659705 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 17:18 - 2013-12-16 14:41 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\GG 2014-04-02 18:12 - 2012-02-06 20:32 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\NFS Underground 2 2014-04-01 19:43 - 2009-07-14 06:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-30 18:58 - 2012-04-29 20:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-29 20:40 - 2014-03-29 20:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-27 19:44 - 2014-03-27 19:44 - 00045056 _____ (ToCA EDIT) C:\Users\Grzegorz\Desktop\Need For Speed Underground 2 - trainer.exe 2014-03-13 15:54 - 2013-09-05 16:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-13 15:54 - 2011-05-22 12:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ___RD () C:\Program Files\Skype 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Skype 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-12 20:30 - 2011-01-22 17:40 - 00000000 ____D () C:\ProgramData\Skype ZeroAccess: C:\Users\Grzegorz\AppData\Local\84197c4d C:\Users\Grzegorz\AppData\Local\84197c4d\@ C:\Users\Grzegorz\AppData\Local\84197c4d\loader.tlb C:\Users\Grzegorz\AppData\Local\84197c4d\X C:\Users\Grzegorz\AppData\Local\84197c4d\U\00000001.@ C:\Users\Grzegorz\AppData\Local\84197c4d\U\000000c0.@ C:\Users\Grzegorz\AppData\Local\84197c4d\U\000000cb.@ C:\Users\Grzegorz\AppData\Local\84197c4d\U\000000cf.@ C:\Users\Grzegorz\AppData\Local\84197c4d\U\80000000.@ C:\Users\Grzegorz\AppData\Local\84197c4d\U\800000c0.@ C:\Users\Grzegorz\AppData\Local\84197c4d\U\800000cb.@ C:\Users\Grzegorz\AppData\Local\84197c4d\U\800000cf.@ Some content of TEMP: ==================== C:\Users\Grzegorz\AppData\Local\Temp\eauninstall.exe C:\Users\Grzegorz\AppData\Local\Temp\gg10.upgr.exe C:\Users\Grzegorz\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Grzegorz\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Grzegorz\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Grzegorz\AppData\Local\Temp\installstats.exe C:\Users\Grzegorz\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Grzegorz\AppData\Local\Temp\msimg32.dll C:\Users\Grzegorz\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\Grzegorz\AppData\Local\Temp\ose00001.exe C:\Users\Grzegorz\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 12:55 ==================== End Of Log ============================