Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 ([color=red]ATTENTION: ====> FRST version is 27 days old and could be outdated[/color]) Ran by Grzegorz (administrator) on 1Q21WS on 09-04-2014 19:18:58 Running from C:\Users\Grzegorz\Desktop\Nowy folder Microsoft Windows 7 Home Premium (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atieclxx.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Sony DADC Austria AG.) C:\Windows\system32\UAService7.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [GG] - C:\Users\Grzegorz\AppData\Local\GG\Application\gghub.exe [4023360 2014-04-04] (GG Network S.A.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: J - J:\RunGame.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: K - K:\RunGame.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {45c060a6-263a-11e0-86df-001a4d6d98b2} - J:\RunGame.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {5b0c5aca-24e2-11e2-8f52-001a4d6d98b2} - K:\autorun.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {d915cbae-5dcf-11e0-a283-001a4d6d98b2} - K:\OriginInstaller.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {e8aec489-cddb-11e1-9677-001a4d6d98b2} - J:\RunGame.exe HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Winlogon: [Shell] C:\Users\Grzegorz\AppData\Local\84197c4d\X ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Grzegorz\AppData\Roaming\Mozilla\Firefox\Profiles\0pprcq4t.default FF SearchEngineOrder.3: Bing FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Grzegorz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: ======= CHR HKLM\...\Chrome\Extension: [dhdmjeclekijlogbipdlifcmgoanoemm] - C:\Program Files\Expresso\source.crx [] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-01] ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) R2 UserAccess7; C:\Windows\system32\UAService7.exe [139264 2011-05-13] (Sony DADC Austria AG.) ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-08-16] (ATI Technologies, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-14] (DT Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-30] (LogMeIn, Inc.) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.) S3 sony_ssm.sys; \??\C:\Users\Grzegorz\AppData\Local\Temp\sony_ssm.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 19:14 - 2014-04-09 19:14 - 00448512 _____ (OldTimer Tools) C:\Users\Grzegorz\Downloads\TFC.exe 2014-04-09 19:07 - 2014-04-09 19:08 - 01426178 _____ () C:\Users\Grzegorz\Downloads\adwcleaner.exe 2014-04-09 18:49 - 2014-04-09 18:49 - 00000000 ____D () C:\MATS 2014-04-09 09:59 - 2014-04-09 19:18 - 00000000 ____D () C:\Users\Grzegorz\Desktop\Nowy folder 2014-04-09 09:58 - 2014-04-09 19:18 - 00000000 ____D () C:\FRST 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-03-29 20:39 - 2014-04-09 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-27 19:44 - 2014-03-27 19:44 - 00045056 _____ (ToCA EDIT) C:\Users\Grzegorz\Desktop\Need For Speed Underground 2 - trainer.exe 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ___RD () C:\Program Files\Skype 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Skype 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2014-04-09 20:02 - 2011-07-01 22:23 - 00000000 ____D () C:\ProgramData\Real 2014-04-09 20:02 - 2011-01-28 15:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-04-09 20:02 - 2011-01-21 21:47 - 00000000 ____D () C:\Program Files\AVG 2014-04-09 20:02 - 2011-01-21 21:45 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-09 20:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-04-09 20:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-04-09 19:18 - 2014-04-09 09:59 - 00000000 ____D () C:\Users\Grzegorz\Desktop\Nowy folder 2014-04-09 19:18 - 2014-04-09 09:58 - 00000000 ____D () C:\FRST 2014-04-09 19:15 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 19:15 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 19:14 - 2014-04-09 19:14 - 00448512 _____ (OldTimer Tools) C:\Users\Grzegorz\Downloads\TFC.exe 2014-04-09 19:11 - 2013-12-16 14:40 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\GG 2014-04-09 19:11 - 2011-01-22 17:40 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\Skype 2014-04-09 19:10 - 2013-12-08 14:37 - 00011751 _____ () C:\Windows\setupact.log 2014-04-09 19:10 - 2011-01-20 22:44 - 00444892 _____ () C:\Windows\PFRO.log 2014-04-09 19:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-09 19:09 - 2013-11-11 17:36 - 00000000 ____D () C:\AdwCleaner 2014-04-09 19:08 - 2014-04-09 19:07 - 01426178 _____ () C:\Users\Grzegorz\Downloads\adwcleaner.exe 2014-04-09 19:06 - 2011-01-22 22:27 - 00000000 ___RD () C:\Users\Grzegorz\Desktop\grzes 2014-04-09 19:03 - 2011-01-20 22:56 - 00000000 ____D () C:\Users\Grzegorz 2014-04-09 18:49 - 2014-04-09 18:49 - 00000000 ____D () C:\MATS 2014-04-09 18:43 - 2011-01-21 21:47 - 00000000 ____D () C:\ProgramData\AVG10 2014-04-09 18:41 - 2011-01-21 21:47 - 00000000 ____D () C:\Windows\system32\Drivers\AVG 2014-04-09 18:39 - 2011-01-20 23:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-04-09 18:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-04-09 18:37 - 2011-01-28 15:52 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Adobe 2014-04-09 18:25 - 2014-03-29 20:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-09 17:54 - 2013-09-05 16:07 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-09 17:49 - 2012-02-06 20:32 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\NFS Underground 2 2014-04-09 17:42 - 2014-01-25 19:47 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\.minecraft 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-04-06 18:00 - 2011-01-20 23:00 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-06 18:00 - 2009-07-14 10:07 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2014-04-06 18:00 - 2009-07-14 10:07 - 00155268 _____ () C:\Windows\system32\perfc015.dat 2014-04-05 11:58 - 2011-01-20 22:48 - 01659705 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 17:18 - 2013-12-16 14:41 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\GG 2014-04-01 19:43 - 2009-07-14 06:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-30 18:58 - 2012-04-29 20:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-27 19:44 - 2014-03-27 19:44 - 00045056 _____ (ToCA EDIT) C:\Users\Grzegorz\Desktop\Need For Speed Underground 2 - trainer.exe 2014-03-13 15:54 - 2013-09-05 16:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-13 15:54 - 2011-05-22 12:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ___RD () C:\Program Files\Skype 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Skype 2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-12 20:30 - 2011-01-22 17:40 - 00000000 ____D () C:\ProgramData\Skype ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 12:55 ==================== End Of Log ============================