Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 Ran by Grzegorz (administrator) on 1Q21WS on 17-04-2014 09:34:03 Running from C:\Users\Grzegorz\Desktop\Nowy folder Microsoft Windows 7 Home Premium (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atieclxx.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Sony DADC Austria AG.) C:\Windows\system32\UAService7.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [fst_pl_96] => [X] HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [GG] => C:\Users\Grzegorz\AppData\Local\GG\Application\gghub.exe [4023360 2014-04-04] (GG Network S.A.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\MountPoints2: {e8aec489-cddb-11e1-9677-001a4d6d98b2} - J:\RunGame.exe ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Grzegorz\AppData\Roaming\Mozilla\Firefox\Profiles\a3aomcye.default-1397719485965 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Grzegorz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: ======= ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) R2 UserAccess7; C:\Windows\system32\UAService7.exe [139264 2011-05-13] (Sony DADC Austria AG.) ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-08-16] (ATI Technologies, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-14] (DT Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-30] (LogMeIn, Inc.) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-17 09:23 - 2014-04-17 09:23 - 00000000 ____D () C:\MATS 2014-04-17 09:20 - 2014-04-17 09:20 - 00347816 _____ (Microsoft Corporation) C:\Users\Grzegorz\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.1332115004459785.1.1.Run.exe 2014-04-15 18:10 - 2014-04-15 18:11 - 00000000 ____D () C:\Program Files\Opera 2014-04-15 18:10 - 2014-04-15 18:10 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\Opera Software 2014-04-15 18:10 - 2014-04-15 18:10 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Opera Software 2014-04-15 17:46 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2014-04-15 17:40 - 2014-04-15 17:40 - 00143648 _____ () C:\Windows\Minidump\041514-16687-01.dmp 2014-04-15 17:32 - 2014-04-15 18:39 - 00000000 ____D () C:\Windows\system32\Data 2014-04-15 17:32 - 2014-04-15 17:32 - 00000000 ____D () C:\Program Files\Creative 2014-04-15 17:31 - 2010-03-18 19:19 - 00011776 _____ (Creative Technology Limited) C:\Windows\INRES.DLL 2014-04-15 17:31 - 2010-03-18 19:17 - 00010240 _____ (Creative Technology Ltd) C:\Windows\CTDCRES.DLL 2014-04-13 13:26 - 2014-04-13 13:26 - 00000000 ____D () C:\ProgramData\redistpart 2014-04-13 13:25 - 2014-04-13 13:25 - 00000000 ____D () C:\ProgramData\launcher 2014-04-13 13:25 - 2014-04-13 13:25 - 00000000 ____D () C:\ProgramData\explauncher 2014-04-12 16:46 - 2014-04-12 16:46 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\MPC-HC 2014-04-09 09:59 - 2014-04-17 09:34 - 00000000 ____D () C:\Users\Grzegorz\Desktop\Nowy folder 2014-04-09 09:58 - 2014-04-17 09:34 - 00000000 ____D () C:\FRST 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-03-29 20:39 - 2014-04-09 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-27 19:44 - 2014-03-27 19:44 - 00045056 _____ (ToCA EDIT) C:\Users\Grzegorz\Desktop\Need For Speed Underground 2 - trainer.exe ==================== One Month Modified Files and Folders ======= 2014-04-17 09:34 - 2014-04-09 09:59 - 00000000 ____D () C:\Users\Grzegorz\Desktop\Nowy folder 2014-04-17 09:34 - 2014-04-09 09:58 - 00000000 ____D () C:\FRST 2014-04-17 09:30 - 2011-01-22 17:40 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\Skype 2014-04-17 09:29 - 2013-12-08 14:37 - 00015223 _____ () C:\Windows\setupact.log 2014-04-17 09:29 - 2011-01-20 22:44 - 00446370 _____ () C:\Windows\PFRO.log 2014-04-17 09:29 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-17 09:26 - 2013-11-11 17:36 - 00000000 ____D () C:\AdwCleaner 2014-04-17 09:23 - 2014-04-17 09:23 - 00000000 ____D () C:\MATS 2014-04-17 09:20 - 2014-04-17 09:20 - 00347816 _____ (Microsoft Corporation) C:\Users\Grzegorz\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.1332115004459785.1.1.Run.exe 2014-04-17 09:10 - 2013-12-16 14:40 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\GG 2014-04-17 09:09 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-17 09:09 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 22:54 - 2013-09-05 16:07 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 17:18 - 2012-02-06 20:32 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\NFS Underground 2 2014-04-15 18:39 - 2014-04-15 17:32 - 00000000 ____D () C:\Windows\system32\Data 2014-04-15 18:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-04-15 18:23 - 2011-06-12 12:25 - 00000149 _____ () C:\Windows\disney.ini 2014-04-15 18:11 - 2014-04-15 18:10 - 00000000 ____D () C:\Program Files\Opera 2014-04-15 18:11 - 2011-01-20 22:56 - 00001425 _____ () C:\Users\Grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-15 18:10 - 2014-04-15 18:10 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\Opera Software 2014-04-15 18:10 - 2014-04-15 18:10 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Opera Software 2014-04-15 17:56 - 2011-01-20 22:48 - 01668854 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 17:40 - 2014-04-15 17:40 - 00143648 _____ () C:\Windows\Minidump\041514-16687-01.dmp 2014-04-15 17:40 - 2013-04-27 18:40 - 00000000 ____D () C:\Windows\Minidump 2014-04-15 17:40 - 2011-01-20 22:56 - 00000000 ____D () C:\Users\Grzegorz 2014-04-15 17:32 - 2014-04-15 17:32 - 00000000 ____D () C:\Program Files\Creative 2014-04-15 17:32 - 2011-01-20 23:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-04-13 13:26 - 2014-04-13 13:26 - 00000000 ____D () C:\ProgramData\redistpart 2014-04-13 13:25 - 2014-04-13 13:25 - 00000000 ____D () C:\ProgramData\launcher 2014-04-13 13:25 - 2014-04-13 13:25 - 00000000 ____D () C:\ProgramData\explauncher 2014-04-12 16:46 - 2014-04-12 16:46 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\MPC-HC 2014-04-09 20:47 - 2013-12-16 14:41 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\GG 2014-04-09 20:02 - 2011-07-01 22:23 - 00000000 ____D () C:\ProgramData\Real 2014-04-09 20:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-04-09 19:06 - 2011-01-22 22:27 - 00000000 ___RD () C:\Users\Grzegorz\Desktop\grzes 2014-04-09 18:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-04-09 18:37 - 2011-01-28 15:52 - 00000000 ____D () C:\Users\Grzegorz\AppData\Local\Adobe 2014-04-09 18:25 - 2014-03-29 20:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-09 17:42 - 2014-01-25 19:47 - 00000000 ____D () C:\Users\Grzegorz\AppData\Roaming\.minecraft 2014-04-08 20:55 - 2014-04-08 20:55 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-04-06 18:00 - 2011-01-20 23:00 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-06 18:00 - 2009-07-14 10:07 - 00739694 _____ () C:\Windows\system32\perfh015.dat 2014-04-06 18:00 - 2009-07-14 10:07 - 00155268 _____ () C:\Windows\system32\perfc015.dat 2014-04-01 19:43 - 2009-07-14 06:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-30 18:58 - 2012-04-29 20:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-27 19:44 - 2014-03-27 19:44 - 00045056 _____ (ToCA EDIT) C:\Users\Grzegorz\Desktop\Need For Speed Underground 2 - trainer.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 21:56 ==================== End Of Log ============================