Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Kasia (administrator) on KASIA-KOMPUTER on 10-10-2013 15:58:21 Running from C:\Users\Kasia\Desktop\Nowy folder (2) Microsoft Windows 7 Ultimate (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (AMD) C:\Windows\system32\atiesrxx.exe (Beijing ELEX Technology Co., Ltd.) C:\Program Files\Software Plate\svcgdp.exe (AMD) C:\Windows\system32\atieclxx.exe (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (asus) C:\Program Files\ASUS\ControlDeck\ControlDeck.exe () C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () C:\Program Files\ASUS\ASUS Live Update\ALU.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ATK) C:\Program Files\ASUS\Splendid\ACMON.exe (GG Network S.A.) C:\Program Files\Gadu-Gadu 10\gg.exe () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Windows\AsScrPro.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ASUSTeK) C:\Windows\System32\ACEngSvr.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS) HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS) HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [233472 2010-01-18] (Alcor Micro Corp.) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.) HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [4473728 2012-07-02] (IObit) HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM\...\Run: [] - [x] HKLM\...\Run: [SearchSettings] - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1303360 2013-08-08] (Spigot, Inc.) HKCU\...\Run: [Gadu-Gadu 10] - C:\Program Files\Gadu-Gadu 10\gg.exe [13374048 2011-07-04] (GG Network S.A.) HKCU\...\Run: [Dhqqqt] - C:\Users\Kasia\AppData\Roaming\Dhqqqt.exe [122368 2011-03-29] (AdSndUisb) HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=iob-1&from=iob-1&uid=1052515_133120_8396809_395049983_FAE0876F&ts=1347881623 URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.4\iobitappsToolbarIE.dll (Spigot, Inc.) SearchScopes: HKCU - DefaultScope {95F00F3A-2388-42C9-B16D-FFD7D22F5DA3} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {95F00F3A-2388-42C9-B16D-FFD7D22F5DA3} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms} BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.4\iobitappsToolbarIE.dll (Spigot, Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL (IObit) Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.4\iobitappsToolbarIE.dll (Spigot, Inc.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 FireFox: ======== FF ProfilePath: C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\18zqm5v0.default FF DefaultSearchEngine: Wyszukiwarka filmów w YouTube FF SearchEngineOrder.1: v9 FF SelectedSearchEngine: Wyszukiwarka filmów w YouTube FF Homepage: google.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF SearchPlugin: C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\18zqm5v0.default\searchplugins\wyszukiwarka-filmw-w-youtube.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\v9.xml FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\18zqm5v0.default\Extensions\ascsurfingprotection@iobit.com FF Extension: Proxy Tool - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\18zqm5v0.default\Extensions\{FE1363F3-4870-4360-9AFE-AE1A921A74F2} FF Extension: iobitapps - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\18zqm5v0.default\Extensions\iobitapps@mybrowserbar.com FF Extension: No Name - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\18zqm5v0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit) R2 AFBAgent; C:\Windows\system32\FBAgent.exe [303744 2009-12-07] (ASUSTeK Computer Inc.) R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2013-08-08] (Spigot, Inc.) R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS) R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS) R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit) R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () R2 svcgdp; C:\Program Files\Software Plate\svcgdp.exe [224416 2012-07-02] (Beijing ELEX Technology Co., Ltd.) ==================== Drivers (Whitelisted) ==================== R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [18544 2012-07-03] (AVAST Software) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [20336 2012-01-05] (IObit) R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] () R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS) R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [30640 2012-07-05] (IObit.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1760384 2009-08-20] () R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [19832 2012-07-05] (IObit.com) S3 catchme; \??\C:\Users\Kasia\AppData\Local\Temp\catchme.sys [x] S3 ipswuio; System32\DRIVERS\ipswuio.sys [x] U3 tmlwf; U3 tmwfp; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-10 15:58 - 2013-10-10 15:58 - 00000000 ____D C:\FRST 2013-10-10 15:57 - 2013-10-10 15:58 - 00000000 ____D C:\Users\Kasia\Desktop\Nowy folder (2) 2013-10-10 15:57 - 2013-10-10 15:57 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kasia\Downloads\UsbFix.exe 2013-10-10 15:40 - 2013-10-10 15:51 - 00000000 ____D C:\Users\Kasia\Desktop\Nowy folder 2013-10-03 17:05 - 2013-10-03 17:05 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-12 15:44 - 2011-03-29 09:33 - 00122368 _____ (AdSndUisb) C:\Users\Kasia\AppData\Roaming\Dhqqqt.exe ==================== One Month Modified Files and Folders ======= 2013-10-10 15:58 - 2013-10-10 15:58 - 00000000 ____D C:\FRST 2013-10-10 15:58 - 2013-10-10 15:57 - 00000000 ____D C:\Users\Kasia\Desktop\Nowy folder (2) 2013-10-10 15:57 - 2013-10-10 15:57 - 01540681 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Kasia\Downloads\UsbFix.exe 2013-10-10 15:54 - 2011-01-25 16:55 - 01148376 _____ C:\Windows\WindowsUpdate.log 2013-10-10 15:51 - 2013-10-10 15:40 - 00000000 ____D C:\Users\Kasia\Desktop\Nowy folder 2013-10-10 15:38 - 2009-07-14 06:34 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-10 15:38 - 2009-07-14 06:34 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-10 15:31 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-07 21:18 - 2012-06-30 19:00 - 00000000 ____D C:\ProgramData\OpenFM 2013-10-07 16:46 - 2011-01-25 17:14 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-07 16:46 - 2009-07-14 10:07 - 00687828 _____ C:\Windows\system32\perfh015.dat 2013-10-07 16:46 - 2009-07-14 10:07 - 00131382 _____ C:\Windows\system32\perfc015.dat 2013-10-05 12:41 - 2013-02-11 17:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-04 21:29 - 2012-06-30 18:31 - 00000000 ____D C:\Users\Kasia\AppData\Local\Mozilla 2013-10-03 17:05 - 2013-10-03 17:05 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-19 20:50 - 2011-01-25 17:00 - 00000000 ____D C:\Users\Kasia\AppData\Local\VirtualStore 2013-09-14 14:54 - 2011-01-25 17:14 - 00001688 _____ C:\Windows\system32\AutoRunFilter.ini Files to move or delete: ==================== C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\Kasia\AppData\Local\Temp\gg10.upgr.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2011-01-25 16:53 ==================== End Of Log ============================