Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 ([color=red]ATTENTION: ====> FRST version is 26 days old and could be outdated[/color]) Ran by Giant (administrator) on GIANT on 08-04-2014 18:25:52 Running from D:\Pobrane\Frst Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe () D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe ==================== Registry (Whitelisted) ================== HKU\S-1-5-21-195878770-3682003311-2466773037-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC) HKU\S-1-5-21-195878770-3682003311-2466773037-1000\...\Run: [SpyShelter] - D:\Dokumenty\SpyShelter Premium\SpyShelter.exe [2613560 2011-10-21] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF4C04E71C451CF01 SearchScopes: HKCU - DefaultScope {6DDFFD7A-5F76-42A6-8210-E8804B51E249} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKCU - {6DDFFD7A-5F76-42A6-8210-E8804B51E249} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Dokumenty\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Dokumenty\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Pomocnik logowania za pomocą konta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog9 01 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 02 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 03 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 04 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 05 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 06 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 07 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 08 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 09 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 10 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Winsock: Catalog9 21 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit) Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 Tcpip\..\Interfaces\{D9D511EC-52B3-41ED-9957-EDFD12FDD2E3}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{F99F7B44-879E-47C6-AEE1-63699F594AB7}: [NameServer]208.67.222.222,208.67.220.220 Chrome: ======= CHR HomePage: https://startpage.com/ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Giant\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (VLC Web Plugin) - D:\Dokumenty\VLC\npvlc.dll (VideoLAN) CHR Extension: (Dysk Google) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27] CHR Extension: (YouTube) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27] CHR Extension: (Adblock Plus) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-19] CHR Extension: (Szukaj w Google) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27] CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-02-19] CHR Extension: (HTTPS Everywhere) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-03-15] CHR Extension: (Google Wallet) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\Dokumenty\Internet Download Manager\IDMGCExt.crx [2014-02-21] ==================== Services (Whitelisted) ================= S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [925480 2014-03-20] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-03-19] () S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2014-03-15] () S4 MBAMScheduler; D:\Dokumenty\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S4 MBAMService; D:\Dokumenty\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) S3 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [298152 2014-04-05] (SPEEDbit) ==================== Drivers (Whitelisted) ==================== R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [54984 2014-03-19] (AnchorFree Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.) S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) R1 Spyshelter; D:\Dokumenty\SpyShelter Premium\SpyShelter.sys [205112 2011-10-21] (SpyShelter) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-07 12:16 - 2014-04-07 12:16 - 00000000 ____D () C:\ProgramData\SPEEDbit 2014-04-07 10:47 - 2014-04-08 18:25 - 00000000 ____D () C:\FRST 2014-04-05 16:59 - 2014-04-05 17:00 - 00000000 ____D () C:\Program Files (x86)\SpeedBit Video Accelerator 2014-04-05 16:59 - 2014-04-05 16:59 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx 2014-04-05 16:59 - 2014-04-05 16:59 - 00000000 ____D () C:\Users\Public\Documents\Speedbit 2014-04-04 23:33 - 2014-04-04 23:33 - 00000000 ____D () C:\Users\Giant\AppData\Local\Skype 2014-04-04 14:46 - 2011-11-16 21:50 - 00017627 _____ () C:\Users\Giant\Desktop\NTUniversalBaalLeech.ntj 2014-03-31 00:10 - 2014-03-19 19:51 - 00054984 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys 2014-03-19 19:54 - 2014-03-19 19:54 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys 2014-03-10 14:48 - 2014-03-10 14:48 - 00000488 _____ () C:\Windows\WindowsUpdate.log ==================== One Month Modified Files and Folders ======= 2014-04-08 18:25 - 2014-04-07 10:47 - 00000000 ____D () C:\FRST 2014-04-08 18:14 - 2013-05-23 22:58 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\DMCache 2014-04-08 13:55 - 2013-05-22 23:38 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\vlc 2014-04-08 13:06 - 2014-02-19 12:40 - 00008120 _____ () C:\Windows\setupact.log 2014-04-08 13:06 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-08 13:06 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-08 13:03 - 2010-11-21 14:53 - 00691856 _____ () C:\Windows\system32\perfh015.dat 2014-04-08 13:03 - 2010-11-21 14:53 - 00131604 _____ () C:\Windows\system32\perfc015.dat 2014-04-08 13:03 - 2009-07-14 07:13 - 01530012 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-08 12:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-08 00:16 - 2013-05-23 22:58 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\IDM 2014-04-07 12:16 - 2014-04-07 12:16 - 00000000 ____D () C:\ProgramData\SPEEDbit 2014-04-07 10:33 - 2013-05-22 23:01 - 00000000 ____D () C:\Program Files (x86)\UltraISO 2014-04-06 21:25 - 2013-06-08 21:45 - 00000000 ____D () C:\Users\Giant\AppData\Local\CrashDumps 2014-04-06 19:03 - 2013-05-24 22:08 - 00005800 _____ () C:\Windows\Sandboxie.ini 2014-04-05 17:00 - 2014-04-05 16:59 - 00000000 ____D () C:\Program Files (x86)\SpeedBit Video Accelerator 2014-04-05 16:59 - 2014-04-05 16:59 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx 2014-04-05 16:59 - 2014-04-05 16:59 - 00000000 ____D () C:\Users\Public\Documents\Speedbit 2014-04-04 23:36 - 2013-05-24 20:40 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\Skype 2014-04-04 23:33 - 2014-04-04 23:33 - 00000000 ____D () C:\Users\Giant\AppData\Local\Skype 2014-04-04 23:33 - 2013-05-24 20:40 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-04 23:32 - 2013-05-24 20:39 - 00000000 ____D () C:\ProgramData\Skype 2014-04-04 11:42 - 2014-03-01 13:42 - 00003308 _____ () C:\Windows\PFRO.log 2014-04-04 11:42 - 2013-05-30 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-31 17:15 - 2013-05-23 00:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-31 00:10 - 2014-02-08 16:41 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield 2014-03-30 13:07 - 2013-06-20 22:29 - 00003948 _____ () C:\Windows\System32\Tasks\Ccleaner 2014-03-29 16:58 - 2013-05-22 17:32 - 00000000 ____D () C:\Users\Giant 2014-03-29 15:34 - 2014-02-18 02:31 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\SpyShelter 2014-03-29 15:34 - 2014-02-08 16:44 - 00000000 ____D () C:\ProgramData\Hotspot Shield 2014-03-29 15:34 - 2013-05-22 18:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-29 15:34 - 2013-05-22 18:59 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-03-29 15:29 - 2013-05-23 10:27 - 00000000 ____D () C:\Users\Giant\AppData\Local\Google 2014-03-29 15:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-29 15:28 - 2013-05-23 10:27 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-27 17:47 - 2013-05-23 10:26 - 00000000 ____D () C:\Users\Giant\AppData\Local\Deployment 2014-03-24 00:05 - 2013-05-22 23:08 - 00000000 ____D () C:\Windows\SysWOW64\sda 2014-03-20 18:41 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-19 19:54 - 2014-03-19 19:54 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys 2014-03-19 19:51 - 2014-03-31 00:10 - 00054984 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys 2014-03-17 00:41 - 2013-06-19 14:13 - 00005632 _____ () C:\Users\Giant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-10 14:48 - 2014-03-10 14:48 - 00000488 _____ () C:\Windows\WindowsUpdate.log ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-10 12:47 ==================== End Of Log ============================