Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014 Ran by Giant (administrator) on GIANT on 28-04-2014 20:13:57 Running from D:\Pobrane Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () D:\Pobrane\Notepad2-4.1.24-x86-64\Notepad2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKU\S-1-5-21-195878770-3682003311-2466773037-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC) HKU\S-1-5-21-195878770-3682003311-2466773037-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-22] (BillP Studios) ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0BAD3E28BF54CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/ SearchScopes: HKCU - DefaultScope {6DDFFD7A-5F76-42A6-8210-E8804B51E249} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKCU - {6DDFFD7A-5F76-42A6-8210-E8804B51E249} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Dokumenty\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Dokumenty\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO-x32: Pomocnik logowania za pomocą konta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 FireFox: ======== FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - D:\Dokumenty\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Giant\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Giant\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Giant\AppData\Roaming\IDM\idmmzcc5 [2014-03-10] Chrome: ======= CHR HomePage: https://startpage.com/ CHR StartupUrls: "https://startpage.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Internet Download Manager Plugin) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.19.2_0\IDMGCExt.dll (Tonec Inc.) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Giant\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (VLC Web Plugin) - D:\Dokumenty\VLC\npvlc.dll (VideoLAN) CHR Extension: (Adblock Plus) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-28] CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-04-28] CHR Extension: (HTTPS Everywhere) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-04-28] CHR Extension: (IDM Integration Module) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-04-28] CHR Extension: (Google Wallet) - C:\Users\Giant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\Dokumenty\Internet Download Manager\IDMGCExt.crx [2014-02-21] ==================== Services (Whitelisted) ================= S3 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [925480 2014-03-20] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-03-19] () S3 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2014-03-15] () S4 MBAMScheduler; D:\Dokumenty\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S4 MBAMService; D:\Dokumenty\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) ==================== Drivers (Whitelisted) ==================== R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [54984 2014-03-19] (AnchorFree Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.) S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-28 20:13 - 2014-04-28 20:13 - 00000000 ____D () C:\FRST 2014-04-27 01:38 - 2014-04-27 01:39 - 00001306 _____ () C:\Users\Giant\Downloads\UltraISOPortable.lnk 2014-04-27 01:35 - 2014-04-27 01:36 - 00001380 _____ () C:\Users\Giant\Downloads\OpenOfficeWriterPortable.lnk 2014-04-27 01:35 - 2014-04-27 01:36 - 00001366 _____ () C:\Users\Giant\Downloads\OpenOfficeExcelPortable.lnk 2014-04-27 01:35 - 2014-04-27 01:35 - 00001233 _____ () C:\Users\Giant\Downloads\aMSNPortable.lnk 2014-04-27 01:33 - 2014-04-27 01:33 - 00001350 _____ () C:\Users\Giant\Downloads\FoxitReaderPortable.lnk 2014-04-27 00:23 - 2014-04-28 00:19 - 00003828 _____ () C:\Windows\System32\Tasks\Ccleaner 2014-04-23 00:21 - 2014-04-23 00:21 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\WinPatrol 2014-04-23 00:21 - 2014-04-23 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-04-23 00:21 - 2014-04-23 00:21 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-23 00:21 - 2014-04-23 00:21 - 00000000 ____D () C:\Program Files (x86)\BillP Studios 2014-04-20 11:16 - 2014-04-20 11:16 - 00000000 __RSH () C:\MSDOS.SYS 2014-04-20 11:16 - 2014-04-20 11:16 - 00000000 __RSH () C:\IO.SYS 2014-04-19 22:47 - 2014-04-19 22:47 - 00001161 _____ () C:\Users\Giant\Downloads\BlueScreenView 64bit.lnk 2014-04-19 20:01 - 2014-04-19 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-19 20:01 - 2014-04-19 20:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-19 20:01 - 2014-04-19 20:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-18 17:23 - 2014-04-18 17:43 - 00000000 ____D () C:\Windows\Minidump 2014-04-13 19:41 - 2014-04-13 19:41 - 00032987 _____ () C:\Users\Giant\AppData\Local\Perfmon.PerfmonCfg 2014-04-13 19:29 - 2014-04-13 19:29 - 00000318 _____ () C:\DelFix.txt 2014-04-04 23:33 - 2014-04-04 23:33 - 00000000 ____D () C:\Users\Giant\AppData\Local\Skype 2014-04-04 23:33 - 2014-04-04 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-04-04 14:46 - 2011-11-16 21:50 - 00017627 _____ () C:\Users\Giant\Desktop\NTUniversalBaalLeech.ntj 2014-03-31 00:10 - 2014-03-19 19:51 - 00054984 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys ==================== One Month Modified Files and Folders ======= 2014-04-28 20:13 - 2014-04-28 20:13 - 00000000 ____D () C:\FRST 2014-04-28 20:13 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-28 20:13 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-28 18:44 - 2013-05-24 22:08 - 00005778 _____ () C:\Windows\Sandboxie.ini 2014-04-28 18:37 - 2010-11-21 14:53 - 00691856 _____ () C:\Windows\system32\perfh015.dat 2014-04-28 18:37 - 2010-11-21 14:53 - 00131604 _____ () C:\Windows\system32\perfc015.dat 2014-04-28 18:37 - 2009-07-14 07:13 - 01530012 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-28 18:32 - 2014-02-19 12:40 - 00011996 _____ () C:\Windows\setupact.log 2014-04-28 18:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-28 01:24 - 2013-05-22 23:38 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\vlc 2014-04-28 00:20 - 2013-05-23 22:58 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\IDM 2014-04-28 00:19 - 2014-04-27 00:23 - 00003828 _____ () C:\Windows\System32\Tasks\Ccleaner 2014-04-27 19:36 - 2013-06-08 21:45 - 00000000 ____D () C:\Users\Giant\AppData\Local\CrashDumps 2014-04-27 19:36 - 2013-05-23 22:58 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\DMCache 2014-04-27 11:44 - 2014-03-10 14:48 - 00029810 _____ () C:\Windows\WindowsUpdate.log 2014-04-27 01:39 - 2014-04-27 01:38 - 00001306 _____ () C:\Users\Giant\Downloads\UltraISOPortable.lnk 2014-04-27 01:36 - 2014-04-27 01:35 - 00001380 _____ () C:\Users\Giant\Downloads\OpenOfficeWriterPortable.lnk 2014-04-27 01:36 - 2014-04-27 01:35 - 00001366 _____ () C:\Users\Giant\Downloads\OpenOfficeExcelPortable.lnk 2014-04-27 01:35 - 2014-04-27 01:35 - 00001233 _____ () C:\Users\Giant\Downloads\aMSNPortable.lnk 2014-04-27 01:33 - 2014-04-27 01:33 - 00001350 _____ () C:\Users\Giant\Downloads\FoxitReaderPortable.lnk 2014-04-27 01:32 - 2013-10-15 23:44 - 00001278 _____ () C:\Users\Giant\Downloads\AvidemuxPortable.lnk 2014-04-27 00:54 - 2013-05-23 10:27 - 00004538 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-27 00:52 - 2013-05-23 10:27 - 00004590 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-27 00:43 - 2013-05-22 22:37 - 00003396 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-04-23 10:19 - 2014-03-01 13:42 - 00005274 _____ () C:\Windows\PFRO.log 2014-04-23 00:21 - 2014-04-23 00:21 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\WinPatrol 2014-04-23 00:21 - 2014-04-23 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-04-23 00:21 - 2014-04-23 00:21 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-23 00:21 - 2014-04-23 00:21 - 00000000 ____D () C:\Program Files (x86)\BillP Studios 2014-04-20 11:16 - 2014-04-20 11:16 - 00000000 __RSH () C:\MSDOS.SYS 2014-04-20 11:16 - 2014-04-20 11:16 - 00000000 __RSH () C:\IO.SYS 2014-04-19 22:47 - 2014-04-19 22:47 - 00001161 _____ () C:\Users\Giant\Downloads\BlueScreenView 64bit.lnk 2014-04-19 20:01 - 2014-04-19 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-19 20:01 - 2014-04-19 20:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-19 20:01 - 2014-04-19 20:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-18 17:43 - 2014-04-18 17:23 - 00000000 ____D () C:\Windows\Minidump 2014-04-18 17:43 - 2013-05-22 17:20 - 00275235 _____ () C:\Windows\Minidump\041814-21590-01.dmp 2014-04-18 17:23 - 2013-05-22 17:20 - 00283259 _____ () C:\Windows\Minidump\041814-26457-01.dmp 2014-04-13 19:41 - 2014-04-13 19:41 - 00032987 _____ () C:\Users\Giant\AppData\Local\Perfmon.PerfmonCfg 2014-04-13 19:29 - 2014-04-13 19:29 - 00000318 _____ () C:\DelFix.txt 2014-04-04 23:36 - 2013-05-24 20:40 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\Skype 2014-04-04 23:33 - 2014-04-04 23:33 - 00000000 ____D () C:\Users\Giant\AppData\Local\Skype 2014-04-04 23:33 - 2014-04-04 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-04-04 23:33 - 2013-05-24 20:40 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-04 23:32 - 2013-05-24 20:39 - 00000000 ____D () C:\ProgramData\Skype 2014-04-04 11:42 - 2013-05-30 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-31 17:15 - 2013-05-23 00:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-31 00:10 - 2014-02-08 16:41 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield 2014-03-29 16:58 - 2013-05-22 17:32 - 00000000 ____D () C:\Users\Giant 2014-03-29 15:34 - 2014-02-18 02:31 - 00000000 ____D () C:\Users\Giant\AppData\Roaming\SpyShelter 2014-03-29 15:34 - 2014-02-08 16:44 - 00000000 ____D () C:\ProgramData\Hotspot Shield 2014-03-29 15:34 - 2014-02-08 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2014-03-29 15:34 - 2013-05-23 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-03-29 15:34 - 2013-05-22 18:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-29 15:34 - 2013-05-22 18:59 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-03-29 15:29 - 2013-05-23 10:27 - 00000000 ____D () C:\Users\Giant\AppData\Local\Google 2014-03-29 15:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-29 15:28 - 2013-05-23 10:27 - 00000000 ____D () C:\Program Files (x86)\Google ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-10 12:47 ==================== End Of Log ============================