Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03 Ran by basiak xd (administrator) on BASIA on 18-01-2014 14:11:40 Running from C:\Users\basiak xd\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe () C:\Program Files (x86)\Tor\tor.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Users\basiak xd\AppData\Local\Google\Update\GoogleUpdate.exe (Facebook Inc.) C:\Users\basiak xd\AppData\Local\Facebook\Update\FacebookUpdate.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) C:\Windows\AsScrPro.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () D:\Instalki\putty.exe (WTW.im, Kaworu) C:\Program Files\K2T\WTW\wtw.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16328736 2009-06-11] (NVIDIA Corporation) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR HomePage: hxxp://www.sweet-page.com/?type=hp&ts=1389959632&from=cor&uid=3219913727_67194_BC1D379B CHR Plugin: (Widevine Content Decryption Module) - C:\Users\basiak xd\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\basiak xd\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\basiak xd\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\basiak xd\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Extension: (Bookmark Manager) - C:\Users\basiak xd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-18] CHR Extension: (Google Wallet) - C:\Users\basiak xd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18] ==================== Services (Whitelisted) ================= R3 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-14] () R3 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () R3 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R3 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-20] () ==================== Drivers (Whitelisted) ==================== R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-06] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-17] (Duplex Secure Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-18 14:11 - 2014-01-18 14:11 - 00007302 _____ C:\Users\basiak xd\Downloads\FRST.txt 2014-01-18 10:56 - 2014-01-18 10:57 - 00000251 _____ C:\Windows\system32\ServiceFilter.ini 2014-01-18 10:56 - 2014-01-18 10:56 - 00000147 _____ C:\Windows\system32\AutoRunFilter.ini 2014-01-18 10:52 - 2014-01-18 10:52 - 00991232 _____ C:\Users\basiak xd\Downloads\MicrosoftFixit50267.msi 2014-01-18 10:47 - 2014-01-18 10:47 - 00448512 _____ (OldTimer Tools) C:\Users\basiak xd\Downloads\TFC.exe 2014-01-18 10:39 - 2014-01-18 10:39 - 00000000 ____D C:\MATS 2014-01-18 10:33 - 2014-01-18 10:33 - 00347816 _____ (Microsoft Corporation) C:\Users\basiak xd\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.3431346480239719.1.1.Run.exe 2014-01-18 01:29 - 2014-01-18 01:29 - 00515112 _____ C:\Windows\Minidump\011814-25724-01.dmp 2014-01-18 00:27 - 2014-01-18 13:02 - 00000000 ____D C:\Users\basiak xd\Desktop\pasożyty 2014-01-17 23:15 - 2014-01-17 23:15 - 00291768 _____ C:\Windows\Minidump\011714-27440-01.dmp 2014-01-17 22:26 - 2014-01-17 22:26 - 00368705 _____ C:\Users\basiak xd\Downloads\gm.zip 2014-01-17 22:26 - 2014-01-17 22:26 - 00000000 ____D C:\Users\basiak xd\Downloads\gm 2014-01-17 22:19 - 2014-01-17 22:19 - 00602112 _____ (OldTimer Tools) C:\Users\basiak xd\Downloads\OTL.exe 2014-01-17 22:14 - 2014-01-17 22:14 - 02076160 _____ (Farbar) C:\Users\basiak xd\Downloads\FRST64.exe 2014-01-17 22:14 - 2014-01-17 22:14 - 00000000 ____D C:\FRST 2014-01-17 16:52 - 2014-01-18 10:56 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-17 14:41 - 2014-01-17 14:42 - 00000000 ____D C:\Program Files (x86)\Heroes of Might and Magic III - Zlota Edycja 2014-01-17 13:48 - 2014-01-17 13:48 - 00000266 __RSH C:\ProgramData\ntuser.pol 2014-01-17 13:18 - 2014-01-17 13:18 - 00000000 ____D C:\Users\basiak xd\AppData\Roaming\Malwarebytes 2014-01-17 13:17 - 2014-01-17 13:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-17 13:12 - 2014-01-17 13:12 - 00001362 _____ C:\AdwCleaner[S3].txt 2014-01-17 13:11 - 2014-01-17 13:12 - 00001264 _____ C:\AdwCleaner[R3].txt 2014-01-17 13:06 - 2014-01-17 13:07 - 00002019 _____ C:\AdwCleaner[S2].txt 2014-01-17 13:05 - 2014-01-17 13:06 - 00002145 _____ C:\AdwCleaner[R2].txt 2014-01-17 01:34 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-17 01:34 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-17 01:34 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-17 01:34 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-17 01:34 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-17 01:34 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-17 01:31 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-17 01:31 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-15 18:24 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr ==================== One Month Modified Files and Folders ======= 2014-01-18 14:11 - 2014-01-18 14:11 - 00007302 _____ C:\Users\basiak xd\Downloads\FRST.txt 2014-01-18 13:02 - 2014-01-18 00:27 - 00000000 ____D C:\Users\basiak xd\Desktop\pasożyty 2014-01-18 12:55 - 2009-10-06 14:34 - 01211499 _____ C:\Windows\WindowsUpdate.log 2014-01-18 12:49 - 2009-12-30 23:21 - 00000000 ____D C:\Users\basiak xd\AppData\Local\Google 2014-01-18 11:03 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-18 11:03 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-18 10:57 - 2014-01-18 10:56 - 00000251 _____ C:\Windows\system32\ServiceFilter.ini 2014-01-18 10:57 - 2013-10-16 00:50 - 00002866 _____ C:\Windows\System32\Tasks\Net4Switch 2014-01-18 10:56 - 2014-01-18 10:56 - 00000147 _____ C:\Windows\system32\AutoRunFilter.ini 2014-01-18 10:56 - 2014-01-17 16:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-18 10:56 - 2009-07-14 05:51 - 00212624 _____ C:\Windows\setupact.log 2014-01-18 10:54 - 2012-10-01 16:00 - 00000600 _____ C:\Users\basiak xd\PUTTY.RND 2014-01-18 10:52 - 2014-01-18 10:52 - 00991232 _____ C:\Users\basiak xd\Downloads\MicrosoftFixit50267.msi 2014-01-18 10:47 - 2014-01-18 10:47 - 00448512 _____ (OldTimer Tools) C:\Users\basiak xd\Downloads\TFC.exe 2014-01-18 10:44 - 2009-12-22 18:17 - 00000000 ____D C:\Users\basiak xd 2014-01-18 10:39 - 2014-01-18 10:39 - 00000000 ____D C:\MATS 2014-01-18 10:33 - 2014-01-18 10:33 - 00347816 _____ (Microsoft Corporation) C:\Users\basiak xd\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.3431346480239719.1.1.Run.exe 2014-01-18 01:29 - 2014-01-18 01:29 - 00515112 _____ C:\Windows\Minidump\011814-25724-01.dmp 2014-01-18 01:29 - 2013-02-07 07:34 - 00000000 ____D C:\Windows\Minidump 2014-01-18 01:17 - 2013-11-20 02:11 - 00162921 _____ C:\Windows\IE11_main.log 2014-01-18 01:16 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2014-01-17 23:15 - 2014-01-17 23:15 - 00291768 _____ C:\Windows\Minidump\011714-27440-01.dmp 2014-01-17 23:15 - 2013-08-21 09:38 - 00028844 _____ C:\Windows\PFRO.log 2014-01-17 22:26 - 2014-01-17 22:26 - 00368705 _____ C:\Users\basiak xd\Downloads\gm.zip 2014-01-17 22:26 - 2014-01-17 22:26 - 00000000 ____D C:\Users\basiak xd\Downloads\gm 2014-01-17 22:19 - 2014-01-17 22:19 - 00602112 _____ (OldTimer Tools) C:\Users\basiak xd\Downloads\OTL.exe 2014-01-17 22:14 - 2014-01-17 22:14 - 02076160 _____ (Farbar) C:\Users\basiak xd\Downloads\FRST64.exe 2014-01-17 22:14 - 2014-01-17 22:14 - 00000000 ____D C:\FRST 2014-01-17 22:13 - 2013-10-22 00:37 - 00000000 ____D C:\Users\basiak xd\Desktop\głupoty 2014-01-17 21:12 - 2009-12-29 17:13 - 00000000 ____D C:\Users\basiak xd\AppData\Local\CrashDumps 2014-01-17 16:50 - 2013-09-12 09:14 - 00000000 ____D C:\AdwCleaner 2014-01-17 16:50 - 2011-07-26 19:55 - 00000000 ____D C:\Users\basiak xd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-01-17 16:50 - 2009-12-22 18:26 - 00001007 _____ C:\Users\basiak xd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-17 14:42 - 2014-01-17 14:41 - 00000000 ____D C:\Program Files (x86)\Heroes of Might and Magic III - Zlota Edycja 2014-01-17 14:35 - 2009-08-03 20:55 - 00698146 _____ C:\Windows\system32\perfh015.dat 2014-01-17 14:35 - 2009-08-03 20:55 - 00135224 _____ C:\Windows\system32\perfc015.dat 2014-01-17 14:35 - 2009-07-14 06:13 - 01549932 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-17 13:48 - 2014-01-17 13:48 - 00000266 __RSH C:\ProgramData\ntuser.pol 2014-01-17 13:48 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2014-01-17 13:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2014-01-17 13:48 - 2009-07-14 03:34 - 00000871 _____ C:\Windows\system32\Drivers\etc\hosts.old 2014-01-17 13:18 - 2014-01-17 13:18 - 00000000 ____D C:\Users\basiak xd\AppData\Roaming\Malwarebytes 2014-01-17 13:17 - 2014-01-17 13:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-17 13:12 - 2014-01-17 13:12 - 00001362 _____ C:\AdwCleaner[S3].txt 2014-01-17 13:12 - 2014-01-17 13:11 - 00001264 _____ C:\AdwCleaner[R3].txt 2014-01-17 13:07 - 2014-01-17 13:06 - 00002019 _____ C:\AdwCleaner[S2].txt 2014-01-17 13:06 - 2014-01-17 13:05 - 00002145 _____ C:\AdwCleaner[R2].txt 2014-01-17 13:01 - 2013-08-28 21:41 - 00000000 ___RD C:\Users\basiak xd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-17 12:59 - 2009-12-30 15:30 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2014-01-17 11:09 - 2013-07-30 15:59 - 00000000 ____D C:\Users\basiak xd\AppData\Roaming\Skype 2014-01-17 11:04 - 2009-07-14 05:45 - 00429160 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-17 10:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2014-01-17 02:15 - 2009-10-06 14:45 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-17 02:13 - 2013-08-14 13:42 - 00000000 ____D C:\Windows\system32\MRT 2014-01-17 02:10 - 2010-11-23 10:12 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-13 19:54 - 2009-12-28 13:01 - 00000000 ___RD C:\Users\basiak xd\Documents\`dokumenty 2014-01-10 12:27 - 2009-12-30 22:30 - 00000000 ____D C:\Windows\System32\Tasks\Games 2014-01-08 09:40 - 2011-03-28 14:24 - 00000000 ____D C:\Program Files (x86)\Picasa2 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2013-12-31 15:08 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-09 00:47 ==================== End Of Log ============================