Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014 Ran by Patryk (administrator) on KOMPUTER on 09-09-2014 17:15:17 Running from C:\Users\Patryk\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) D:\Nowy folder\Advanced SystemCare 7\ASCService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Malwarebytes Corporation) E:\dragonicka\Malwarebytes Anti-Malware\mbamscheduler.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe () C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\AVG Secure Search\vprot.exe (LogMeIn Inc.) E:\Safari\hamachi-2.exe (LogMeIn, Inc.) E:\Safari\LMIGuardianSvc.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe () C:\Users\Patryk\Desktop\hduq03ef.exe (OldTimer Tools) C:\Users\Patryk\Desktop\OTL.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-06-07] (Realtek Semiconductor) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-09-03] () HKLM\...\Run: [] => [X] HKLM\...\Run: [LogMeIn Hamachi Ui] => E:\Safari\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.) HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-04-30] (Microsoft Corporation) HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\Run: [Advanced SystemCare 7] => D:\Nowy folder\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\Run: [Slick Savings] => C:\Users\Patryk\AppData\Roaming\Slick Savings\CouponsHelper.exe [966504 2014-08-26] (S p i g o t, I n c .) HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\Run: [Browser Extensions] => C:\Users\Patryk\AppData\Roaming\Slick Savings\CouponsHelper.exe [966504 2014-08-26] (S p i g o t, I n c .) HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\MountPoints2: K - K:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\MountPoints2: {11f55fa3-45d5-11e2-b520-806e6f6e6963} - F:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\MountPoints2: {dfd08b56-b683-11e3-b73d-002618e1ac0a} - M:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\MountPoints2: {dfd08b59-b683-11e3-b73d-002618e1ac0a} - N:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\MountPoints2: {dfd08b60-b683-11e3-b73d-002618e1ac0a} - O:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1000\...\MountPoints2: {dfd08b7a-b683-11e3-b73d-002618e1ac0a} - P:\setup.exe /autorun HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\Run: [Gadu-Gadu 10] => E:\Camtasia Studio 8\Gadu-Gadu 10\gg.exe [13374048 2011-07-04] (GG Network S.A.) HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\Run: [Steam] => E:\steaams\steam.exe [1635752 2013-05-04] (Valve Corporation) HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-18] () HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\chomikbox.exe [6017024 2014-02-06] ( ) HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\Run: [uTorrent] => C:\Users\Patryk\AppData\Roaming\uTorrent\uTorrent.exe [1266520 2014-05-05] (BitTorrent Inc.) HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\Run: [DAEMON Tools Ultra Agent] => E:\hackowanie internetow\DAEMON Tools Ultra\DTAgent.exe [3195096 2014-02-12] (Disc Soft Ltd) HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\MountPoints2: K - K:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\MountPoints2: M - M:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\MountPoints2: {11f55fa3-45d5-11e2-b520-806e6f6e6963} - F:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\MountPoints2: {dfd08b56-b683-11e3-b73d-002618e1ac0a} - M:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\MountPoints2: {dfd08b59-b683-11e3-b73d-002618e1ac0a} - N:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\MountPoints2: {dfd08b60-b683-11e3-b73d-002618e1ac0a} - O:\autorun.exe HKU\S-1-5-21-2642114556-749823890-2243700731-1003\...\MountPoints2: {dfd08b7a-b683-11e3-b73d-002618e1ac0a} - P:\setup.exe /autorun AppInit_DLLs: c:\progra~1\suptab\search~1.dll => c:\progra~1\suptab\search~1.dll File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1395851186&from=cor&uid=HitachiXHDS721050CLA362_JP1521HN0358LA0358LAX&q={searchTerms} URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\9.3\iobitappsToolbarIE.dll (Spigot, Inc.) SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/03/26&hid=16454237016703326624&lg=EN&cc=PL SearchScopes: HKCU - DefaultScope {11D8091F-1DCE-4982-996C-2835B287F4E9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?win=97&clid=1989596&text={searchTerms} SearchScopes: HKCU - {11D8091F-1DCE-4982-996C-2835B287F4E9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6EAB69B8-9698-4336-9171-512C7ECFB5A9}&mid=58eebe9047f447d087f9d16f5e0545f9-790262e72b9c1fad5e4a9defc751ce56f73a0a64&lang=pl&ds=xn011&pr=sa&d=2012-12-29 20:29:49&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: IObit Apps Toolbar -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> C:\Program Files\IObit Apps Toolbar\IE\9.3\iobitappsToolbarIE.dll (Spigot, Inc.) BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Nowy folder\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\9.3\iobitappsToolbarIE.dll (Spigot, Inc.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 95.160.170.92 88.156.222.92 109.241.239.12 FireFox: ======== FF ProfilePath: C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); FF DefaultSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF Plugin: @IObit.com/np_Asc_Plugin -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll (IObit) FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF user.js: detected! => C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default\user.js FF SearchPlugin: C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default\searchplugins\yahoo_ff.xml FF SearchPlugin: C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default\searchplugins\yandex.ru-141528.xml FF SearchPlugin: C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default\searchplugins\yqs-vbff-yandex.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\sweet-page.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07] FF Extension: No Name - C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default\Extensions\staged [2014-03-26] FF Extension: Візуальныя закладкі - C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default\Extensions\vb@yandex.ru [2013-11-04] FF Extension: Кампанент "Элементы Яндекса" - C:\Users\Patryk\AppData\Roaming\Mozilla\Firefox\Profiles\8ji6cozv.default\Extensions\yasearch@yandex.ru [2013-11-04] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-09-03] FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-03-08] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.pl/" CHR DefaultSearchKeyword: Default -> yahoo.com search CHR DefaultSearchProvider: Default -> Yahoo CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=902615&p={searchTerms} CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR CustomProfile: C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Czarny metalik motyw.) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbhhihkiaeeioepkklgfpdohnemkjcoi [2014-06-07] CHR Extension: (Freemake Video Converter) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-03-08] CHR Extension: (Google Wallet) - C:\Users\Patryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04] CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-03-08] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.9.799\avg.crx [2014-03-08] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; D:\Nowy folder\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) S3 Disc Soft Bus Service; E:\hackowanie internetow\DAEMON Tools Ultra\DiscSoftBusService.exe [753880 2014-02-12] (Disc Soft Ltd) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-03-06] (Freemake) [File not signed] R2 Hamachi2Svc; E:\Safari\hamachi-2.exe [1890128 2014-09-04] (LogMeIn Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) R2 MBAMScheduler; E:\dragonicka\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; E:\dragonicka\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S3 npggsvc; C:\Windows\system32\GameMon.des [4609416 2013-11-06] (INCA Internet Co., Ltd.) [File not signed] R2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] () R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-09-03] (AVG Secure Search) S2 699fd52f; "C:\Windows\system32\rundll32.exe" "c:\progra~2\assist~1\AssistantSvc.dll",service ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-03] (AVG Technologies) R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2014-03-26] (Disc Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [55848 2014-06-07] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R1 MpKsl0fcab713; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B19E84C5-DEA7-464F-A059-8EC9414BECC2}\MpKsl0fcab713.sys [39464 2014-09-09] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2014-03-11] (Power Software Ltd) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [715248 2014-03-28] (Duplex Secure Ltd.) R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-04-23] (StdLib) R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-26] (StdLib) S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 vtany; \??\C:\Windows\vtany.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] U3 pgddqpoc; \??\C:\Users\Patryk\AppData\Local\Temp\pgddqpoc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 17:15 - 2014-09-09 17:17 - 00019881 _____ () C:\Users\Patryk\Downloads\FRST.txt 2014-09-09 17:13 - 2014-09-09 17:16 - 1009240078 _____ () C:\Users\Patryk\Downloads\Dreikonv2.1.rar 2014-09-09 17:13 - 2014-09-09 17:15 - 00000000 ____D () C:\FRST 2014-09-09 17:13 - 2014-09-09 17:13 - 00380416 _____ () C:\Users\Patryk\Desktop\hduq03ef.exe 2014-09-09 17:12 - 2014-09-09 17:12 - 01097728 _____ (Farbar) C:\Users\Patryk\Desktop\FRST.exe 2014-09-09 17:12 - 2014-09-09 17:12 - 00602112 _____ (OldTimer Tools) C:\Users\Patryk\Desktop\OTL.exe 2014-09-09 16:54 - 2014-09-09 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-08-31 22:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-31 22:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-31 22:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-31 22:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-31 19:52 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-31 19:52 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-31 19:52 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-31 19:52 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-31 19:52 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-31 19:52 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-31 19:52 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-31 19:52 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-31 19:52 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-31 19:52 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-31 19:52 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-31 19:52 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-31 19:52 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-31 19:52 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-31 19:52 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-31 19:52 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-31 19:52 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-31 19:52 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-31 19:52 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-31 19:52 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-31 19:52 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-31 19:52 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-31 19:52 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-31 19:52 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-31 19:52 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-31 19:52 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-31 19:52 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-31 19:52 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-31 19:52 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-31 19:52 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-31 19:52 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-31 19:52 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-31 19:52 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-31 19:52 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-31 19:52 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-31 19:52 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-31 19:51 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-31 19:51 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-31 19:51 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-31 19:51 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-31 19:51 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-31 19:51 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-31 19:51 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-31 19:51 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-31 19:47 - 2014-08-31 19:47 - 00813672 _____ () C:\Users\Patryk\Downloads\OptiFine_1.7.2_HD_U_D3.jar 2014-08-31 19:38 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-31 19:38 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-31 19:38 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-31 19:38 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-31 19:37 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-31 19:37 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-31 19:37 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-31 19:35 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-31 19:35 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-31 19:29 - 2014-08-31 19:31 - 23305296 _____ () C:\Users\Patryk\Downloads\mmc-stable-win32.zip 2014-08-31 19:24 - 2014-09-09 16:53 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job 2014-08-31 19:24 - 2014-09-09 16:53 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job 2014-08-31 19:24 - 2014-08-31 19:24 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb 2014-08-31 19:24 - 2014-08-31 19:24 - 00000000 ____D () C:\Program Files\AVG Security Toolbar ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 17:17 - 2014-09-09 17:15 - 00019881 _____ () C:\Users\Patryk\Downloads\FRST.txt 2014-09-09 17:16 - 2014-09-09 17:13 - 1009240078 _____ () C:\Users\Patryk\Downloads\Dreikonv2.1.rar 2014-09-09 17:15 - 2014-09-09 17:13 - 00000000 ____D () C:\FRST 2014-09-09 17:13 - 2014-09-09 17:13 - 00380416 _____ () C:\Users\Patryk\Desktop\hduq03ef.exe 2014-09-09 17:12 - 2014-09-09 17:12 - 01097728 _____ (Farbar) C:\Users\Patryk\Desktop\FRST.exe 2014-09-09 17:12 - 2014-09-09 17:12 - 00602112 _____ (OldTimer Tools) C:\Users\Patryk\Desktop\OTL.exe 2014-09-09 17:06 - 2012-12-14 18:21 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-09 17:00 - 2014-06-07 11:33 - 00008867 _____ () C:\Windows\setupact.log 2014-09-09 16:59 - 2012-12-14 12:03 - 01138501 _____ () C:\Windows\WindowsUpdate.log 2014-09-09 16:59 - 2009-07-14 06:34 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-09 16:59 - 2009-07-14 06:34 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-09 16:57 - 2012-12-29 21:31 - 00000000 ____D () C:\Users\Patryk\AppData\Local\LogMeIn Hamachi 2014-09-09 16:55 - 2014-03-08 14:50 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-09 16:54 - 2014-09-09 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-09-09 16:53 - 2014-08-31 19:24 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job 2014-09-09 16:53 - 2014-08-31 19:24 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job 2014-09-09 16:53 - 2014-03-08 14:50 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-09 16:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-04 07:31 - 2014-06-07 10:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-04 07:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-03 22:48 - 2014-05-10 21:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-09-03 22:46 - 2012-12-29 21:29 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys 2014-09-03 22:46 - 2012-12-29 21:29 - 00000000 ____D () C:\Program Files\AVG Secure Search 2014-09-01 19:53 - 2014-06-07 10:29 - 00000000 ____D () C:\Users\Patryk\AppData\Roaming\Slick Savings 2014-09-01 19:51 - 2009-07-14 06:33 - 00305304 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-01 19:48 - 2014-06-07 14:17 - 00002864 _____ () C:\Windows\PFRO.log 2014-09-01 19:48 - 2014-05-10 22:53 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-01 19:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-08-31 22:10 - 2013-09-21 14:22 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-31 22:10 - 2012-12-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-31 22:05 - 2012-12-14 13:04 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-31 22:02 - 2013-05-01 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-08-31 22:02 - 2013-05-01 14:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-31 19:47 - 2014-08-31 19:47 - 00813672 _____ () C:\Users\Patryk\Downloads\OptiFine_1.7.2_HD_U_D3.jar 2014-08-31 19:31 - 2014-08-31 19:29 - 23305296 _____ () C:\Users\Patryk\Downloads\mmc-stable-win32.zip 2014-08-31 19:24 - 2014-08-31 19:24 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb 2014-08-31 19:24 - 2014-08-31 19:24 - 00000000 ____D () C:\Program Files\AVG Security Toolbar 2014-08-31 19:20 - 2009-07-14 10:28 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-23 03:46 - 2014-08-31 19:52 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-31 19:52 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Files to move or delete: ==================== C:\ProgramData\hash.dat Some content of TEMP: ==================== C:\Users\Patryk\AppData\Local\Temp\MD5Hash.dll C:\Users\Żanetka\AppData\Local\Temp\gg10.upgr.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-01 16:35 ==================== End Of Log ============================