Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2013 Ran by SYSTEM on 11-08-2013 18:28:32 Running from G:\ Microsoft Windows XP Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet003 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [PDF3 Registry Controller] - C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe [106496 2005-04-12] (ScanSoft, Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM\...\Run: [Zwinky Search Scope Monitor] - C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe [44784 2013-06-22] (MindSpark) HKLM\...\Run: [Zwinky_5q Browser Plugin Loader] - C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbrmon.exe [30096 2013-06-22] (VER_COMPANY_NAME) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2010-06-17] (Microsoft Corporation) HKU\Karolina\...\Run: [AdobeBridge] - [x] HKU\Karolina\...\Run: [BitTorrent] - C:\Program Files\BitTorrent\BitTorrent.exe [ 2013-05-24] (BitTorrent Inc.) HKU\Karolina\...\Run: [ccleaner] - "C:\Program Files\CCleaner\CCleaner.exe" /AUTO [x] HKU\Karolina\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-05-09] (Skype Technologies S.A.) HKU\Karolina\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe [x] HKU\Karolina\...\Run: [GG] - C:\Documents and Settings\Karolina\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [ 2013-05-20] (GG Network S.A.) HKU\Karolina\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-05-24] (Samsung) HKU\Karolina\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2013-04-19] (Nokia) HKU\Karolina\...\Run: [Browser Infrastructure Helper] - C:\Documents and Settings\Karolina\Ustawienia lokalne\Dane aplikacji\Smartbar\Application\QuickShare.exe [ 2013-05-12] (Smartbar) HKU\Karolina\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe [ 2013-04-18] (Samsung Electronics) HKU\Karolina\...\Run: [IPLA!] - C:\Program Files\ipla\ipla.exe [ 2013-05-28] (Redefine Sp z o.o.) ========================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-01-19] () S2 Zwinky_5qService; C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe [42504 2013-06-22] (COMPANYVERS_NAME) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x] S2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) S3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1606368 2010-06-04] (Atheros Communications, Inc.) S2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2008-08-12] (Adaptec) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software) S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] () S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-20] (AVG Technologies) S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [213544 2009-08-26] (Broadcom Corporation) S2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-15] (Windows (R) Server 2003 DDK provider) S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-23] (Conexant Systems, Inc.) S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-23] (Conexant Systems, Inc.) S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [69168 2010-06-17] (Silicon Image, Inc.) S0 Si3114r5; C:\Windows\System32\Drivers\Si3114r5.sys [211496 2010-06-17] (Silicon Image, Inc) S0 Si3124; C:\Windows\System32\Drivers\Si3124.sys [69248 2010-06-17] (Silicon Image, Inc.) S0 Si3132; C:\Windows\System32\Drivers\Si3132.sys [80424 2010-06-17] (Silicon Image, Inc) S0 Si3132r5; C:\Windows\System32\Drivers\Si3132r5.sys [217128 2010-06-17] (Silicon Image, Inc) S0 Si3531; C:\Windows\System32\Drivers\Si3531.sys [210736 2010-06-17] (Silicon Image, Inc) S3 btaudio; system32\drivers\btaudio.sys [x] S3 BTDriver; system32\DRIVERS\btport.sys [x] S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [x] S3 btwhid; system32\DRIVERS\btwhid.sys [x] S3 catchme; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys [x] S4 IntelIde; No ImagePath S3 StarOpen; No ImagePath S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-11 18:27 - 2013-08-11 18:27 - 00000000 ___DC C:\FRST 2013-08-10 00:30 - 2013-08-10 00:30 - 00094962 ____C C:\OTL.Txt 2013-08-06 22:26 - 2013-08-06 22:27 - 00000000 __SDC C:\ComboFix 2013-08-06 22:06 - 2013-08-06 22:06 - 00000000 RSHDC C:\cmdcons 2013-08-06 22:06 - 2011-01-19 13:40 - 00000211 ____C C:\Boot.bak 2013-08-06 22:06 - 2004-08-03 22:00 - 00262400 _RSHC C:\cmldr 2013-08-06 21:57 - 2013-08-06 21:57 - 00000000 ____D C:\Windows\CSC 2013-08-06 21:39 - 2013-08-06 21:40 - 00008148 _____ C:\Windows\tsoc.log 2013-08-06 21:39 - 2013-08-06 21:40 - 00004507 _____ C:\Windows\imsins.log 2013-08-06 21:39 - 2013-08-06 21:40 - 00002161 _____ C:\Windows\netfxocm.log 2013-08-06 21:39 - 2013-08-06 21:40 - 00001207 _____ C:\Windows\MedCtrOC.log 2013-08-06 21:39 - 2013-08-06 21:40 - 00000885 _____ C:\Windows\ocmsn.log 2013-08-06 21:39 - 2013-08-06 21:40 - 00000877 _____ C:\Windows\msgsocm.log 2013-08-06 21:39 - 2013-08-06 21:40 - 00000319 _____ C:\Windows\tabletoc.log 2013-08-06 21:38 - 2013-08-06 21:40 - 00041872 _____ C:\Windows\iis6.log 2013-08-06 21:38 - 2013-08-06 21:40 - 00017551 _____ C:\Windows\ocgen.log 2013-08-06 20:46 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-06 20:46 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-06 20:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-06 20:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-06 20:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-06 20:46 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2013-08-06 20:46 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-06 20:46 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-06 20:46 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-06 20:29 - 2013-08-06 22:27 - 00000000 ___DC C:\Qoobox 2013-08-06 20:28 - 2013-08-06 20:59 - 00000000 ____D C:\Windows\erdnt 2013-08-05 23:17 - 2013-08-09 16:46 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-08-05 23:17 - 2013-08-06 22:13 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne 2013-08-05 23:17 - 2013-08-06 22:08 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2013-08-05 23:17 - 2013-08-06 20:29 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty 2013-08-05 23:17 - 2011-01-19 14:33 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start 2013-08-05 23:17 - 2011-01-19 14:33 - 00000000 ____D C:\Documents and Settings\Administrator\Ulubione 2013-08-05 23:17 - 2011-01-19 14:33 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit 2013-08-05 23:17 - 2011-01-19 13:48 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-08-05 23:17 - 2011-01-19 13:41 - 00000000 ___HD C:\Documents and Settings\Administrator\Szablony 2013-08-05 23:15 - 2013-08-06 22:05 - 00001324 _____ C:\Windows\System32\d3d9caps.dat 2013-08-04 20:46 - 2013-08-06 21:14 - 00004337 _____ C:\Windows\KB2481109.log 2013-07-22 20:59 - 2013-07-22 20:59 - 00000000 ____D C:\Program Files\FastStone Image Viewer ==================== One Month Modified Files and Folders ======= 2013-08-11 18:27 - 2013-08-11 18:27 - 00000000 ___DC C:\FRST 2013-08-10 00:30 - 2013-08-10 00:30 - 00094962 ____C C:\OTL.Txt 2013-08-09 17:19 - 2011-01-19 13:47 - 01598726 _____ C:\Windows\WindowsUpdate.log 2013-08-09 17:01 - 2011-01-19 13:53 - 00000188 ___SH C:\Documents and Settings\Karolina\ntuser.ini 2013-08-09 17:01 - 2008-04-15 13:00 - 00000731 _____ C:\Windows\win.ini 2013-08-09 16:55 - 2011-01-19 14:37 - 00000216 _____ C:\Windows\wiadebug.log 2013-08-09 16:55 - 2011-01-19 13:52 - 00032414 _____ C:\Windows\SchedLgU.Txt 2013-08-09 16:54 - 2011-01-19 14:37 - 00000050 _____ C:\Windows\wiaservc.log 2013-08-09 16:46 - 2013-08-05 23:17 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-08-09 16:46 - 2012-11-22 21:22 - 00197993 _____ C:\Windows\setupapi.log 2013-08-09 16:45 - 2008-04-15 13:00 - 00002206 _____ C:\Windows\System32\wpa.dbl 2013-08-06 22:27 - 2013-08-06 22:26 - 00000000 __SDC C:\ComboFix 2013-08-06 22:27 - 2013-08-06 20:29 - 00000000 ___DC C:\Qoobox 2013-08-06 22:18 - 2012-07-31 20:36 - 00101780 _____ C:\Documents and Settings\Karolina\debug.log 2013-08-06 22:15 - 2011-01-19 13:44 - 00000000 ____D C:\Windows\System32\Restore 2013-08-06 22:13 - 2013-08-05 23:17 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne 2013-08-06 22:13 - 2011-01-19 13:52 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne 2013-08-06 22:11 - 2008-04-15 13:00 - 00000274 ____C C:\Windows\system.ini 2013-08-06 22:08 - 2013-08-05 23:17 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2013-08-06 22:06 - 2013-08-06 22:06 - 00000000 RSHDC C:\cmdcons 2013-08-06 22:06 - 2011-01-19 14:32 - 00000327 _RSHC C:\boot.ini 2013-08-06 22:05 - 2013-08-05 23:15 - 00001324 _____ C:\Windows\System32\d3d9caps.dat 2013-08-06 21:57 - 2013-08-06 21:57 - 00000000 ____D C:\Windows\CSC 2013-08-06 21:40 - 2013-08-06 21:39 - 00008148 _____ C:\Windows\tsoc.log 2013-08-06 21:40 - 2013-08-06 21:39 - 00004507 _____ C:\Windows\imsins.log 2013-08-06 21:40 - 2013-08-06 21:39 - 00002161 _____ C:\Windows\netfxocm.log 2013-08-06 21:40 - 2013-08-06 21:39 - 00001207 _____ C:\Windows\MedCtrOC.log 2013-08-06 21:40 - 2013-08-06 21:39 - 00000885 _____ C:\Windows\ocmsn.log 2013-08-06 21:40 - 2013-08-06 21:39 - 00000877 _____ C:\Windows\msgsocm.log 2013-08-06 21:40 - 2013-08-06 21:39 - 00000319 _____ C:\Windows\tabletoc.log 2013-08-06 21:40 - 2013-08-06 21:38 - 00041872 _____ C:\Windows\iis6.log 2013-08-06 21:40 - 2013-08-06 21:38 - 00017551 _____ C:\Windows\ocgen.log 2013-08-06 21:40 - 2012-12-13 16:55 - 00208873 _____ C:\Windows\FaxSetup.log 2013-08-06 21:40 - 2012-12-13 16:55 - 00070064 _____ C:\Windows\comsetup.log 2013-08-06 21:40 - 2012-12-13 16:55 - 00043594 _____ C:\Windows\ntdtcsetup.log 2013-08-06 21:40 - 2011-02-22 15:45 - 00000000 ____D C:\Windows\System32\appmgmt 2013-08-06 21:40 - 2011-01-19 14:34 - 01130678 ____C C:\Windows\System32\PerfStringBackup.INI 2013-08-06 21:40 - 2008-04-15 13:00 - 00516938 _____ C:\Windows\System32\perfh015.dat 2013-08-06 21:40 - 2008-04-15 13:00 - 00094916 _____ C:\Windows\System32\perfc015.dat 2013-08-06 21:14 - 2013-08-04 20:46 - 00004337 _____ C:\Windows\KB2481109.log 2013-08-06 20:59 - 2013-08-06 20:28 - 00000000 ____D C:\Windows\erdnt 2013-08-06 20:29 - 2013-08-05 23:17 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty 2013-08-05 23:05 - 2012-11-27 12:39 - 00001209 _____ C:\Windows\wmsetup.log 2013-08-05 21:19 - 2011-01-19 13:53 - 00000000 ____D C:\Documents and Settings\Karolina\Pulpit 2013-08-04 21:19 - 2012-12-03 16:34 - 00009592 _____ C:\Windows\setupact.log 2013-08-02 21:57 - 2011-01-19 13:53 - 00000000 ___RD C:\Documents and Settings\Karolina\Moje dokumenty 2013-08-02 21:47 - 2011-02-06 23:43 - 00000000 ____D C:\Windows\ie8updates 2013-07-29 20:46 - 2012-02-21 21:03 - 00000000 ____D C:\Documents and Settings\Karolina\.gstreamer-0.10 2013-07-22 20:59 - 2013-07-22 20:59 - 00000000 ____D C:\Program Files\FastStone Image Viewer 2013-07-22 20:59 - 2011-01-19 13:53 - 00000000 __RHD C:\Documents and Settings\Karolina\Dane aplikacji 2013-07-14 19:06 - 2012-04-03 09:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-07-14 19:06 - 2011-06-06 21:24 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2010-06-17 09:33] - [2010-06-17 09:33] - 0111104 ____A (Microsoft Corporation) 8816e60bf654353e8e0d35ed98875445 C:\Windows\System32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-08-06 22:15 - 028672 _restore{41D28B3A-E74E-4761-87C4-0C594411C114}\RP1 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3062.43 MB Available physical RAM: 2613.81 MB Total Pagefile: 3060.71 MB Available Pagefile: 2628.73 MB Total Virtual: 2047.88 MB Available Virtual: 1927.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:45.11 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (dane) (Fixed) (Total:132.88 GB) (Free:15.53 GB) NTFS Drive f: (GSP1RMCULFRER_PL_DVD) (CDROM) (Total:2.27 GB) (Free:0 GB) UDF Drive g: (PENDRIVE) (Removable) (Total:7.51 GB) (Free:7.51 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: BC75BC75) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=133 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=8 MB) - (Type=0E) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 91F72D24) Partition 1: (Active) - (Size=8 GB) - (Type=0B) ==================== End Of Log ============================