Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014 Ran by asd (administrator) on QWE-268BC649944 on 04-01-2014 11:08:03 Running from D:\Krzysiek Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Atheros) C:\WINDOWS\system32\acs.exe (ArtistScope Pty Ltd) C:\Program Files\Common Files\ArtistScope\CSHelper32.exe (Mobile Leader Co.,Ltd.) C:\WINDOWS\system32\ScsiCommandService2.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) D:\Nowy folder (2)\Office12\GrooveMonitor.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Opera Software) C:\Program Files\Opera\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.) HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-09-29] (ATI Technologies, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [GrooveMonitor] - D:\Nowy folder (2)\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [GB_UPDATE] - C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe [2051688 2013-06-05] () Winlogon\Notify\Antiwpa: C:\Windows\system32\antiwpa.dll () Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [nhrij] - C:\Documents and Settings\asd\nhrij.exe HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 MountPoints2: {b0707d46-6e43-11e2-9660-806d6172696f} - D:\setupSNK.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TP-LINK Wireless Configuration Utility.lnk ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM - DefaultScope value is missing. BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Nowy folder (2)\Office12\GrooveShellExtensions.dll (Microsoft Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Nowy folder (2)\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 ========================== Services (Whitelisted) ================= R2 acs; C:\WINDOWS\system32\acs.exe [499796 2011-12-26] (Atheros) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () R2 CSHelper; C:\Program Files\Common Files\ArtistScope\CSHelper32.exe [236624 2013-10-21] (ArtistScope Pty Ltd) S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-12-26] (wireless) S3 Microsoft Office Groove Audit Service; D:\Nowy folder (2)\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) R2 ScsiCommandService2; C:\WINDOWS\system32\ScsiCommandService2.exe [48128 2011-10-31] (Mobile Leader Co.,Ltd.) ==================== Drivers (Whitelisted) ==================== R3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [400384 2004-02-24] (Sensaura) R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2011-09-06] (LG Electronics Inc.) R3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2012-10-18] (Atheros Communications, Inc.) R1 CSDriver; C:\Program Files\Common Files\ArtistScope\CSDriver32.sys [43888 2013-10-21] () S3 e4usbaw; C:\Windows\System32\DRIVERS\e4usbaw.sys [116992 2006-09-19] (Analog Devices Inc.) S2 IKANLOADER2; C:\Windows\System32\Drivers\e4ldr.sys [64000 2006-09-15] (Analog Deivces) R3 JSWSCIMD; C:\Windows\System32\DRIVERS\jswscimd.sys [57440 2011-12-26] (Atheros Communications, Inc.) R0 nvatabus; C:\Windows\System32\DRIVERS\nvatabus.sys [79360 2004-06-03] (NVIDIA Corporation) R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation) R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2004-05-17] (NVIDIA Corporation) R0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16128 2003-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) S3 WinRing0_1_2_0; C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [14416 2012-08-01] (OpenLibSys.org) R3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2011-12-26] (Atheros Communications, Inc.) S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-03 23:25 - 2014-01-03 23:25 - 00000000 ____D C:\AdwCleaner 2014-01-03 23:21 - 2014-01-03 23:21 - 00000000 ____D C:\Documents and Settings\asd\Dane aplikacji\newnext.me 2014-01-03 22:04 - 2014-01-03 22:04 - 00000000 ____D C:\FRST 2014-01-02 20:12 - 2014-01-02 20:12 - 00000000 ____D C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\Razer 2014-01-02 20:12 - 2014-01-02 20:12 - 00000000 ____D C:\Documents and Settings\asd\Moje dokumenty\Razer 2014-01-02 20:11 - 2014-01-02 20:11 - 00000755 _____ C:\Documents and Settings\All Users\Pulpit\Razer Game Booster.lnk 2014-01-02 20:11 - 2014-01-02 20:11 - 00000000 ____D C:\Program Files\Razer 2014-01-02 20:11 - 2014-01-02 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Razer 2014-01-02 20:11 - 2014-01-02 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Razer 2014-01-02 19:08 - 2014-01-02 19:08 - 00005240 _____ C:\Documents and Settings\asd\Moje dokumenty\cc_20140102_190830.reg 2014-01-02 19:03 - 2013-02-04 17:51 - 00001396 _____ C:\Documents and Settings\All Users\Pulpit\Opera.lnk 2014-01-02 19:01 - 2014-01-02 19:01 - 00000000 _____ C:\WINDOWS\Sti_Trace.log 2014-01-02 19:00 - 2014-01-03 23:35 - 00039099 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-02 14:37 - 2014-01-02 14:37 - 00000000 ____D C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\LiveGBoost 2014-01-02 14:36 - 2014-01-02 14:37 - 00001837 _____ C:\Documents and Settings\asd\GBoost_Bootstrap.log 2014-01-02 14:36 - 2014-01-02 14:36 - 00000000 ____D C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\GZero 2014-01-02 14:36 - 2014-01-02 14:36 - 00000000 ____D C:\Documents and Settings\asd\Dane aplikacji\GZero 2014-01-01 21:15 - 2014-01-01 21:16 - 00015510 _____ C:\Documents and Settings\asd\Moje dokumenty\cc_20140101_211541.reg 2014-01-01 21:15 - 2014-01-01 21:15 - 00000338 _____ C:\Documents and Settings\asd\Moje dokumenty\cc_20140101_211501.reg 2013-12-30 21:18 - 2013-12-30 21:18 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google+ Auto Backup 2013-12-30 21:17 - 2013-12-30 21:17 - 00000000 ____D C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Google 2013-12-30 16:53 - 2013-12-30 16:53 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB952011$ 2013-12-29 11:48 - 2014-01-02 21:35 - 00002267 _____ C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2013-12-29 11:48 - 2013-12-29 11:49 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2013-12-29 11:48 - 2013-12-29 11:48 - 00000000 ___RD C:\Program Files\Skype 2013-12-29 11:48 - 2013-12-29 11:48 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-12-23 22:29 - 2014-01-03 23:35 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt 2013-12-12 18:14 - 2013-12-12 18:14 - 00027472 _____ C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2013-12-08 15:00 - 2014-01-04 10:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-08 15:00 - 2013-12-08 15:00 - 00000000 __SHD C:\FOUND.096 ==================== One Month Modified Files and Folders ======= 2014-01-04 10:51 - 2013-12-08 15:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-04 10:51 - 2013-11-02 21:53 - 00000274 _____ C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job 2014-01-04 10:51 - 2013-08-31 10:59 - 00002462 _____ C:\autoupdate.log 2014-01-03 23:35 - 2014-01-02 19:00 - 00039099 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-03 23:35 - 2013-12-23 22:29 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-03 23:35 - 2013-07-04 13:04 - 00524288 _____ C:\WINDOWS\system32\config\ACS.evt 2014-01-03 23:35 - 2013-02-09 12:38 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2014-01-03 23:35 - 2013-02-03 21:46 - 00000188 ___SH C:\Documents and Settings\asd\ntuser.ini 2014-01-03 23:25 - 2014-01-03 23:25 - 00000000 ____D C:\AdwCleaner 2014-01-03 23:21 - 2014-01-03 23:21 - 00000000 ____D C:\Documents and Settings\asd\Dane aplikacji\newnext.me 2014-01-03 22:04 - 2014-01-03 22:04 - 00000000 ____D C:\FRST 2014-01-03 16:50 - 2013-09-09 21:11 - 00000188 ___SH C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\ntuser.ini 2014-01-02 21:35 - 2013-12-29 11:48 - 00002267 _____ C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2014-01-02 20:12 - 2014-01-02 20:12 - 00000000 ____D C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\Razer 2014-01-02 20:12 - 2014-01-02 20:12 - 00000000 ____D C:\Documents and Settings\asd\Moje dokumenty\Razer 2014-01-02 20:11 - 2014-01-02 20:11 - 00000755 _____ C:\Documents and Settings\All Users\Pulpit\Razer Game Booster.lnk 2014-01-02 20:11 - 2014-01-02 20:11 - 00000000 ____D C:\Program Files\Razer 2014-01-02 20:11 - 2014-01-02 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Razer 2014-01-02 20:11 - 2014-01-02 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Razer 2014-01-02 19:08 - 2014-01-02 19:08 - 00005240 _____ C:\Documents and Settings\asd\Moje dokumenty\cc_20140102_190830.reg 2014-01-02 19:01 - 2014-01-02 19:01 - 00000000 _____ C:\WINDOWS\Sti_Trace.log 2014-01-02 14:37 - 2014-01-02 14:37 - 00000000 ____D C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\LiveGBoost 2014-01-02 14:37 - 2014-01-02 14:36 - 00001837 _____ C:\Documents and Settings\asd\GBoost_Bootstrap.log 2014-01-02 14:36 - 2014-01-02 14:36 - 00000000 ____D C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\GZero 2014-01-02 14:36 - 2014-01-02 14:36 - 00000000 ____D C:\Documents and Settings\asd\Dane aplikacji\GZero 2014-01-01 21:16 - 2014-01-01 21:15 - 00015510 _____ C:\Documents and Settings\asd\Moje dokumenty\cc_20140101_211541.reg 2014-01-01 21:15 - 2014-01-01 21:15 - 00000338 _____ C:\Documents and Settings\asd\Moje dokumenty\cc_20140101_211501.reg 2014-01-01 13:08 - 2013-02-04 17:56 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-01-01 13:08 - 2013-02-04 17:56 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-12-30 21:18 - 2013-12-30 21:18 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google+ Auto Backup 2013-12-30 21:17 - 2013-12-30 21:17 - 00000000 ____D C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Google 2013-12-30 16:53 - 2013-12-30 16:53 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB952011$ 2013-12-29 11:49 - 2013-12-29 11:48 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2013-12-29 11:48 - 2013-12-29 11:48 - 00000000 ___RD C:\Program Files\Skype 2013-12-29 11:48 - 2013-12-29 11:48 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-12-27 20:34 - 2013-11-02 21:52 - 00000590 _____ C:\Documents and Settings\asd\Pulpit\Jazz Jackrabbit 2.lnk 2013-12-19 16:54 - 2001-07-22 00:17 - 00002228 _____ C:\WINDOWS\system32\wpa.dbl 2013-12-12 21:14 - 2013-02-13 19:11 - 00005632 _____ C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-12 18:14 - 2013-12-12 18:14 - 00027472 _____ C:\Documents and Settings\asd\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2013-12-08 15:00 - 2013-12-08 15:00 - 00000000 __SHD C:\FOUND.096 ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-14 20:51] - [2008-04-14 20:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2008-04-14 20:51] - [2008-04-14 20:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2008-04-14 20:51] - [2008-04-14 20:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2008-04-14 20:51] - [2008-04-14 20:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\Windows\System32\User32.dll [2008-04-14 20:50] - [2008-04-14 20:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2008-04-14 20:51] - [2008-04-14 20:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2008-04-14 20:50] - [2008-04-14 20:50] - 0399360 ____A (Microsoft Corporation) 02396dab9dd407b06539981f477f3fec C:\Windows\System32\Drivers\volsnap.sys [2008-04-14 19:31] - [2008-04-14 19:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================