Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04 Ran by Administrator (administrator) on ANTONI on 20-01-2014 23:30:08 Running from C:\Documents and Settings\Administrator\Pulpit\Fixit\FRST Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft (R) Corporation) C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe () C:\WINDOWS\system32\PAStiSvc.exe () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Knowles Acoustics) C:\WINDOWS\system32\KADxMain.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe () C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\QOMO\Flow!Works\Driver\Driver\board_driver.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe () C:\Documents and Settings\All Users\Dane aplikacji\U3\U3Launcher\LaunchU3.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (Microsoft (R) Corporation) C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [Dell QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [1245184 2008-02-22] (Dell Inc.) HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2183168 2007-10-09] (Dell Inc.) HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [92160 2007-09-10] (Wave Systems Corp.) HKLM\...\Run: [SecureUpgrade] - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [218424 2007-09-14] (Wave Systems Corp.) HKLM\...\Run: [KADxMain] - C:\WINDOWS\system32\KADxMain.exe [282624 2006-11-02] (Knowles Acoustics) HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-02-26] (CyberLink Corp.) HKLM\...\Run: [Synchronization Manager] - C:\Windows\system32\mobsync.exe [143872 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-10-14] (AVAST Software) HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-12-05] (SigmaTel, Inc.) HKLM\...\Run: [] - [x] HKLM\...\Run: [Hiteboard] - C:\Program Files\QOMO\Flow!Works\Driver\Driver\board_driver.exe [8770048 2012-08-28] () HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre7\bin\jusched.exe HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\gemsafe: C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1 HKCU\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation) HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-15] (SUPERAntiSpyware) HKCU\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKU\administrator.SBSMENIS\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [ 2004-08-04] (Microsoft Corporation) HKU\Default User\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [ 2004-08-04] (Microsoft Corporation) Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\LaunchU3.exe.lnk ShortcutTarget: LaunchU3.exe.lnk -> C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Firewall Client Management.lnk ShortcutTarget: Microsoft Firewall Client Management.lnk -> C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe (Microsoft (R) Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: sbs2005:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {F786971E-EA0E-4A44-8372-B83644291FAA} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Pomocnik rejestrowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Winsock: Catalog5 01 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation) Winsock: Catalog9 01 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation) Winsock: Catalog9 03 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation) Winsock: Catalog9 06 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation) Winsock: Catalog9 08 C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft (R) Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{60CF466F-5784-46BF-BA68-EA69C63815AE}: [NameServer]192.168.13.1,8.8.8.8 Tcpip\..\Interfaces\{783FBC84-2B1D-45DE-8829-809BFD29C028}: [NameServer]194.204.159.1,194.204.152.34 Chrome: ======= CHR DefaultSearchKeyword: searchgol.com CHR DefaultSearchProvider: SearchGol CHR DefaultSearchURL: http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=84FE001FE12E819D&affID=125032&tsp=5030 CHR DefaultNewTabURL: CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-18] CHR Extension: (Dysk Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-18] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-18] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-18] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-18] ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-10-14] (AVAST Software) R2 FwcAgent; C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [128832 2006-12-09] (Microsoft (R) Corporation) R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2008-02-22] (Dell Inc.) S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [486400 2007-08-31] (Wave Systems Corp.) R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-12-05] (SigmaTel, Inc.) R2 STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [53248 2005-01-14] () R2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1552384 2007-11-08] () R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [737280 2007-09-07] (Wave Systems Corp.) R2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) S3 WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [192512 2007-09-13] (Wave Systems Corp.) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1921024 2007-10-09] (Dell Inc.) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation) R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-10-14] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-10-14] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-10-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-10-14] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-10-14] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-10-14] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-10-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-10-14] () R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1123328 2007-10-09] (Broadcom Corp.) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio) R2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio) R2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio) R2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio) R2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio) R2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio) R2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio) R2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio) S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics) S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.) R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [62208 2007-11-28] (O2Micro) R3 HHTHid; C:\Windows\System32\DRIVERS\HHTHid.sys [6400 2011-11-29] (HHT-Tech) R3 HHTHid_ArtvhMouFiltr; C:\Windows\System32\DRIVERS\HHTHidMouFiltr.sys [5632 2011-11-29] (HHT-Tech) S3 hht_kbmouse; C:\Windows\System32\DRIVERS\hht_kbmouse.sys [12048 2010-11-10] (Hitevision) S3 hht_vmouse; C:\Windows\System32\DRIVERS\hht_vmouse.sys [6656 2011-01-12] (Hitevision) S3 HHUsb5; C:\Windows\System32\Drivers\HHUsb5.sys [30264 2012-05-11] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [57112 2011-01-21] (Paragon Software Group) R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [51416 2014-01-19] (Malwarebytes Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies) S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 P1130VID; C:\Windows\System32\DRIVERS\P1130Vid.sys [90229 2003-06-11] (Creative Technology Ltd.) S3 PAC207; C:\Windows\System32\DRIVERS\pfc027.sys [162176 2005-02-24] () R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2007-09-07] (Dell Inc) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2012-05-11] (Silicon Laboratories) S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2012-05-11] (Silicon Laboratories) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-12-05] (SigmaTel, Inc.) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [40824 2011-01-21] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [381032 2011-01-21] (Paragon) R3 WaveFDE; C:\Windows\System32\DRIVERS\WaveFDE.sys [18176 2007-09-06] (Windows (R) Codename Longhorn DDK provider) R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [161280 2007-09-10] (Wave Systems Corp.) S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [193696 2009-04-08] (Jungo) U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-14] (Microsoft Corporation) U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-20 23:16 - 2014-01-20 23:18 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Fixit 2014-01-20 20:45 - 2014-01-20 20:47 - 00026624 ___SH C:\Documents and Settings\Administrator\Pulpit\Thumbs.db 2014-01-20 20:34 - 2014-01-20 20:44 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\lub 2014-01-20 19:57 - 2014-01-20 19:57 - 00000000 ____D C:\FRST 2014-01-19 15:45 - 2014-01-19 15:45 - 00065536 _____ C:\WINDOWS\Minidump\Mini011914-01.dmp 2014-01-19 15:10 - 2014-01-19 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes' Anti-Malware (portable) 2014-01-19 15:10 - 2014-01-19 16:03 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-01-19 15:09 - 2014-01-19 15:09 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-01-19 15:08 - 2014-01-19 15:08 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\mbar 2014-01-19 15:02 - 2014-01-19 15:03 - 00003276 _____ C:\Ad-Report-SCAN[4].txt 2014-01-18 22:03 - 2014-01-18 22:03 - 00000000 ____D C:\_OTL 2014-01-18 19:39 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll 2014-01-18 19:39 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2014-01-18 19:33 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-01-18 19:33 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-01-18 19:33 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-01-18 19:33 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-01-18 19:32 - 2014-01-18 19:33 - 00005203 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log 2014-01-18 18:42 - 2014-01-18 18:42 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty\GPSMapEdit 2014-01-18 18:26 - 2014-01-18 18:27 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\LEWE 2014-01-18 18:22 - 2014-01-20 20:45 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\z pulpitu 18 01 2014 2014-01-18 18:05 - 2014-01-18 18:05 - 00001083 _____ C:\Documents and Settings\Administrator\Pulpit\Skrót do Default.lnk 2014-01-18 17:57 - 2014-01-18 18:36 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\INSTALKI 2014-01-18 17:49 - 2014-01-20 23:17 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\pobrane 2014-01-18 15:22 - 2014-01-18 15:22 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google+ Auto Backup 2014-01-15 18:51 - 2014-01-15 18:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-15 18:49 - 2014-01-15 18:51 - 00005271 _____ C:\WINDOWS\KB2914368.log 2014-01-08 10:38 - 2014-01-08 10:38 - 00001915 _____ C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk 2014-01-08 10:38 - 2014-01-08 10:38 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google Earth 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\WINDOWS\system32\GPhotos.scr ==================== One Month Modified Files and Folders ======= 2014-01-20 23:28 - 2010-05-18 16:31 - 00000460 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{155C28F4-2598-499F-8C3E-8484C1E99738}.job 2014-01-20 23:18 - 2014-01-20 23:16 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Fixit 2014-01-20 23:17 - 2014-01-18 17:49 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\pobrane 2014-01-20 23:17 - 2004-09-20 10:25 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit 2014-01-20 23:08 - 2004-09-20 10:25 - 00031938 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-20 23:06 - 2012-09-28 14:44 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-20 22:48 - 2010-05-18 13:35 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-20 22:36 - 2010-05-18 13:35 - 00001028 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-20 22:36 - 2008-05-21 13:55 - 00000000 _____ C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\WavXMapDrive.bat 2014-01-20 22:36 - 2004-09-20 10:05 - 00002422 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-20 22:32 - 2012-06-05 17:29 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-20 22:32 - 2004-09-20 10:18 - 01181360 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-20 22:30 - 2008-05-21 13:42 - 00000000 ____D C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\NTRU Cryptosystems 2014-01-20 22:30 - 2004-09-20 10:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-20 22:30 - 2004-09-20 10:17 - 00000000 ____D C:\WINDOWS\Registration 2014-01-20 22:30 - 2004-09-20 10:15 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-20 22:30 - 2004-09-20 10:15 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-20 22:20 - 2004-09-20 10:25 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2014-01-20 20:47 - 2014-01-20 20:45 - 00026624 ___SH C:\Documents and Settings\Administrator\Pulpit\Thumbs.db 2014-01-20 20:45 - 2014-01-18 18:22 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\z pulpitu 18 01 2014 2014-01-20 20:45 - 2012-06-26 11:43 - 00137728 _____ C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-20 20:44 - 2014-01-20 20:34 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\lub 2014-01-20 20:34 - 2004-09-20 10:25 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy 2014-01-20 19:57 - 2014-01-20 19:57 - 00000000 ____D C:\FRST 2014-01-20 19:06 - 2004-09-20 10:16 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2014-01-19 22:58 - 2004-09-20 10:25 - 00000000 ____D C:\Documents and Settings\Administrator 2014-01-19 22:56 - 2013-03-19 16:41 - 00156677 _____ C:\WINDOWS\setupapi.log 2014-01-19 19:47 - 2014-01-19 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes' Anti-Malware (portable) 2014-01-19 16:03 - 2014-01-19 15:10 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-01-19 15:45 - 2014-01-19 15:45 - 00065536 _____ C:\WINDOWS\Minidump\Mini011914-01.dmp 2014-01-19 15:45 - 2012-09-28 22:09 - 1063268352 _____ C:\WINDOWS\MEMORY.DMP 2014-01-19 15:45 - 2012-08-01 22:56 - 00000000 ____D C:\WINDOWS\Minidump 2014-01-19 15:20 - 2010-04-29 14:20 - 00000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2014-01-19 15:10 - 2004-09-20 10:12 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2014-01-19 15:09 - 2014-01-19 15:09 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-01-19 15:08 - 2014-01-19 15:08 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\mbar 2014-01-19 15:03 - 2014-01-19 15:02 - 00003276 _____ C:\Ad-Report-SCAN[4].txt 2014-01-19 12:51 - 2013-11-07 15:14 - 00000000 ____D C:\AdwCleaner 2014-01-19 01:05 - 2008-11-12 09:46 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt 2014-01-18 22:03 - 2014-01-18 22:03 - 00000000 ____D C:\_OTL 2014-01-18 20:28 - 2004-09-20 10:12 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2014-01-18 20:22 - 2008-05-21 13:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2014-01-18 20:22 - 2004-09-20 10:12 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2014-01-18 20:20 - 2010-03-16 10:56 - 00000000 ____D C:\Program Files\Windows Live 2014-01-18 20:18 - 2008-09-30 16:53 - 00000000 ____D C:\totalcmd 2014-01-18 19:47 - 2008-05-21 13:32 - 00000000 ____D C:\Program Files\Common Files\Java 2014-01-18 19:33 - 2014-01-18 19:32 - 00005203 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log 2014-01-18 19:33 - 2008-05-21 13:32 - 00000000 ____D C:\Program Files\Java 2014-01-18 19:31 - 2004-09-20 10:12 - 01136244 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-18 19:31 - 2004-09-20 10:06 - 00507562 _____ C:\WINDOWS\system32\perfh015.dat 2014-01-18 19:31 - 2004-09-20 10:06 - 00092596 _____ C:\WINDOWS\system32\perfc015.dat 2014-01-18 19:28 - 2004-09-20 10:25 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2014-01-18 18:53 - 2013-07-28 11:01 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-18 18:51 - 2011-06-07 12:31 - 00000000 ____D C:\Program Files\Common Files\GraphBoard 2.50 2014-01-18 18:51 - 2011-06-07 12:24 - 00000000 ____D C:\Program Files\eduROM Strefa P 2014-01-18 18:42 - 2014-01-18 18:42 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty\GPSMapEdit 2014-01-18 18:42 - 2004-09-20 10:25 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty 2014-01-18 18:36 - 2014-01-18 17:57 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\INSTALKI 2014-01-18 18:33 - 2013-08-18 21:26 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Auto z 2013 linki pliki 2014-01-18 18:29 - 2013-08-10 10:19 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\EUMETSAT 2014-01-18 18:27 - 2014-01-18 18:26 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\LEWE 2014-01-18 18:05 - 2014-01-18 18:05 - 00001083 _____ C:\Documents and Settings\Administrator\Pulpit\Skrót do Default.lnk 2014-01-18 15:27 - 2013-08-10 18:51 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty\TerraViva! 2014-01-18 15:22 - 2014-01-18 15:22 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google+ Auto Backup 2014-01-18 15:22 - 2009-11-24 13:06 - 00000000 ____D C:\Program Files\Google 2014-01-18 14:53 - 2013-01-19 20:43 - 00001819 _____ C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-01-18 14:23 - 2011-10-23 11:47 - 00002347 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk 2014-01-15 18:59 - 2008-11-12 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2014-01-15 18:57 - 2013-07-28 21:10 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-15 18:51 - 2014-01-15 18:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-15 18:51 - 2014-01-15 18:49 - 00005271 _____ C:\WINDOWS\KB2914368.log 2014-01-15 18:51 - 2011-10-18 22:50 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-15 18:51 - 2004-09-20 10:12 - 02909193 _____ C:\WINDOWS\FaxSetup.log 2014-01-15 18:51 - 2004-09-20 10:12 - 01400158 _____ C:\WINDOWS\ocgen.log 2014-01-15 18:51 - 2004-09-20 10:12 - 01328091 _____ C:\WINDOWS\tsoc.log 2014-01-15 18:51 - 2004-09-20 10:12 - 01202982 _____ C:\WINDOWS\iis6.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00959273 _____ C:\WINDOWS\comsetup.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00914306 _____ C:\WINDOWS\msmqinst.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00579208 _____ C:\WINDOWS\ntdtcsetup.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00504186 _____ C:\WINDOWS\netfxocm.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00202497 _____ C:\WINDOWS\MedCtrOC.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00174901 _____ C:\WINDOWS\ocmsn.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00149656 _____ C:\WINDOWS\tabletoc.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00144256 _____ C:\WINDOWS\msgsocm.log 2014-01-15 18:51 - 2004-09-20 10:12 - 00001374 _____ C:\WINDOWS\imsins.log 2014-01-15 16:09 - 2012-12-01 14:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2014-01-14 12:59 - 2012-12-18 12:47 - 00000000 _____ C:\Documents and Settings\nauczyciel\Ustawienia lokalne\Dane aplikacji\WavXMapDrive.bat 2014-01-08 10:38 - 2014-01-08 10:38 - 00001915 _____ C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk 2014-01-08 10:38 - 2014-01-08 10:38 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google Earth 2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\WINDOWS\system32\GPhotos.scr Some content of TEMP: ==================== C:\Documents and Settings\nauczyciel\Ustawienia lokalne\temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 13:00] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 13:00] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 13:00] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2004-08-04 13:00] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 13:00] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2004-08-04 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 13:00] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================