Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01 Ran by admin (administrator) on PC-FED7B442F71F on 07-02-2014 15:44:02 Running from C:\Documents and Settings\admin\Pulpit\frst Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (VIA Technologies) C:\Program Files\VIA\RAID\raid_tool.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe (S3 Graphics Co., Ltd.) C:\WINDOWS\system32\VTTrayp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe () C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RaidTool] - C:\Program Files\VIA\RAID\raid_tool.exe [1056768 2014-01-29] (VIA Technologies) HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2014-01-29] (Ahead Software Gmbh) HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [77824 2014-01-29] (Realtek Semiconductor Corp.) HKLM\...\Run: [VTTimer] - C:\WINDOWS\system32\VTTimer.exe [53248 2014-01-29] (S3 Graphics, Inc.) HKLM\...\Run: [VTTrayp] - C:\WINDOWS\system32\VTtrayp.exe [147456 2014-01-29] (S3 Graphics Co., Ltd.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2014-01-29] (Hewlett-Packard Co.) HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [614400 2014-01-29] () Startup: C:\Documents and Settings\admin\Menu Start\Programy\Autostart\PandaUSBVaccine.lnk ShortcutTarget: PandaUSBVaccine.lnk -> C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\wjow9f1r.default FF NetworkProxy: "type", 0 FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-14] ========================== Services (Whitelisted) ================= R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [264704 2010-11-16] () S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [24920 2012-03-06] (AVAST Software) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2324480 2005-06-20] (Realtek Semiconductor Corp.) S4 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [20696 2012-03-07] (AVAST Software) S4 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [95704 2012-03-07] (AVAST Software) S4 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [35672 2012-03-07] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [612184 2012-03-07] (AVAST Software) S4 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [337880 2012-03-07] (AVAST Software) S4 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [53848 2012-03-07] (AVAST Software) R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R2 FSHOOK; C:\WINDOWS\system32\DRIVERS\FSHOOK.SYS [7040 2001-06-08] () R0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.) S3 SkLaggProtocol; C:\WINDOWS\System32\DRIVERS\yk51x86l.sys [65824 2010-05-14] (Marvell) S3 SkVlanProtocol; C:\WINDOWS\System32\DRIVERS\yk51x86v.sys [20992 2010-05-14] (Marvell) R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [237312 2005-08-24] (Copyright (C) VIA/S3 Graphics Co, Ltd.) R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [60928 2005-06-20] (VIA Technologies inc,.ltd) U5 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 tavwssrh; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-07 15:33 - 2014-02-07 15:44 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\frst 2014-02-05 15:25 - 2014-02-05 15:26 - 00001364 _____ C:\Documents and Settings\admin\Pulpit\UsbFix.lnk 2014-02-05 15:25 - 2014-02-05 15:25 - 00000000 ____D C:\UsbFix 2014-02-05 15:23 - 2014-02-07 15:35 - 00000000 ____D C:\FRST 2014-01-30 18:18 - 2014-02-05 15:26 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\NOWE LOGI 2014-01-30 18:04 - 2014-01-30 18:04 - 00380416 _____ C:\Documents and Settings\admin\Pulpit\401ymei9.exe 2014-01-30 17:59 - 2014-01-30 17:59 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\TFC.exe 2014-01-30 17:57 - 2014-01-30 17:57 - 00000000 ____D C:\Program Files\Panda USB Vaccine 2014-01-30 17:57 - 2014-01-30 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security 2014-01-30 17:57 - 2014-01-30 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Panda Security 2014-01-30 17:57 - 2014-01-30 17:55 - 00848856 _____ (Panda Security ) C:\Documents and Settings\admin\Pulpit\USBVaccineSetup.exe 2014-01-30 17:53 - 2008-08-07 16:08 - 00013522 _____ C:\Documents and Settings\admin\Pulpit\SafeBootWinXP.reg 2014-01-29 13:01 - 2010-11-12 10:13 - 00171344 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\admin\Pulpit\SalityKiller.exe 2014-01-28 13:12 - 2014-01-29 13:02 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\OTL.exe 2014-01-28 12:57 - 2014-01-28 12:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini012814-01.dmp 2014-01-22 10:25 - 2014-01-22 10:25 - 00090112 _____ C:\WINDOWS\Minidump\Mini012214-02.dmp 2014-01-22 10:13 - 2014-01-22 10:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini012214-01.dmp ==================== One Month Modified Files and Folders ======= 2014-02-07 15:44 - 2014-02-07 15:33 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\frst 2014-02-07 15:43 - 2012-06-13 15:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-02-07 15:43 - 2012-06-13 15:02 - 01302951 _____ C:\WINDOWS\WindowsUpdate.log 2014-02-07 15:42 - 2012-06-13 16:56 - 00000216 _____ C:\WINDOWS\wiadebug.log 2014-02-07 15:42 - 2012-06-13 16:56 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-02-07 15:42 - 2012-06-13 15:14 - 00000188 ___SH C:\Documents and Settings\admin\ntuser.ini 2014-02-07 15:42 - 2012-06-13 15:09 - 00032324 _____ C:\WINDOWS\SchedLgU.Txt 2014-02-07 15:41 - 2012-06-13 15:14 - 00000000 ___RD C:\Documents and Settings\admin\Moje dokumenty\Moje obrazy 2014-02-07 15:39 - 2012-06-14 12:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-02-07 15:39 - 2012-06-13 15:01 - 00000000 ____D C:\WINDOWS\system32\Macromed 2014-02-07 15:36 - 2012-06-13 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2014-02-07 15:35 - 2014-02-05 15:23 - 00000000 ____D C:\FRST 2014-02-07 15:33 - 2012-06-14 13:08 - 00000462 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{93DF8422-9046-431A-B0CD-8908709E8CE4}.job 2014-02-07 15:33 - 2012-06-13 15:14 - 00000000 ____D C:\Documents and Settings\admin\Pulpit 2014-02-07 15:31 - 2004-08-04 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2014-02-05 15:26 - 2014-02-05 15:25 - 00001364 _____ C:\Documents and Settings\admin\Pulpit\UsbFix.lnk 2014-02-05 15:26 - 2014-01-30 18:18 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\NOWE LOGI 2014-02-05 15:25 - 2014-02-05 15:25 - 00000000 ____D C:\UsbFix 2014-01-30 18:04 - 2014-01-30 18:04 - 00380416 _____ C:\Documents and Settings\admin\Pulpit\401ymei9.exe 2014-01-30 18:04 - 2012-06-14 12:54 - 00000000 ____D C:\Documents and Settings\admin\Moje dokumenty\Pobieranie 2014-01-30 17:59 - 2014-01-30 17:59 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\TFC.exe 2014-01-30 17:57 - 2014-01-30 17:57 - 00000000 ____D C:\Program Files\Panda USB Vaccine 2014-01-30 17:57 - 2014-01-30 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security 2014-01-30 17:57 - 2014-01-30 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Panda Security 2014-01-30 17:57 - 2012-06-13 16:53 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2014-01-30 17:57 - 2012-06-13 16:52 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2014-01-30 17:57 - 2012-06-13 15:14 - 00000000 ___RD C:\Documents and Settings\admin\Menu Start\Programy\Autostart 2014-01-30 17:55 - 2014-01-30 17:57 - 00848856 _____ (Panda Security ) C:\Documents and Settings\admin\Pulpit\USBVaccineSetup.exe 2014-01-30 17:32 - 2004-08-04 13:00 - 00000241 _____ C:\WINDOWS\system.ini 2014-01-29 15:59 - 2012-06-21 13:19 - 00072440 _____ (Sonic Solutions) C:\WINDOWS\system32\pxhpinst.exe 2014-01-29 15:59 - 2012-06-15 12:56 - 00025600 ____R (VIA) C:\WINDOWS\system32\VModes.exe 2014-01-29 15:59 - 2012-06-14 14:55 - 00155648 _____ (Ahead Software Gmbh) C:\WINDOWS\system32\NeroCheck.exe 2014-01-29 15:59 - 2012-06-14 12:25 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe 2014-01-29 15:59 - 2012-06-14 12:15 - 00026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe 2014-01-29 15:59 - 2009-03-08 03:34 - 00208384 ____N (Microsoft Corporation) C:\WINDOWS\system32\WinFXDocObj.exe 2014-01-29 15:59 - 2008-04-14 18:21 - 00032768 ____N (Smart Link) C:\WINDOWS\system32\slrundll.exe 2014-01-29 15:59 - 2008-04-14 18:21 - 00028672 ____N (Microsoft Corporation) C:\WINDOWS\system32\verclsid.exe 2014-01-29 15:59 - 2008-04-14 18:21 - 00020992 ____N (Microsoft Corporation) C:\WINDOWS\system32\spupdwxp.exe 2014-01-29 15:59 - 2008-04-14 18:21 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\spdwnwxp.exe 2014-01-29 15:59 - 2006-10-18 20:58 - 00008704 ____N (Microsoft Corporation) C:\WINDOWS\system32\wdfmgr.exe 2014-01-29 15:59 - 2006-10-18 19:00 - 00017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpdshextautoplay.exe 2014-01-29 15:59 - 2004-08-04 13:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\win.com 2014-01-29 15:59 - 2002-08-21 04:13 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WISPTIS.EXE 2014-01-29 15:58 - 2012-06-14 12:28 - 00293376 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserchoice.exe 2014-01-29 15:58 - 2004-08-04 13:00 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com 2014-01-29 15:58 - 2004-08-04 13:00 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\cliconfg.exe 2014-01-29 15:58 - 2004-08-04 13:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskcomp.com 2014-01-29 13:03 - 2013-06-28 14:01 - 39101872 _____ (Samsung ) C:\Documents and Settings\admin\Pulpit\ML-1640_Print_32bit.exe 2014-01-29 13:02 - 2014-01-28 13:12 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\OTL.exe 2014-01-29 13:01 - 2012-06-15 12:56 - 00147456 ____R (S3 Graphics Co., Ltd.) C:\WINDOWS\system32\VTTrayp.exe 2014-01-29 13:01 - 2012-06-15 12:56 - 00053248 ____R (S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe 2014-01-29 13:01 - 2012-06-15 12:52 - 00077824 ____R (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE 2014-01-29 10:28 - 2012-06-13 15:07 - 00000000 __SHD C:\Documents and Settings\NetworkService 2014-01-28 12:59 - 2012-06-15 13:02 - 00565377 _____ C:\WINDOWS\setupapi.log 2014-01-28 12:57 - 2014-01-28 12:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini012814-01.dmp 2014-01-22 10:25 - 2014-01-22 10:25 - 00090112 _____ C:\WINDOWS\Minidump\Mini012214-02.dmp 2014-01-22 10:13 - 2014-01-22 10:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini012214-01.dmp ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2004-08-04 13:00] - [2008-04-14 18:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2004-08-04 13:00] - [2008-04-14 18:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] - [2008-04-14 18:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2004-08-04 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2004-08-04 13:00] - [2008-04-14 18:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2004-08-04 13:00] - [2008-04-14 18:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2004-08-04 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2004-08-04 13:00] - [2008-04-14 17:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================