Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014 Ran by DC5700 (administrator) on HP on 06-06-2014 16:49:40 Running from C:\Documents and Settings\DC5700\Moje dokumenty\Pobieranie Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Adobe Systems Incorporated) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16871936 2008-06-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [upfst_pl_30.exe] => C:\Documents and Settings\DC5700\Ustawienia lokalne\Dane aplikacji\fst_pl_30\upfst_pl_30.exe -runhelper HKLM\...\Run: [fst_pl_19] => [X] HKLM\...\Run: [fst_pl_30] => [X] HKLM\...\Run: [fst_pl_79] => [X] HKLM\...\Run: [fst_pl_99] => [X] ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 86.63.129.29 86.63.129.30 FireFox: ======== FF ProfilePath: C:\Documents and Settings\DC5700\Dane aplikacji\Mozilla\Firefox\Profiles\z352r1gy.default-1402065882484 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () ========================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation) S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 16:44 - 2014-06-06 16:44 - 00000000 ____D () C:\Documents and Settings\DC5700\Pulpit\Stare dane programu Firefox 2014-06-06 16:41 - 2014-06-06 16:41 - 00001316 _____ () C:\Documents and Settings\DC5700\Pulpit\Wyczyść rejestr za darmo!.lnk 2014-06-06 16:40 - 2014-06-06 16:40 - 00000000 ____D () C:\Program Files\predm 2014-05-29 10:29 - 2014-05-29 10:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-28 15:05 - 2014-05-28 15:05 - 00008728 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-05-28 15:05 - 2014-05-28 15:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-05-28 14:56 - 2014-06-06 16:49 - 00000000 ____D () C:\FRST 2014-05-28 14:43 - 2014-05-28 14:43 - 00000412 _____ () C:\Documents and Settings\DC5700\Moje dokumenty\spider.sav 2014-05-28 14:38 - 2014-05-28 14:38 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-05-28 14:31 - 2014-05-28 14:50 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-05-28 14:24 - 2014-05-28 14:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-05-28 14:21 - 2014-06-06 16:47 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-05-28 14:21 - 2014-05-28 14:28 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-05-08 08:27 - 2014-05-08 08:28 - 00005204 _____ () C:\WINDOWS\KB2934207.log 2014-05-08 08:27 - 2014-05-08 08:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ ==================== One Month Modified Files and Folders ======= 2014-06-06 16:49 - 2014-05-28 14:56 - 00000000 ____D () C:\FRST 2014-06-06 16:49 - 2013-05-22 16:36 - 00000000 ____D () C:\Documents and Settings\DC5700\Moje dokumenty\Pobieranie 2014-06-06 16:49 - 2012-04-05 03:24 - 00000000 ____D () C:\Documents and Settings\DC5700\Ustawienia lokalne\Temp 2014-06-06 16:48 - 2012-04-05 03:15 - 01793239 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-06 16:47 - 2014-05-28 14:21 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-06-06 16:47 - 2013-06-01 18:40 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job 2014-06-06 16:47 - 2012-04-05 03:21 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-06 16:47 - 2008-09-06 14:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-06 16:46 - 2012-04-05 03:24 - 00000188 ___SH () C:\Documents and Settings\DC5700\ntuser.ini 2014-06-06 16:46 - 2012-04-05 03:21 - 00032568 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-06 16:46 - 2012-04-05 03:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2014-06-06 16:44 - 2014-06-06 16:44 - 00000000 ____D () C:\Documents and Settings\DC5700\Pulpit\Stare dane programu Firefox 2014-06-06 16:44 - 2012-04-05 03:24 - 00000000 ____D () C:\Documents and Settings\DC5700\Pulpit 2014-06-06 16:43 - 2014-02-02 12:47 - 00000000 ____D () C:\Program Files\SupTab 2014-06-06 16:43 - 2014-02-02 12:47 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\WPM 2014-06-06 16:43 - 2012-04-05 03:24 - 00000000 __RHD () C:\Documents and Settings\DC5700\Dane aplikacji 2014-06-06 16:41 - 2014-06-06 16:41 - 00001316 _____ () C:\Documents and Settings\DC5700\Pulpit\Wyczyść rejestr za darmo!.lnk 2014-06-06 16:41 - 2014-01-12 17:01 - 00000000 ____D () C:\Program Files\VLC Player GPU+ 2014-06-06 16:41 - 2013-05-22 16:33 - 00000000 ____D () C:\Documents and Settings\DC5700\Dane aplikacji\Systweak 2014-06-06 16:41 - 2012-04-05 05:08 - 00763814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-06 16:41 - 2012-04-05 03:24 - 00000000 ___RD () C:\Documents and Settings\DC5700\Menu Start\Programy 2014-06-06 16:41 - 2008-09-06 14:00 - 00355830 _____ () C:\WINDOWS\system32\perfh015.dat 2014-06-06 16:41 - 2008-09-06 14:00 - 00049712 _____ () C:\WINDOWS\system32\perfc015.dat 2014-06-06 16:40 - 2014-06-06 16:40 - 00000000 ____D () C:\Program Files\predm 2014-06-06 16:40 - 2012-04-05 05:07 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-06-06 16:40 - 2012-04-05 03:24 - 00000000 ___HD () C:\Documents and Settings\DC5700\Ustawienia lokalne\Dane aplikacji 2014-06-06 16:38 - 2014-02-28 14:27 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-06-06 16:38 - 2014-02-28 14:27 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-06-06 16:37 - 2013-05-22 16:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-06-06 16:36 - 2012-04-05 05:07 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-06-06 16:36 - 2012-04-05 05:07 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-05-29 10:29 - 2014-05-29 10:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-28 15:05 - 2014-05-28 15:05 - 00008728 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-05-28 15:05 - 2014-05-28 15:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-05-28 15:05 - 2014-05-02 21:55 - 00013561 _____ () C:\WINDOWS\KB2929961.log 2014-05-28 15:05 - 2013-06-01 18:36 - 00098278 _____ () C:\WINDOWS\updspapi.log 2014-05-28 15:05 - 2012-04-05 05:08 - 01171141 _____ () C:\WINDOWS\iis6.log 2014-05-28 15:05 - 2012-04-05 05:08 - 01056483 _____ () C:\WINDOWS\FaxSetup.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00514336 _____ () C:\WINDOWS\ocgen.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00490768 _____ () C:\WINDOWS\tsoc.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00363987 _____ () C:\WINDOWS\comsetup.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00333430 _____ () C:\WINDOWS\msmqinst.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00218620 _____ () C:\WINDOWS\ntdtcsetup.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00185817 _____ () C:\WINDOWS\netfxocm.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00073312 _____ () C:\WINDOWS\MedCtrOC.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00066119 _____ () C:\WINDOWS\ocmsn.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00055171 _____ () C:\WINDOWS\tabletoc.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00053092 _____ () C:\WINDOWS\msgsocm.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-05-28 15:05 - 2012-04-05 05:08 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-05-28 14:50 - 2014-05-28 14:31 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-05-28 14:50 - 2012-04-05 05:07 - 00391407 _____ () C:\WINDOWS\setupapi.log 2014-05-28 14:43 - 2014-05-28 14:43 - 00000412 _____ () C:\Documents and Settings\DC5700\Moje dokumenty\spider.sav 2014-05-28 14:43 - 2012-04-05 03:24 - 00000000 ___RD () C:\Documents and Settings\DC5700\Moje dokumenty 2014-05-28 14:42 - 2012-04-05 03:24 - 00001599 _____ () C:\Documents and Settings\DC5700\Menu Start\Programy\Pomoc zdalna.lnk 2014-05-28 14:42 - 2012-04-05 03:16 - 00001607 _____ () C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2014-05-28 14:42 - 2012-04-05 03:16 - 00001599 _____ () C:\Documents and Settings\Default User\Menu Start\Programy\Pomoc zdalna.lnk 2014-05-28 14:42 - 2012-04-05 03:16 - 00001507 _____ () C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk 2014-05-28 14:38 - 2014-05-28 14:38 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-05-28 14:28 - 2014-05-28 14:21 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-05-28 14:24 - 2014-05-28 14:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-05-28 14:24 - 2014-05-02 21:55 - 00009911 _____ () C:\WINDOWS\KB2922229.log 2014-05-28 14:22 - 2014-01-30 14:00 - 00000000 ____D () C:\WINDOWS\system32\cache 2014-05-08 08:28 - 2014-05-08 08:27 - 00005204 _____ () C:\WINDOWS\KB2934207.log 2014-05-08 08:27 - 2014-05-08 08:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-05-08 08:25 - 2012-04-05 05:07 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-09-06 14:00] - [2008-09-06 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-09-06 14:00] - [2008-09-06 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-09-06 14:00] - [2008-09-06 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-09-06 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-09-06 14:00] - [2008-09-06 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-09-06 14:00] - [2008-09-06 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-09-06 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-09-06 14:00] - [2008-09-06 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================