Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014 Ran by user (administrator) on Z-5F3AE0D524B34 on 19-06-2014 17:46:34 Running from C:\Documents and Settings\user\Pulpit Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\LifeView FlyVideo\RecSche.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Ulead Systems, Inc.) C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe (InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Mobile Leader Co.,Ltd.) C:\WINDOWS\system32\LGScsiCommandService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Abine Inc.) C:\Program Files\Ask.com\AbineSDK\IE\DNTPService.exe (CallingID Ltd.) C:\Program Files\Ask.com\CallingIDSDK\CIDGlobalLight.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-17] (Realtek Semiconductor Corp.) HKLM\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\JM\JMInsIDE.exe [36864 2006-10-30] () HKLM\...\Run: [36X Raid Configurer] => C:\WINDOWS\system32\JMRaidSetup.exe [1953792 2006-11-16] (JMicron Technology Corp.) HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-09-25] () HKLM\...\Run: [RecSche] => C:\LifeView FlyVideo\RecSche.exe [172032 2002-12-11] () HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [UVS11 Preload] => C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341488 2007-04-12] (InterVideo Digital Technology Corporation) HKLM\...\Run: [PE2CKFNT SE] => C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [25088 1998-07-03] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16270848 2006-11-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [] => [X] HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1648056 2014-01-31] (Ask) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1993962763-1078081533-725345543-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG) HKU\S-1-5-21-1993962763-1078081533-725345543-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-05-15] (Hewlett-Packard Company) HKU\S-1-5-21-1993962763-1078081533-725345543-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1993962763-1078081533-725345543-1004\...\Run: [Google Update] => C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [116648 2012-07-21] (Google Inc.) Lsa: [Notification Packages] scecli scecli Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Photo Express Calendar Checker SE.lnk ShortcutTarget: Photo Express Calendar Checker SE.lnk -> C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.) Startup: C:\Documents and Settings\user\Menu Start\Programy\Autostart\CCC.lnk ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (No File) Startup: C:\Documents and Settings\user\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) URLSearchHook: HKCU - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL No File SearchScopes: HKCU - {91A7980D-0337-44E2-874C-6D4F34E334E1} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=en_PL&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^PL&apn_uid=33e8bb83-ae65-408d-a351-2160b53e5df1&apn_sauid=C4FB4073-14D4-462C-9C2A-FF7FDA4C1DFC BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll No File Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\..\Interfaces\{71F7FDA9-C917-43DA-9F14-9BA811E9C4CC}: [NameServer]194.204.159.1,194.204.152.34 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-08-07] Chrome: ======= CHR HomePage: hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_PL CHR DefaultSearchKeyword: ask.com CHR DefaultSearchProvider: Ask CHR DefaultSearchURL: http://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10267&locale=en_PL&apn_uid=33e8bb83-ae65-408d-a351-2160b53e5df1&apn_ptnrs=%5EAGY&apn_sauid=C4FB4073-14D4-462C-9C2A-FF7FDA4C1DFC&apn_dtid=%5EYYYYYY%5EYY%5EPL&q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Google Update) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2012-12-08] CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13] CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.5.0.crx [2012-10-16] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-03] (Avira Operations GmbH & Co. KG) R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [258560 2006-09-29] (ASUSTeK COMPUTER INC.) [File not signed] R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153392 2012-08-07] (Sun Microsystems, Inc.) S2 lanmanserver; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) R2 LGScsiCommandService; C:\WINDOWS\system32\LGScsiCommandService.exe [47616 2010-04-12] (Mobile Leader Co.,Ltd.) [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed] R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [67056 2007-03-03] (Ulead Systems, Inc.) ==================== Drivers (Whitelisted) ==================== R1 asuskbnt; C:\WINDOWS\System32\drivers\atkkbnt.sys [11008 2006-10-31] (ASUSTeK COMPUTER INC.) [File not signed] R3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [35840 2006-10-31] (Attansic Technology corporation.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2006-10-25] (ASUSTeK Computer Inc.) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP) R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron ) R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [44416 2006-12-06] (JMicron Technology Corp.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed] R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2010-01-21] (LG Electronics Inc.) S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-21] (LG Electronics Inc.) S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-21] (LG Electronics Inc.) R3 Video3D; C:\WINDOWS\System32\Drivers\Video3D32.sys [10752 2006-09-29] (ASUSTeK COMPUTER INC.) [File not signed] S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-19 17:46 - 2014-06-19 17:47 - 00019266 _____ () C:\Documents and Settings\user\Pulpit\FRST.txt 2014-06-19 17:44 - 2014-06-19 17:46 - 00000000 ____D () C:\FRST 2014-06-19 17:42 - 2014-06-19 17:43 - 01072128 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2014-06-17 23:20 - 2014-06-17 23:20 - 00090112 _____ () C:\WINDOWS\Minidump\Mini061714-01.dmp 2014-06-16 17:56 - 2014-06-16 17:56 - 00090112 _____ () C:\WINDOWS\Minidump\Mini061614-01.dmp ==================== One Month Modified Files and Folders ======= 2014-06-19 17:47 - 2014-06-19 17:46 - 00019266 _____ () C:\Documents and Settings\user\Pulpit\FRST.txt 2014-06-19 17:47 - 2009-06-04 10:45 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Temp 2014-06-19 17:46 - 2014-06-19 17:44 - 00000000 ____D () C:\FRST 2014-06-19 17:46 - 2012-08-10 12:20 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-06-19 17:46 - 2009-06-04 10:45 - 00000000 ____D () C:\Documents and Settings\user\Pulpit 2014-06-19 17:43 - 2014-06-19 17:42 - 01072128 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2014-06-19 17:43 - 2012-10-16 13:35 - 00000232 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job 2014-06-19 17:43 - 2012-10-16 13:35 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\AskToolbar 2014-06-19 17:42 - 2012-10-16 13:41 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\CallingID 2014-06-19 17:41 - 2013-04-11 14:34 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\GG 2014-06-19 17:35 - 2012-08-02 06:33 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1078081533-725345543-1004UA.job 2014-06-19 16:52 - 2012-07-20 11:50 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-19 16:03 - 2009-06-04 10:01 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-19 15:34 - 2012-12-08 17:24 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\OpenOffice.org 3.3 (pl) Installation Files 2014-06-19 14:50 - 2009-06-04 09:12 - 01967016 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-19 13:11 - 2012-08-02 13:31 - 00000460 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FFC9186D-FAB6-4BF8-B62A-030FD021BCDB}.job 2014-06-19 13:09 - 2014-03-21 22:18 - 00000220 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-06-19 13:09 - 2013-02-20 15:43 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-1078081533-725345543-1004.job 2014-06-19 13:09 - 2012-07-20 11:50 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-19 13:09 - 2012-07-20 11:50 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1078081533-725345543-1004.job 2014-06-19 13:09 - 2010-08-20 12:44 - 00000672 _____ () C:\WINDOWS\ULEAD32.INI 2014-06-19 13:09 - 2009-06-04 15:10 - 00000227 _____ () C:\WINDOWS\Recording.ini 2014-06-19 13:09 - 2009-06-04 11:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-06-19 13:09 - 2009-06-04 11:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-06-19 13:09 - 2009-06-04 10:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-19 03:29 - 2009-06-04 14:45 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2014-06-19 03:29 - 2009-06-04 10:45 - 00000188 ___SH () C:\Documents and Settings\user\ntuser.ini 2014-06-18 22:29 - 2012-10-16 13:41 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DoNotTrackPlus 2014-06-18 21:08 - 2009-06-04 10:45 - 00000000 ___RD () C:\Documents and Settings\user\Ulubione 2014-06-17 23:20 - 2014-06-17 23:20 - 00090112 _____ () C:\WINDOWS\Minidump\Mini061714-01.dmp 2014-06-17 23:20 - 2011-01-13 13:56 - 00000000 ____D () C:\WINDOWS\Minidump 2014-06-17 22:52 - 2009-06-04 10:45 - 00000000 ___HD () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji 2014-06-17 18:49 - 2013-04-11 14:34 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GG 2014-06-17 03:35 - 2012-08-02 06:33 - 00001076 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1078081533-725345543-1004Core.job 2014-06-16 17:56 - 2014-06-16 17:56 - 00090112 _____ () C:\WINDOWS\Minidump\Mini061614-01.dmp 2014-06-16 05:01 - 2013-12-18 23:06 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\vlc 2014-06-12 03:03 - 2013-08-14 15:01 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-12 03:00 - 2009-06-08 10:51 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-11 17:36 - 2004-08-04 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-10 05:59 - 2009-06-05 18:41 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2014-06-08 15:00 - 2014-03-21 22:18 - 00000214 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-06-06 18:13 - 2009-06-28 17:18 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files 2014-06-06 17:14 - 2009-06-05 18:40 - 00103424 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-04 17:37 - 2009-06-04 14:40 - 00196608 _____ () C:\WINDOWS\system32\Drivers\aStandard.bin 2014-06-03 17:19 - 2012-10-16 13:34 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2014-06-03 17:19 - 2012-10-16 13:34 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-05-28 14:46 - 2013-02-20 15:43 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-1078081533-725345543-1004.job 2014-05-26 19:56 - 2009-06-05 18:41 - 00000074 _____ () C:\Documents and Settings\user\default.pls Some content of TEMP: ==================== C:\Documents and Settings\user\Ustawienia lokalne\Temp\avgnt.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\ggdrive-menu.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\ggdrive-overlay.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\installstats.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-6u33-windows-i586-iftw_137b7395.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\NEW841.tmp.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\setup.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\setup_wm.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmp2c16241b.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmp4dbaba76.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmp730426be.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmp7bbe41ca.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmp8977f674.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmpa7823ddf.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmpc2e2137e.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmpd0cdaaa0.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmpd191943d.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmpd5ec1c20.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmpe6e359aa.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmpeaf4b97f.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================