Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014 01 Ran by Administrator (administrator) on METAL on 10-08-2014 10:10:56 Running from G:\skany kompa\FRST Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Startup: C:\Documents and Settings\Damian\Menu Start\Programy\Autostart\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Documents and Settings\Damian\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.google.fr HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.google.fr URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM - DefaultScope value is missing. BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 109.95.148.11 109.95.148.12 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator.METAL.001\Dane aplikacji\Mozilla\Firefox\Profiles\lp7g9rib.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @ngm.nexoneu.com/NxGame -> C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> E:\Programy\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> E:\Programy\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> E:\Programy\vlc\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-26] FF StartMenuInternet: FIREFOX.EXE - E:\Programy\Mozilla\firefox.exe Chrome: ======= CHR HKLM\...\Chrome\Extension: [gppomckgmefcejhfhfghdigjioaeejkd] - C:\DOCUME~1\Damian\USTAWI~1\DANEAP~1\SearchDial.crx [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-08] (Oracle Corporation) S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2012-08-11] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1503840 2009-02-13] (Atheros Communications, Inc.) S3 ASNDIS5; C:\Program Files\ASUS\ATK Hotkey\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 ETD; C:\WINDOWS\System32\DRIVERS\ETD.sys [89856 2009-04-21] (ELAN Microelectronic Corp.) S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5760 2007-08-24] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1761024 2010-09-07] (Sonix Technology Co., Ltd.) S3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1131264 2009-04-28] (VIA Technologies, Inc.) S4 IntelIde; No ImagePath S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 18:50 - 2014-08-10 10:10 - 00000000 ____D () C:\FRST 2014-08-08 20:50 - 2014-08-08 20:50 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-08 20:50 - 2014-08-08 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-08-08 20:50 - 2014-08-08 20:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-08-08 20:50 - 2014-08-08 20:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-08-08 20:50 - 2014-08-08 20:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-08-08 20:50 - 2014-08-08 20:49 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-08-08 20:50 - 2014-08-08 20:49 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-08-06 13:10 - 2014-08-06 13:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Valkyrie Studios 2014-08-06 13:09 - 1997-11-19 15:49 - 00303616 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe 2014-07-27 11:51 - 2014-07-27 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Settlers IV - Złota Edycja 2014-07-27 10:47 - 2014-07-27 10:47 - 00000056 _____ () C:\Documents and Settings\Damian\Pulpit\SettlersSaga.url 2014-07-27 10:36 - 2014-07-27 10:36 - 00001576 _____ () C:\Documents and Settings\All Users\Pulpit\The Settlers IV GOLD.lnk 2014-07-27 10:36 - 2014-07-27 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GOG.com 2014-07-27 10:34 - 2014-07-27 10:34 - 00000000 ____D () C:\GOG Games 2014-07-24 12:41 - 2014-07-24 15:05 - 00000000 ____D () C:\Documents and Settings\Damian\Dane aplikacji\Origin 2014-07-24 12:34 - 2014-07-27 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Origin 2014-07-22 17:40 - 2014-07-23 09:13 - 00000000 ____D () C:\Documents and Settings\Damian\Moje dokumenty\moje programowanie 2014-07-22 17:39 - 2014-07-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Dev-C++ 2014-07-22 17:38 - 2014-07-22 17:38 - 00000000 ____D () C:\Documents and Settings\Damian\WINDOWS 2014-07-22 17:38 - 1996-07-18 13:06 - 00297472 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe 2014-07-17 17:02 - 2014-07-17 17:20 - 00233484 _____ () C:\Documents and Settings\Damian\Moje dokumenty\VN780164.WMA 2014-07-16 13:52 - 2014-07-16 14:29 - 00000000 ____D () C:\Documents and Settings\Damian\Pulpit\treningowe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 10:11 - 2012-07-01 10:48 - 00000000 ____D () C:\Documents and Settings\Administrator.METAL.001\Ustawienia lokalne\Temp 2014-08-10 10:10 - 2014-08-09 18:50 - 00000000 ____D () C:\FRST 2014-08-10 10:05 - 2012-07-01 10:48 - 00000188 __SHC () C:\Documents and Settings\Administrator.METAL.001\ntuser.ini 2014-08-10 10:05 - 2010-08-23 16:04 - 01330501 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-10 09:55 - 2010-08-23 17:55 - 00000275 _____ () C:\WINDOWS\wiadebug.log 2014-08-10 09:55 - 2010-08-23 16:09 - 00032486 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-10 09:55 - 2010-08-23 16:09 - 00000188 ___SH () C:\Documents and Settings\Damian\ntuser.ini 2014-08-10 09:55 - 2010-08-23 16:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-10 09:55 - 2010-08-23 16:09 - 00000000 ____D () C:\Documents and Settings\Damian\Ustawienia lokalne\Temp 2014-08-10 09:45 - 2014-03-14 17:55 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-08-10 09:45 - 2011-08-15 17:04 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-10 09:44 - 2010-08-23 17:55 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-08-10 09:44 - 2009-04-10 09:42 - 00167952 ____C () C:\WINDOWS\system32\ativvaxx.cap 2014-08-10 08:57 - 2010-08-23 17:53 - 01541858 ____C () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-10 08:57 - 2008-04-15 14:00 - 00681080 _____ () C:\WINDOWS\system32\perfh015.dat 2014-08-10 08:57 - 2008-04-15 14:00 - 00135990 _____ () C:\WINDOWS\system32\perfc015.dat 2014-08-09 23:01 - 2010-08-24 11:05 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-08-09 19:36 - 2011-08-15 17:04 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-09 19:20 - 2012-04-08 09:23 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-09 19:15 - 2008-04-15 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-09 19:11 - 2014-03-27 11:59 - 00027172 _____ () C:\WINDOWS\setupapi.log 2014-08-09 18:51 - 2012-04-03 19:07 - 00000000 ____D () C:\Documents and Settings\Damian\Dane aplikacji\uTorrent 2014-08-09 00:08 - 2010-08-24 09:44 - 00000000 ____D () C:\Documents and Settings\Damian\Dane aplikacji\foobar2000 2014-08-08 20:50 - 2014-08-08 20:50 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-08 20:50 - 2014-08-08 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-08-08 20:50 - 2010-08-23 17:52 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2014-08-08 20:49 - 2014-08-08 20:50 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-08-08 20:49 - 2014-08-08 20:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-08-08 20:49 - 2014-08-08 20:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-08-08 20:49 - 2014-08-08 20:50 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-08-08 20:49 - 2014-08-08 20:50 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-08-08 20:49 - 2010-08-25 23:02 - 00000000 ____D () C:\Program Files\Java 2014-08-08 15:00 - 2014-03-14 17:55 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-08-08 14:38 - 2010-08-23 16:09 - 00000000 ___RD () C:\Documents and Settings\Damian\Moje dokumenty 2014-08-08 13:32 - 2013-07-06 15:58 - 00279040 ___SH () C:\Documents and Settings\Damian\Moje dokumenty\Thumbs.db 2014-08-07 00:01 - 2013-04-30 19:20 - 00000000 ____D () C:\Documents and Settings\Damian\Dane aplikacji\vlc 2014-08-06 23:46 - 2010-08-24 11:39 - 00172544 _____ () C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-06 13:10 - 2014-08-06 13:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Valkyrie Studios 2014-07-28 19:38 - 2014-04-09 19:01 - 00006053 _____ () C:\WINDOWS\wmsetup.log 2014-07-27 11:51 - 2014-07-27 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Settlers IV - Złota Edycja 2014-07-27 11:51 - 2010-08-23 18:04 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-07-27 10:47 - 2014-07-27 10:47 - 00000056 _____ () C:\Documents and Settings\Damian\Pulpit\SettlersSaga.url 2014-07-27 10:47 - 2010-08-23 16:09 - 00000000 ____D () C:\Documents and Settings\Damian\Pulpit 2014-07-27 10:36 - 2014-07-27 10:36 - 00001576 _____ () C:\Documents and Settings\All Users\Pulpit\The Settlers IV GOLD.lnk 2014-07-27 10:36 - 2014-07-27 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GOG.com 2014-07-27 10:36 - 2010-08-23 17:52 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-07-27 10:34 - 2014-07-27 10:34 - 00000000 ____D () C:\GOG Games 2014-07-27 09:46 - 2010-08-23 16:09 - 00000000 ___RD () C:\Documents and Settings\Damian\Menu Start 2014-07-27 09:36 - 2014-07-24 12:34 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Origin 2014-07-27 09:36 - 2010-08-23 17:52 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-07-27 09:36 - 2010-08-23 16:09 - 00000000 ___HD () C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji 2014-07-25 21:28 - 2010-08-23 17:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2014-07-25 08:35 - 2012-06-15 22:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 15:05 - 2014-07-24 12:41 - 00000000 ____D () C:\Documents and Settings\Damian\Dane aplikacji\Origin 2014-07-24 12:41 - 2010-08-23 16:09 - 00000000 __RHD () C:\Documents and Settings\Damian\Dane aplikacji 2014-07-24 08:48 - 2012-06-15 22:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight 2014-07-23 16:35 - 2012-04-25 13:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-23 09:13 - 2014-07-22 17:40 - 00000000 ____D () C:\Documents and Settings\Damian\Moje dokumenty\moje programowanie 2014-07-22 17:39 - 2014-07-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Dev-C++ 2014-07-22 17:38 - 2014-07-22 17:38 - 00000000 ____D () C:\Documents and Settings\Damian\WINDOWS 2014-07-22 17:38 - 2010-08-23 16:09 - 00000000 ____D () C:\Documents and Settings\Damian 2014-07-17 17:20 - 2014-07-17 17:02 - 00233484 _____ () C:\Documents and Settings\Damian\Moje dokumenty\VN780164.WMA 2014-07-17 12:52 - 2010-08-23 18:09 - 00000000 ____D () C:\Documents and Settings\Damian\Ustawienia lokalne\Dane aplikacji\Last.fm 2014-07-16 14:29 - 2014-07-16 13:52 - 00000000 ____D () C:\Documents and Settings\Damian\Pulpit\treningowe Some content of TEMP: ==================== C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\6_Offer_3.exe C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\DM1394570370.exe C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\drm_dyndata_7400009.dll C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\jre-7u55-windows-i586-iftw.exe C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\jre-7u65-windows-i586-iftw.exe C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\jre-7u67-windows-i586-iftw.exe C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\Mobogenie_INT.exe C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\NGM.exe C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\NGMDll.dll C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\NGMResource.dll C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\Uninstall.exe C:\Documents and Settings\Damian\Ustawienia lokalne\Temp\uttB7.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================