Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014 Ran by Admin (administrator) on SP-050B971C8B5A on 31-08-2014 17:53:45 Running from F:\ Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\System32\ATI2EVXX.EXE (CyberLink Corp.) C:\Program Files\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink) C:\Program Files\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (SMART Technologies Inc.) C:\Program Files\SMART Board Software\SMARTBoardService.exe (ATI Technologies Inc.) C:\WINDOWS\System32\ATI2EVXX.EXE (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (CyberLink) C:\Program Files\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (SMART Technologies Inc.) C:\Program Files\SMART Board Software\SMARTBoardTools.exe (SMART Technologies Inc.) C:\Program Files\SMART Board Software\Aware.exe (SMART Technologies Inc.) C:\Program Files\SMART Board Software\Marker.exe (SMART Technologies Inc.) C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17616384 2006-03-14] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [700416 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [110592 2005-12-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [LXDBCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll,_RunDLLEntry@16 (the data entry has 59 more characters). HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [PowerDVD12DMREngine] => C:\Program Files\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-07-05] (CyberLink) HKLM\...\Run: [PowerDVD12Agent] => C:\Program Files\PowerDVD12\PowerDVD12Agent.exe [374560 2012-07-05] (CyberLink Corp.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Narzędzia SMART Board.lnk ShortcutTarget: Narzędzia SMART Board.lnk -> C:\Program Files\SMART Board Software\SMARTBoardTools.exe (SMART Technologies Inc.) AlternateShell: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. BHO: CIEDownload Object -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Board Software\NotebookPlugin.dll (SMART Technologies Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\imv0slmp.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npImagine.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011-09-12] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-09-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR DefaultSearchURL: Default -> {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Imagine Plugin) - C:\Program Files\Mozilla Firefox\plugins\npImagine.dll () CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR CustomProfile: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20] CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CLHNServiceForPowerDVD12; C:\Program Files\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-05] (CyberLink Corp.) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-05] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-05] (CyberLink) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-09-12] (Sun Microsystems, Inc.) S4 lxdb_device; C:\WINDOWS\system32\LXDBcoms.exe [495616 2006-07-10] ( ) R2 SMART Board Service; C:\Program Files\SMART Board Software\SMARTBoardService.exe [1003520 2006-11-24] (SMART Technologies Inc.) [File not signed] S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [488448 2006-01-25] (Atheros Communications, Inc.) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [218496 2005-10-24] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.) R2 ntk_PowerDVD12; C:\Program Files\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [121208 2012-06-20] (Cyberlink Corp.) R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files\PowerDVD12\Common\NavFilter\000.fcl [88312 2012-07-05] (CyberLink Corp.) S4 IntelIde; No ImagePath R3 WMI_MFC_TPSHOKER_80; \??\C:\WINDOWS\system32\drivers\gmsmsn.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-31 10:05 - 2014-08-31 10:05 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2014-08-31 09:56 - 2014-08-31 09:56 - 00000000 __SHD () C:\FOUND.008 2014-08-28 17:51 - 2014-08-28 09:46 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-03.dmp 2014-08-28 10:29 - 2014-08-28 10:29 - 00000000 ____D () C:\FRST 2014-08-28 09:51 - 2014-08-28 09:51 - 00000000 ____D () C:\Program Files\SkanerOnline 2014-08-28 09:46 - 2014-08-28 09:33 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-02.dmp 2014-08-28 09:33 - 2014-08-28 09:20 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-01.dmp 2014-08-28 09:15 - 2014-08-28 09:15 - 00000000 ____D () C:\Program Files\Trend Micro 2014-08-28 09:15 - 2014-08-28 09:15 - 00000000 ____D () C:\Documents and Settings\Admin\Menu Start\Programy\HiJackThis ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-31 17:50 - 2009-01-05 11:37 - 00329519 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-31 17:46 - 2013-03-20 10:34 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-31 17:44 - 2009-02-26 10:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-31 17:43 - 2009-11-20 10:31 - 00046197 _____ () C:\lxdb.log 2014-08-31 17:43 - 2009-01-05 12:38 - 00000188 ___SH () C:\Documents and Settings\Admin\ntuser.ini 2014-08-31 17:43 - 2009-01-05 12:37 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-31 10:08 - 2013-03-20 10:34 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-31 10:05 - 2014-08-31 10:05 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2014-08-31 10:01 - 2009-01-05 11:26 - 01000558 _____ () C:\WINDOWS\setupapi.log 2014-08-31 09:56 - 2014-08-31 09:56 - 00000000 __SHD () C:\FOUND.008 2014-08-31 09:56 - 2001-07-21 22:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-28 13:47 - 2011-09-13 20:18 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-08-28 10:29 - 2014-08-28 10:29 - 00000000 ____D () C:\FRST 2014-08-28 09:51 - 2014-08-28 09:51 - 00000000 ____D () C:\Program Files\SkanerOnline 2014-08-28 09:46 - 2014-08-28 17:51 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-03.dmp 2014-08-28 09:33 - 2014-08-28 09:46 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-02.dmp 2014-08-28 09:20 - 2014-08-28 09:33 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-01.dmp 2014-08-28 09:15 - 2014-08-28 09:15 - 00000000 ____D () C:\Program Files\Trend Micro 2014-08-28 09:15 - 2014-08-28 09:15 - 00000000 ____D () C:\Documents and Settings\Admin\Menu Start\Programy\HiJackThis ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================