Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014 Ran by admin (administrator) on WIEŚMAC2 on 06-09-2014 00:18:34 Running from C:\Documents and Settings\admin\Pulpit Platform: Microsoft Windows XP Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Cognizance Corporation) C:\Program Files\HPQ\IAM\Bin\asghost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe () C:\WINDOWS\SMINST\Scheduler.exe (Hewlett-Packard Co.) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Agere Systems) C:\WINDOWS\AGRSMMSG.exe (Facebook Inc.) C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe (Opera Software) C:\Program Files\Opera\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-05-06] (Analog Devices, Inc.) HKLM\...\Run: [PTHOSTTR] => C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [122880 2006-02-14] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945 2005-11-10] (Synaptics, Inc.) HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation) HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation) HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [454656 2006-02-14] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [131072 2006-03-02] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Cpqset] => C:\Program Files\HPQ\Default Settings\cpqset.exe  @üz@ (@üz@ HKLM\...\Run: [Recguard] => C:\WINDOWS\Sminst\Recguard.exe [1187840 2005-12-20] () HKLM\...\Run: [Reminder] => C:\WINDOWS\Creator\Remind_XP.exe [802816 2006-01-23] () HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [892928 2006-02-15] () HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [] => [X] HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [184320 2005-11-08] (InterVideo Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-01] (AVAST Software) HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2006-01-30] (Agere Systems) Winlogon\Notify\OneCard: C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation) HKU\S-1-5-21-3258611155-3004601454-3534232741-1006\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2048000 2006-09-15] (Ahead Software AG) HKU\S-1-5-21-3258611155-3004601454-3534232741-1006\...\Run: [Facebook Update] => C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2014-04-09] (Facebook Inc.) HKU\S-1-5-21-3258611155-3004601454-3534232741-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650536 2014-07-02] (Skype Technologies S.A.) AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll => c:\docume~1\alluse~1\daneap~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll File Not Found Lsa: [Notification Packages] scecli AsWlnPkg ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: Document Manager -> {666C7833-A9B6-4AB4-94ED-DC238C81E925} => C:\Program Files\HPQ\IAM\Bin\SFSShell.dll (Cognizance Corporation) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\admin\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\admin\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\admin\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\admin\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.msn.com/?pc=UP97&ocid=UP97DHP HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {F768D9B4-6B01-455A-B3F1-771EE0BBDA74} URL = http://www.idg.pl?q={searchTerms} SearchScopes: HKCU - {F768D9B4-6B01-455A-B3F1-771EE0BBDA74} URL = http://www.idg.pl?q={searchTerms} BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Rich Media Downloader -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll No File BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Credential Manager for ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG) Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.100.252 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll () FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-02] Chrome: ======= CHR HomePage: Default -> hxxp://pl.msn.com/?pc=UP97&ocid=UP97DHP CHR StartupUrls: Default -> "hxxp://pl.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://isearch.babylon.com/?babsrc=HP_ss_Btisdt4&mntrId=4CA10014A5E11E0D&affID=119357&tsp=4982" CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSearchProvider: Default -> Bing CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms} CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97 CHR CustomProfile: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-02] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-02] CHR Extension: (Google Wallet) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05] CHR Extension: (Gmail) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-02] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-01] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASChannel; C:\Program Files\HPQ\IAM\Bin\ASChnl.dll [117248 2005-06-01] (Cognizance Corporation) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-01] (AVAST Software) R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [258103 2006-02-15] (Broadcom Corporation.) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [98304 2006-01-12] (Hewlett-Packard Development Company, L.P.) [File not signed] S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-06-25] (Oracle Corporation) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2006-01-20] (Hewlett-Packard Company) [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S3 WmcCds; c:\program files\windows media connect\mswmccds.exe [483328 2004-08-11] (Microsoft Corporation) [File not signed] S3 WmcCdsLs; C:\Program Files\Windows Media Connect\mswmcls.exe [28160 2004-08-10] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [152960 2005-06-07] (Andrea Electronics Corporation) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-09-01] () R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-09-01] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-09-01] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-09-01] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-09-01] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-09-01] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-09-01] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-09-01] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2006-01-19] (Broadcom Corporation) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342570 2006-02-15] (Broadcom Corporation.) [File not signed] R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57096 2006-02-15] (Broadcom Corporation.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation) R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-08-31] (Sonic Solutions) [File not signed] R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed] R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-08-31] (Sonic Solutions) [File not signed] R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-08-31] (Sonic Solutions) [File not signed] R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-08-31] (Sonic Solutions) [File not signed] R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-08-31] (Sonic Solutions) [File not signed] R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed] R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-08-31] (Sonic Solutions) [File not signed] R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-08-31] (Sonic Solutions) [File not signed] R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [88752 2005-08-30] (Sonic Solutions) [File not signed] R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed] R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.) S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation) S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2004-08-04] (Microsoft Corporation) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88448 2004-08-04] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation) S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] () S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [36425 2001-10-26] (SMC) S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2006-01-19] (Intel® Corporation) U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [76544 2005-12-21] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-06 00:18 - 2014-09-06 00:18 - 00020343 _____ () C:\Documents and Settings\admin\Pulpit\FRST.txt 2014-09-06 00:13 - 2014-09-06 00:13 - 00380416 _____ () C:\Documents and Settings\admin\Pulpit\d2wl6sof.exe 2014-09-06 00:12 - 2014-09-06 00:12 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\OTL.exe 2014-09-06 00:11 - 2014-09-06 00:11 - 01096704 _____ (Farbar) C:\Documents and Settings\admin\Pulpit\FRST.exe 2014-09-04 21:20 - 2014-09-04 21:20 - 11493174 _____ () C:\Documents and Settings\admin\Pulpit\11.bmp 2014-09-04 20:10 - 2014-09-04 20:10 - 11493174 _____ () C:\Documents and Settings\admin\Pulpit\błąd przy uruchomieniu.bmp 2014-09-02 09:15 - 2014-09-02 09:15 - 00000000 ____D () C:\Documents and Settings\admin\Dane aplikacji\DropboxMaster 2014-09-02 09:14 - 2014-09-02 09:14 - 00000000 ____D () C:\Program Files\Dropbox 2014-09-02 09:14 - 2014-09-02 09:14 - 00000000 ____D () C:\Documents and Settings\admin\Menu Start\Programy\Dropbox 2014-09-02 09:13 - 2014-09-02 09:15 - 00000000 ____D () C:\Documents and Settings\admin\Dane aplikacji\Dropbox 2014-09-02 08:59 - 2014-09-02 08:59 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-09-01 23:06 - 2014-09-01 23:06 - 00001733 _____ () C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk 2014-09-01 23:06 - 2014-09-01 23:05 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-09-01 23:05 - 2014-09-01 23:05 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-09-01 22:58 - 2014-09-06 00:03 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-01 22:58 - 2014-09-05 23:41 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-11 16:42 - 2014-08-11 16:42 - 00000139 _____ () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\fusioncache.dat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-06 00:18 - 2014-09-06 00:18 - 00020343 _____ () C:\Documents and Settings\admin\Pulpit\FRST.txt 2014-09-06 00:18 - 2013-09-25 21:29 - 00000000 ____D () C:\FRST 2014-09-06 00:18 - 2012-10-31 23:26 - 00000000 ____D () C:\Documents and Settings\admin\Ustawienia lokalne\Temp 2014-09-06 00:18 - 2012-10-31 23:26 - 00000000 ____D () C:\Documents and Settings\admin\Pulpit 2014-09-06 00:13 - 2014-09-06 00:13 - 00380416 _____ () C:\Documents and Settings\admin\Pulpit\d2wl6sof.exe 2014-09-06 00:12 - 2014-09-06 00:12 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\admin\Pulpit\OTL.exe 2014-09-06 00:11 - 2014-09-06 00:11 - 01096704 _____ (Farbar) C:\Documents and Settings\admin\Pulpit\FRST.exe 2014-09-06 00:03 - 2014-09-01 22:58 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-05 23:47 - 2004-09-20 10:31 - 00499186 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-05 23:41 - 2014-09-01 22:58 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-05 23:41 - 2012-11-02 21:54 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-09-05 23:41 - 2006-04-24 00:40 - 00000000 ____D () C:\WINDOWS\SMINST 2014-09-05 23:41 - 2006-04-24 00:36 - 00139392 _____ () C:\WINDOWS\system32\lsass.log 2014-09-05 23:41 - 2004-09-20 12:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-05 23:41 - 2004-09-20 12:12 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-09-05 23:41 - 2004-09-20 10:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-05 23:09 - 2012-10-31 23:26 - 00000188 ___SH () C:\Documents and Settings\admin\ntuser.ini 2014-09-05 23:09 - 2006-04-24 00:31 - 00393216 _____ () C:\WINDOWS\system32\config\Credenti.evt 2014-09-05 23:09 - 2004-09-20 10:31 - 00032604 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-05 23:03 - 2012-10-31 23:26 - 00000000 ___HD () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji 2014-09-05 12:00 - 2004-09-20 10:31 - 01126686 _____ () C:\WINDOWS\setupapi.log 2014-09-05 01:21 - 2012-11-02 22:02 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-09-04 21:20 - 2014-09-04 21:20 - 11493174 _____ () C:\Documents and Settings\admin\Pulpit\11.bmp 2014-09-04 20:10 - 2014-09-04 20:10 - 11493174 _____ () C:\Documents and Settings\admin\Pulpit\błąd przy uruchomieniu.bmp 2014-09-02 23:01 - 2014-03-05 19:52 - 00000000 ____D () C:\Documents and Settings\admin\Dane aplikacji\GG 2014-09-02 09:15 - 2014-09-02 09:15 - 00000000 ____D () C:\Documents and Settings\admin\Dane aplikacji\DropboxMaster 2014-09-02 09:15 - 2014-09-02 09:13 - 00000000 ____D () C:\Documents and Settings\admin\Dane aplikacji\Dropbox 2014-09-02 09:15 - 2012-10-31 23:26 - 00000000 __RHD () C:\Documents and Settings\admin\Dane aplikacji 2014-09-02 09:15 - 2006-04-24 08:56 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-09-02 09:14 - 2014-09-02 09:14 - 00000000 ____D () C:\Program Files\Dropbox 2014-09-02 09:14 - 2014-09-02 09:14 - 00000000 ____D () C:\Documents and Settings\admin\Menu Start\Programy\Dropbox 2014-09-02 09:14 - 2012-10-31 23:26 - 00000000 ___RD () C:\Documents and Settings\admin\Menu Start\Programy 2014-09-02 08:59 - 2014-09-02 08:59 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-09-02 02:06 - 2014-04-09 21:14 - 00000000 ____D () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Temp 2014-09-02 02:06 - 2014-04-09 21:13 - 00000000 ____D () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Facebook 2014-09-02 01:39 - 2013-08-22 15:58 - 00000000 ___RD () C:\Documents and Settings\admin\Pulpit\My Shared Folder 2014-09-01 23:06 - 2014-09-01 23:06 - 00001733 _____ () C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk 2014-09-01 23:06 - 2012-11-02 21:54 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-09-01 23:05 - 2014-09-01 23:06 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-09-01 23:05 - 2014-09-01 23:05 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-09-01 23:05 - 2013-07-13 22:05 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-09-01 23:05 - 2013-07-13 22:05 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-09-01 23:05 - 2013-07-13 22:05 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-09-01 23:05 - 2012-11-02 21:54 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-09-01 23:05 - 2012-11-02 21:54 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-09-01 23:05 - 2012-11-02 21:54 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-09-01 23:05 - 2012-11-02 21:54 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-09-01 22:34 - 2004-09-20 10:31 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-11 18:04 - 2012-10-31 23:26 - 00000000 ____D () C:\Documents and Settings\admin 2014-08-11 16:42 - 2014-08-11 16:42 - 00000139 _____ () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2014-08-11 16:42 - 2012-10-31 23:26 - 00000130 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2014-08-11 16:42 - 2006-04-24 00:01 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji 2014-08-11 16:25 - 2014-07-21 22:12 - 00000618 _____ () C:\WINDOWS\nsw.log Some content of TEMP: ==================== C:\Documents and Settings\admin\Ustawienia lokalne\Temp\600-APTunerInstall308_sciagnij.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpueiydx.dll C:\Documents and Settings\admin\Ustawienia lokalne\Temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\ose00000.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\OutSec.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\setup_wm.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\{45D80502-C6CD-44B2-90B4-C8B1D4EEBDDE}-GoogleUpdateSetup.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\{D88948AF-119A-4907-80B4-50DD2E924246}-GoogleUpdateSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================