Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01 Ran by Lewandowski (administrator) on LEWANDOW-054E3A on 08-10-2014 12:21:05 Running from C:\Documents and Settings\Lewandowski\Pulpit Loaded Profile: Lewandowski (Available profiles: Lewandowski) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 7 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 AlternateShell: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm BHO: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files\Flash Get\jccatch.dll (www.flashget.com) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files\Flash Get\getflash.dll (www.flashget.com) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Lewandowski\Dane aplikacji\Mozilla\Firefox\Profiles\cznnl2kg.default-1412763550625 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-04] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed] R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [46592 2009-06-16] (VIA Technologies, Inc. ) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed] S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2013-03-11] (Elaborate Bytes AG) [File not signed] R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [32128 2002-07-24] (VIA Technologies, Inc.) R3 VIAudio; C:\WINDOWS\System32\drivers\viaudio.sys [64128 2002-09-15] (VIA Technologies, Inc.) [File not signed] S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31872 2008-04-14] (Microsoft Corporation) U5 Browser; C:\WINDOWS\system32\svchost.exe [14336 2008-04-15] (Microsoft Corporation) S3 catchme; \??\C:\DOCUME~1\LEWAND~1\USTAWI~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath U5 lanmanserver; C:\WINDOWS\system32\svchost.exe [14336 2008-04-15] (Microsoft Corporation) U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-04-15] (Microsoft Corporation) U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-15] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-08 12:21 - 2014-10-08 12:22 - 00005660 _____ () C:\Documents and Settings\Lewandowski\Pulpit\FRST.txt 2014-10-08 12:19 - 2014-10-08 12:19 - 00000000 ____D () C:\Documents and Settings\Lewandowski\Pulpit\Stare dane programu Firefox 2014-10-08 11:49 - 2014-10-08 11:49 - 00000000 _____ () C:\Documents and Settings\Lewandowski\Pulpit\Nowy Dokument tekstowy (2).txt 2014-10-08 11:48 - 2014-10-08 11:48 - 00519488 _____ (AVAST Software) C:\Documents and Settings\Lewandowski\Pulpit\avastclear.exe 2014-10-08 11:37 - 2014-10-08 11:37 - 03877779 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Documents and Settings\Lewandowski\Pulpit\UsbFix.exe 2014-10-08 11:01 - 2014-10-08 11:37 - 00000683 _____ () C:\Documents and Settings\Lewandowski\Moje dokumenty\Nowy Dokument tekstowy.txt 2014-10-08 10:39 - 2014-10-08 10:39 - 00000000 _____ () C:\Documents and Settings\Lewandowski\Pulpit\Nowy Dokument tekstowy.txt 2014-10-08 10:37 - 2010-11-12 10:13 - 00171344 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Lewandowski\Pulpit\SalityKiller.exe 2014-10-08 10:37 - 2010-05-17 15:15 - 00002258 _____ () C:\Documents and Settings\Lewandowski\Pulpit\eula.txt 2014-10-08 10:34 - 2014-10-08 10:34 - 00164134 _____ () C:\Documents and Settings\Lewandowski\Pulpit\sk.zip 2014-10-07 17:56 - 2014-10-07 19:18 - 00004706 _____ () C:\Documents and Settings\Lewandowski\Pulpit\GMER.txt 2014-10-07 17:54 - 2014-10-07 17:54 - 00053976 _____ () C:\Documents and Settings\Lewandowski\Pulpit\OTL.Txt 2014-10-07 17:54 - 2014-10-07 17:54 - 00039270 _____ () C:\Documents and Settings\Lewandowski\Pulpit\Extras.Txt 2014-10-07 17:49 - 2014-10-07 17:49 - 00380416 _____ () C:\Documents and Settings\Lewandowski\Pulpit\oyx5m5v8.exe 2014-10-07 17:31 - 2014-10-07 17:31 - 00034216 _____ () C:\Documents and Settings\Lewandowski\Moje dokumenty\Shortcut.txt 2014-10-07 17:30 - 2014-10-07 17:31 - 00016746 _____ () C:\Documents and Settings\Lewandowski\Moje dokumenty\Addition.txt 2014-10-07 17:28 - 2014-10-07 17:31 - 00019839 _____ () C:\Documents and Settings\Lewandowski\Moje dokumenty\FRST.txt 2014-10-07 17:19 - 2014-10-08 12:21 - 00000000 ____D () C:\FRST 2014-10-07 17:17 - 2014-10-07 17:19 - 01101312 _____ (Farbar) C:\Documents and Settings\Lewandowski\Pulpit\FRST.exe 2014-10-07 17:11 - 2014-10-07 17:11 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Lewandowski\Pulpit\OTL.exe 2014-10-07 15:53 - 2012-10-17 22:49 - 3378343936 _____ () C:\en_microsoft_autoroute_euro_2013_x86_x64_dvd_1016691_vl.iso 2014-10-07 14:52 - 2014-10-07 14:52 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-10-06 18:44 - 2014-10-06 18:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini100614-02.dmp 2014-10-06 18:35 - 2014-10-08 12:22 - 00000000 ____D () C:\Documents and Settings\Lewandowski\Ustawienia lokalne\temp 2014-10-06 18:35 - 2014-10-06 18:35 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp 2014-10-06 18:21 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-10-06 18:21 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-10-06 18:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-10-06 18:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-10-06 18:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-10-06 18:21 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-10-06 18:21 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-10-06 18:21 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-10-06 18:21 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-10-06 18:12 - 2014-10-06 18:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini100614-01.dmp 2014-10-06 18:02 - 2014-10-06 18:04 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel 2014-10-06 13:36 - 2014-10-06 13:36 - 00000000 ____D () C:\1 2014-10-06 13:34 - 2014-10-06 17:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\temp 2014-10-06 13:22 - 2014-10-06 18:35 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2014-10-06 13:22 - 2014-10-06 13:22 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG 2014-10-06 13:22 - 2014-10-06 13:22 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG 2014-10-06 13:22 - 2014-10-06 13:22 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG 2014-10-06 13:22 - 2014-10-06 13:22 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG 2014-10-06 13:10 - 2014-10-06 13:10 - 00000000 _RSHD () C:\cmdcons 2014-10-06 13:10 - 2004-08-03 23:00 - 00262400 __RSH () C:\cmldr 2014-10-06 13:08 - 2014-10-06 13:08 - 00000000 ___RD () C:\Documents and Settings\Lewandowski\Menu Start\Programy\Narzędzia administracyjne 2014-10-06 13:07 - 2014-10-06 18:35 - 00000000 ____D () C:\WINDOWS\erdnt 2014-10-06 12:41 - 2014-10-06 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-10-06 09:01 - 2014-10-06 09:01 - 1073741824 _____ () C:\MAPS123 KOMPLETE.part3.rar 2014-10-05 18:36 - 2014-10-05 18:36 - 321699637 _____ () C:\MAPS123 KOMPLETE.part5.rar 2014-10-05 13:04 - 2014-10-05 13:04 - 1073741824 _____ () C:\MAPS123 KOMPLETE.part2.rar 2014-10-04 15:25 - 2014-10-04 15:25 - 1073741824 _____ () C:\MAPS123 KOMPLETE.part1.rar 2014-09-29 17:06 - 2014-09-29 17:07 - 00000000 ____D () C:\Documents and Settings\Lewandowski\Pulpit\Images 2014-09-27 11:10 - 2014-09-27 12:08 - 00000000 ____D () C:\Documents and Settings\Lewandowski\Pulpit\Nowy folder (3) 2014-09-15 13:24 - 2014-09-15 13:24 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin 2014-09-11 19:40 - 2014-09-11 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\AutoMapa ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-08 12:21 - 2013-07-25 16:45 - 00000000 ____D () C:\Documents and Settings\Lewandowski\Pulpit 2014-10-08 12:20 - 2014-07-03 17:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-08 12:17 - 2014-08-02 17:04 - 00003725 _____ () C:\WINDOWS\system32\nvapps.xml 2014-10-08 12:17 - 2013-11-06 18:52 - 00000266 _____ () C:\WINDOWS\Tasks\AutoKMS.job 2014-10-08 12:17 - 2013-07-25 16:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-08 12:17 - 2013-07-25 16:20 - 00411951 _____ () C:\WINDOWS\WindowsUpdate.log 2014-10-08 12:15 - 2013-07-25 16:26 - 00032336 _____ () C:\WINDOWS\SchedLgU.Txt 2014-10-08 12:14 - 2013-07-25 18:09 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-10-08 12:14 - 2013-07-25 16:21 - 00002596 _____ () C:\WINDOWS\system32\CONFIG.NT 2014-10-08 11:59 - 2013-07-25 16:45 - 00000000 __SHD () C:\Documents and Settings\Lewandowski\Ustawienia lokalne\Historia 2014-10-08 11:57 - 2013-07-25 16:26 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2014-10-08 11:51 - 2013-07-25 18:09 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2014-10-08 11:51 - 2013-07-25 16:26 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2014-10-08 11:51 - 2001-12-31 23:01 - 02949120 _____ () C:\WINDOWS\system32\config\Antivirus.Evt 2014-10-08 11:50 - 2013-07-25 18:07 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-10-08 11:50 - 2013-07-25 16:45 - 00000000 __RHD () C:\Documents and Settings\Lewandowski\Dane aplikacji 2014-10-08 11:50 - 2013-07-25 16:45 - 00000000 ___RD () C:\Documents and Settings\Lewandowski\Menu Start\Programy\Autostart 2014-10-08 11:50 - 2013-07-25 16:45 - 00000000 ___HD () C:\Documents and Settings\Lewandowski\Ustawienia lokalne\Dane aplikacji 2014-10-08 11:49 - 2013-07-25 16:45 - 00000000 ___RD () C:\Documents and Settings\Lewandowski\Moje dokumenty 2014-10-08 11:45 - 2013-07-25 17:30 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-10-08 11:04 - 2001-07-22 03:15 - 00000241 _____ () C:\WINDOWS\system.ini 2014-10-08 10:28 - 2013-11-06 18:51 - 00068736 _____ () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2014-10-07 17:25 - 2013-07-25 18:07 - 00306808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-10-07 16:52 - 2013-08-20 15:26 - 00000000 ____D () C:\Program Files\Flash Get 2014-10-07 15:00 - 2013-07-25 17:43 - 00000421 _____ () C:\WINDOWS\ODBC.INI 2014-10-07 14:57 - 2013-11-06 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office 2014-10-07 14:57 - 2013-07-25 18:10 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-10-07 14:56 - 2013-11-06 20:17 - 00000000 ____D () C:\WINDOWS\SHELLNEW 2014-10-07 14:52 - 2013-07-25 17:32 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-10-07 11:09 - 2014-01-15 11:47 - 00002315 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-10-06 18:44 - 2014-01-30 19:26 - 00000000 ____D () C:\WINDOWS\Minidump 2014-10-06 18:36 - 2013-07-25 18:07 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.bak 2014-10-06 18:36 - 2013-07-25 18:07 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak 2014-10-06 18:36 - 2013-07-25 18:05 - 27402240 _____ () C:\WINDOWS\system32\config\software.bak 2014-10-06 18:36 - 2013-07-25 18:05 - 03932160 _____ () C:\WINDOWS\system32\config\system.bak 2014-10-06 18:36 - 2013-07-25 18:05 - 00270336 _____ () C:\WINDOWS\system32\config\default.bak 2014-10-06 18:35 - 2013-07-25 16:45 - 00000000 ___HD () C:\Documents and Settings\Lewandowski\Ustawienia lokalne 2014-10-06 18:35 - 2013-07-25 16:26 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne 2014-10-06 18:02 - 2013-07-25 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-10-06 18:02 - 2013-07-25 16:45 - 00000000 ___RD () C:\Documents and Settings\Lewandowski\Menu Start\Programy 2014-10-06 17:15 - 2014-08-17 12:23 - 00000000 ____D () C:\Documents and Settings\Lewandowski\Moje dokumenty\Nowy folder (2) 2014-10-06 13:34 - 2013-07-25 16:26 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-10-06 13:34 - 2013-07-25 16:26 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne 2014-10-06 13:33 - 2013-07-25 18:00 - 00000000 ____D () C:\WINDOWS\repair 2014-10-06 13:21 - 2013-07-25 16:45 - 00000000 ____D () C:\Documents and Settings\Lewandowski 2014-10-06 13:10 - 2013-07-25 18:05 - 00000327 __RSH () C:\boot.ini 2014-10-05 13:52 - 2013-07-25 17:27 - 00000000 ____D () C:\Documents and Settings\Lewandowski\Dane aplikacji\uTorrent 2014-10-05 11:25 - 2001-07-22 03:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-10-04 17:51 - 2013-07-29 12:43 - 00481464 _____ () C:\WINDOWS\setupapi.log 2014-10-01 19:24 - 2013-07-25 17:29 - 00147968 _____ () C:\Documents and Settings\Lewandowski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-27 18:22 - 2013-08-06 17:41 - 00000216 _____ () C:\WINDOWS\wiadebug.log 2014-09-27 18:22 - 2013-08-06 17:41 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-09-27 11:11 - 2013-08-23 22:19 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2014-09-23 19:41 - 2014-02-27 19:16 - 00000000 ____D () C:\Program Files\AutoMapa EU 2014-09-13 18:26 - 2013-08-15 14:10 - 00000000 ____D () C:\Documents and Settings\Lewandowski\Moje dokumenty\pliki torrent 2014-09-11 19:40 - 2012-10-12 03:50 - 00049738 _____ () C:\Program Files\AutoMapa EU.md5 2014-09-09 20:47 - 2013-07-25 17:30 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-09-09 20:47 - 2013-07-25 17:30 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================