Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01 Ran by ANNA (administrator) on ANNA-57978655DB on 14-10-2014 23:18:27 Running from C:\Documents and Settings\ANNA\Pulpit\Naprawa Loaded Profile: ANNA (Available profiles: ANNA) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe () C:\Documents and Settings\ANNA\Pulpit\Naprawa\guszwbdo.exe (TuneUp Software) D:\TuneUp Utilities\TuneUpUtilitiesService32.exe (TuneUp Software) D:\TuneUp Utilities\TuneUpUtilitiesApp32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16380416 2007-07-05] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo HKU\S-1-5-21-1993962763-413027322-1417001333-1004\...\Run: [WinThrusterReminder] => C:\Program Files\WinThruster\WinThruster.exe [7123376 2012-10-15] (Solvusoft Corporation) HKU\S-1-5-21-1993962763-413027322-1417001333-1004\...\MountPoints2: {51120888-c7a7-11e3-8cfe-001fd0de3206} - K:\AutoRun.exe HKU\S-1-5-21-1993962763-413027322-1417001333-1004\...\MountPoints2: {5112088b-c7a7-11e3-8cfe-001fd0de3206} - K:\AutoRun.exe HKU\S-1-5-21-1993962763-413027322-1417001333-1004\...\MountPoints2: {5112088c-c7a7-11e3-8cfe-001fd0de3206} - K:\AutoRun.exe HKU\S-1-5-21-1993962763-413027322-1417001333-1004\...\MountPoints2: {d93bdba0-1ae1-11e4-8e40-001fd0de3206} - K:\MotoCastSetup.exe -a HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Documents and Settings\ANNA\Dane aplikacji\Mozilla\Firefox\Profiles\hijbiq9q.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\ANNA\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\ANNA\Dane aplikacji\Mozilla\Firefox\Profiles\hijbiq9q.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-19] FF Extension: Adblock Plus - C:\Documents and Settings\ANNA\Dane aplikacji\Mozilla\Firefox\Profiles\hijbiq9q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-19] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-18] FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-10-03] () [File not signed] S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-19] (Oracle Corporation) S3 TuneUp.Defrag; D:\TuneUp Utilities\TuneUpDefragService.exe [435016 2014-04-19] (TuneUp Software) R2 TuneUp.UtilitiesSvc; D:\TuneUp Utilities\TuneUpUtilitiesService32.exe [1043784 2010-01-19] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-06-18] (Advanced Micro Devices) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182072 2014-04-15] (AVG Technologies CZ, s.r.o.) S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2013-12-15] (Microsoft Corporation) S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2014-04-19] (Windows (R) 2000 DDK provider) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation) R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [100736 2013-12-15] (NVIDIA Corporation) [File not signed] R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation) R3 TuneUpUtilitiesDrv; D:\TuneUp Utilities\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software) S4 IntelIde; No ImagePath U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2013-12-15] (Microsoft Corporation) U1 WS2IFSL; No ImagePath U3 fgnyrpow; \??\C:\DOCUME~1\ANNA\USTAWI~1\Temp\fgnyrpow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-14 23:17 - 2014-10-14 23:18 - 00000000 ____D () C:\FRST 2014-10-14 22:12 - 2014-10-14 23:18 - 00000000 ____D () C:\Documents and Settings\ANNA\Pulpit\Naprawa 2014-10-14 21:22 - 2014-10-14 21:22 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101414-03.dmp 2014-10-14 21:07 - 2014-10-14 21:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101414-02.dmp 2014-10-14 21:06 - 2014-10-14 21:06 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101414-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-14 23:18 - 2014-04-18 23:53 - 00000000 ____D () C:\Documents and Settings\ANNA\Ustawienia lokalne\Temp 2014-10-14 23:14 - 2014-04-19 01:48 - 00000518 _____ () C:\WINDOWS\Tasks\Automatyczne wyszukiwanie problemów.job 2014-10-14 22:12 - 2014-04-18 23:53 - 00000000 ____D () C:\Documents and Settings\ANNA\Pulpit 2014-10-14 22:11 - 2014-05-15 17:41 - 00179036 _____ () C:\WINDOWS\setupapi.log 2014-10-14 21:27 - 2014-04-19 01:45 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2014-10-14 21:23 - 2014-04-18 23:46 - 02046349 _____ () C:\WINDOWS\WindowsUpdate.log 2014-10-14 21:22 - 2014-09-02 15:25 - 00000000 ____D () C:\WINDOWS\Minidump 2014-10-14 21:22 - 2014-04-19 01:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-10-14 21:22 - 2014-04-19 01:28 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-10-14 21:22 - 2014-04-18 23:53 - 00032452 _____ () C:\WINDOWS\SchedLgU.Txt 2014-10-14 21:22 - 2014-04-18 23:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-14 21:22 - 2008-10-21 04:02 - 00056728 _____ () C:\WINDOWS\system32\ativvaxx.cap 2014-10-14 21:22 - 2008-04-15 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl Files to move or delete: ==================== C:\Documents and Settings\ANNA\Del1C83.bat C:\Documents and Settings\Default User\Del1C83.bat Some content of TEMP: ==================== C:\Documents and Settings\ANNA\Ustawienia lokalne\Temp\DataCard_Setup.exe C:\Documents and Settings\ANNA\Ustawienia lokalne\Temp\MotoCast_Installer_1.2.7.exe C:\Documents and Settings\ANNA\Ustawienia lokalne\Temp\ResetDevice.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================