Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 Ran by Administrator (administrator) on MATEUSZ-85571E5 on 25-10-2014 11:40:21 Running from C:\Documents and Settings\Administrator\Moje dokumenty\Pobrane Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Pulpit\SalityKiller.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe () C:\WINDOWS\system32\notepad.exe () C:\WINDOWS\system32\notepad.exe () C:\WINDOWS\system32\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKU\.DEFAULT\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\.DEFAULT\...\Policies\Explorer: [NoSMHelp] 1 HKU\.DEFAULT\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-299502267-1580436667-842925246-500\...\Run: [FlashGet 3] => C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe [3377256 2014-10-25] (Trend Media Corporation Limited) HKU\S-1-5-21-299502267-1580436667-842925246-500\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-299502267-1580436667-842925246-500\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-299502267-1580436667-842925246-500\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-21-299502267-1580436667-842925246-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-299502267-1580436667-842925246-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-299502267-1580436667-842925246-500\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-299502267-1580436667-842925246-500\...\Policies\Explorer: [NoSaveSettings] 0 BootExecute: AlternateShell: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Documents and Settings\Administrator\Dane aplikacji\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) Toolbar: HKLM - QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uukfnfcs.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-21] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation) [File not signed] S4 clr_optimization_v2.0.50727_32; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation) [File not signed] S4 clr_optimization_v4.0.30319_32; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation) [File not signed] S4 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation) [File not signed] S4 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation) [File not signed] S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) [File not signed] R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [350720 2009-02-28] (Microsoft Corporation) [File not signed] S4 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.) S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [818496 2004-04-23] (C-Media Inc) R1 Eve; C:\WINDOWS\System32\DRIVERS\eve.sys [33624 2014-04-10] () R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2014-05-17] (Marvell Semiconductor Inc.) R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2014-05-17] (Marvell Semiconductor Inc.) [File not signed] R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2014-05-17] (Marvell Semiconductor Inc.) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.) R0 SscRdBus; C:\WINDOWS\System32\DRIVERS\SscRdBus.sys [129096 2013-08-01] (SuperSpeed LLC) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2014-05-17] (Microsoft Corporation) [File not signed] R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [116608 2010-11-18] (VIA Technologies inc,.ltd) R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.) R3 amsint32; \??\C:\WINDOWS\system32\drivers\iojsmj.sys [X] S4 IntelIde; No ImagePath U4 WinRM; No ImagePath U1 WS2IFSL; No ImagePath U3 kfadyfow; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kfadyfow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)