Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014 Ran by Ja (administrator) on DARIA on 04-12-2014 17:36:52 Running from C:\Documents and Settings\Ja\Pulpit\frst1 Loaded Profile: Ja (Available profiles: Ja) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\System32\ATI2EVXX.EXE (ATI Technologies Inc.) C:\WINDOWS\System32\ATI2EVXX.EXE (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE () C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe () C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\BIN\HPQTRA08.EXE (Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\BIN\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\BIN\hpqgpc01.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-12-01] (Realtek Semiconductor Corp.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1060284298-796845957-1417001333-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-1060284298-796845957-1417001333-1005 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) URLSearchHook: HKU\S-1-5-21-1060284298-796845957-1417001333-1005 - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Livebox\SearchURLHook\SearchPageURL.dll () HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing. BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\4j6c5go5.default-1417710939796 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [425984 2004-12-01] (ATI Technologies Inc.) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2300928 2004-12-01] (Realtek Semiconductor Corp.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [35840 2004-10-21] (Advanced Micro Devices) R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [928256 2004-12-01] (ATI Technologies Inc.) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP) R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [87936 2004-12-07] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33408 2004-11-24] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-11-24] (NVIDIA Corporation) S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2003-09-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2006-03-01] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 17:35 - 2014-12-04 17:35 - 00000000 ____D () C:\Documents and Settings\Ja\Pulpit\Stare dane programu Firefox 2014-12-04 17:28 - 2014-12-04 17:28 - 00000041 _____ () C:\WINDOWS\setupact.log 2014-12-04 17:28 - 2014-12-04 17:28 - 00000000 ____D () C:\Documents and Settings\Ja\Pulpit\frst1 2014-12-04 17:28 - 2014-12-04 17:28 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-12-04 16:16 - 2014-12-04 16:16 - 00000000 ____D () C:\FRST 2014-12-04 15:59 - 2014-12-04 17:28 - 00007484 _____ () C:\WINDOWS\setupapi.log 2014-12-04 15:54 - 2014-12-04 15:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini120414-01.dmp 2014-12-04 15:10 - 2008-04-14 21:41 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys 2014-12-01 19:21 - 2014-12-01 19:21 - 00000175 _____ () C:\WINDOWS\system32\Drivers\aswSnx.sys.sum ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 17:32 - 2014-09-11 10:23 - 00000424 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410423781.job 2014-12-04 17:32 - 2013-04-05 20:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-04 17:32 - 2013-04-05 20:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-04 17:31 - 2013-04-05 20:34 - 00000188 ___SH () C:\Documents and Settings\Ja\ntuser.ini 2014-12-04 17:31 - 2013-04-05 20:27 - 00597479 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-04 14:58 - 2013-04-05 20:33 - 00032526 ____N () C:\WINDOWS\SchedLgU.Txt 2014-12-04 14:58 - 2013-04-05 20:20 - 00000050 ____N () C:\WINDOWS\wiaservc.log 2014-12-04 14:56 - 2008-04-15 12:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-02 08:10 - 2008-04-15 12:00 - 00000710 _____ () C:\WINDOWS\win.ini 2014-12-01 19:38 - 2013-04-08 18:54 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-27 10:42 - 2013-04-08 18:54 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-11-27 10:42 - 2013-04-08 18:54 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================