Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2014 Ran by SYSTEM on MiniXP on 17-12-2014 18:24:41 Running from E:\ Platform: Microsoft Windows XP (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet003 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HDAudDeck] => I:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 HKLM\...\Run: [S.M.A.R.T. Vision] => I:\PROGRA~1\ACELAB~1\SMARTV~1\SMART.exe HKLM\...\Run: [QuickTime Task] => "I:\Program Files\QuickTime\qttask.exe" -atboottime HKLM\...\Run: [Wondershare Helper Compact.exe] => I:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM\...\Run: [Ptipbmf] => rundll32.exe ptipbmf.dll,SetWriteCacheMode HKLM\...\Run: [BrMfcWnd] => I:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN HKLM\...\Run: [ControlCenter3] => I:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun HKLM\...\Run: [SunJavaUpdateSched] => "I:\Program Files\Common Files\Java\Java Update\jusched.exe" HKLM\...\Winlogon: [Userinit] I:\WINDOWS\system32\userinit.exe, Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\Administrator\...\Run: [ctfmon.exe] => I:\WINDOWS\system32\ctfmon.exe HKU\Administrator\...\RunOnce: [Report] => I:\AdwCleaner[S4].txt HKU\Default User\...\Run: [CTFMON.EXE] => I:\WINDOWS\system32\CTFMON.EXE HKU\LocalService\...\Run: [CTFMON.EXE] => I:\WINDOWS\system32\CTFMON.EXE HKU\NetworkService\...\Run: [CTFMON.EXE] => I:\WINDOWS\system32\CTFMON.EXE HKU\PatrykG\...\Run: [Komunikator] => I:\Program Files\Tlen.pl\tlen.exe HKU\PatrykG\...\Run: [MSMSGS] => "I:\Program Files\Messenger\msmsgs.exe" /background HKU\PatrykG\...\Run: [ctfmon.exe] => I:\WINDOWS\system32\ctfmon.exe HKU\PatrykG\...\Run: [f.lux] => "I:\Documents and Settings\PatrykG\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe" /noshow HKU\PatrykG\...\Run: [FreeAC] => I:\Program Files\FreeAlarmClock\FreeAlarmClock.exe -autorun HKU\PatrykG\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF HKU\PatrykG\...\Winlogon: [Shell] explorer.exe,I:\Documents and Settings\PatrykG\Dane aplikacji\Other.res <==== ATTENTION SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - I:\WINDOWS\system32\webcheck.dll No File SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - I:\WINDOWS\system32\stobject.dll No File SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.) S3 BITS; I:\WINDOWS\system32\qmgr.dll [X] S3 clr_optimization_v2.0.50727_32; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X] S3 COMSysApp; I:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [X] S3 EventSystem; I:\WINDOWS\system32\es.dll [X] S3 FontCache3.0.0.0; I:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [X] S3 idsvc; "I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X] S3 ImapiService; I:\WINDOWS\system32\imapi.exe [X] S2 JavaQuickStarterService; "I:\Program Files\Java\jre7\bin\jqs.exe" -service -config "I:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" S2 MDM; "I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X] S3 mnmsrvc; I:\WINDOWS\system32\mnmsrvc.exe [X] S3 MozillaMaintenance; "I:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] S3 MSDTC; I:\WINDOWS\system32\msdtc.exe [X] S4 NetTcpPortSharing; "I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [X] S2 NMSAccess; I:\Program Files\CDBurnerXP\NMSAccessU.exe [X] S3 ose; "I:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X] S3 RDSessMgr; I:\WINDOWS\system32\sessmgr.exe [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S4 SkypeUpdate; "I:\Program Files\Skype\Updater\Updater.exe" [X] S4 srservice; I:\WINDOWS\system32\srsvc.dll [X] S2 srvSMART; I:\PROGRA~1\ACELAB~1\SMARTV~1\SMARTSrv.exe [X] S3 SwPrv; I:\WINDOWS\system32\dllhost.exe /Processid:{5B7A5530-8A61-4701-80ED-F4951574804D} [X] S4 TlntSvr; I:\WINDOWS\system32\tlntsvr.exe [X] S2 W32Time; I:\WINDOWS\system32\w32time.dll [X] S3 WmdmPmSN; I:\WINDOWS\system32\mspmsnsv.dll [X] S4 WmiApSrv; I:\WINDOWS\system32\wbem\wmiapsrv.exe [X] S4 WMPNetworkSvc; "I:\Program Files\Windows Media Player\WMPNetwk.exe" [X] S3 wuauserv; I:\WINDOWS\system32\wuauserv.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [400384 2004-02-24] (Sensaura) S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [626204 2004-06-21] (Realtek Semiconductor Corp.) S3 AMBFilt; C:\Windows\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101392 2011-03-30] (Advanced Micro Devices) S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S0 fasttx2k; C:\Windows\System32\DRIVERS\fasttx2k.sys [159744 2003-08-06] (Promise Technology, Inc.) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) S3 MonFilt; C:\Windows\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.) S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) S2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () S1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55224 2014-04-05] (StdLib) S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [2127728 2010-08-04] (VIA Technologies, Inc.) S0 viasraid; C:\Windows\System32\DRIVERS\viasraid.sys [77312 2011-06-08] (VIA Technologies inc,.ltd) S3 VMfilt; C:\Windows\System32\drivers\VMfilt32.sys [17920 2009-07-31] (Creative Technology Ltd.) S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2013-05-30] (Wondershare) S3 yukonwxp; C:\Windows\System32\DRIVERS\yukonwxp.sys [174464 2003-11-10] (Marvell Semiconductor Inc.) S4 IntelIde; No ImagePath S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SynasUSB; system32\drivers\SynasUSB.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-17 17:53 - 2014-12-17 18:05 - 00000000 ____D () C:\FRST 2014-12-03 00:03 - 2014-12-03 00:03 - 00000000 ____D () C:\boot-sav ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-17 16:47 - 2011-06-08 20:09 - 00000259 _____ () C:\Windows\wiadebug.log 2014-12-17 16:46 - 2011-06-08 20:09 - 00000050 _____ () C:\Windows\wiaservc.log 2014-12-17 16:46 - 2004-08-04 12:00 - 00012598 _____ () C:\Windows\System32\wpa.dbl 2014-12-02 21:20 - 2011-06-08 18:24 - 00000292 ___SH () C:\Documents and Settings\PatrykG\ntuser.ini 2014-12-02 21:20 - 2011-06-08 18:18 - 01156680 _____ () C:\Windows\WindowsUpdate.log 2014-12-01 09:30 - 2012-07-08 12:54 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-11-27 14:12 - 2011-06-08 18:23 - 00032460 _____ () C:\Windows\SchedLgU.Txt 2014-11-27 14:10 - 2011-06-08 18:24 - 00000000 __RHD () C:\Documents and Settings\PatrykG\Dane aplikacji 2014-11-26 12:49 - 2012-07-08 13:17 - 00001324 _____ () C:\Windows\System32\d3d9caps.dat 2014-11-26 00:47 - 2011-06-08 20:05 - 00332884 _____ () C:\Windows\setupact.log 2014-11-25 23:56 - 2011-06-19 16:52 - 00000786 _____ () C:\Windows\YDPDICT.INI 2014-11-24 16:07 - 2011-06-08 18:24 - 00000000 ___RD () C:\Documents and Settings\PatrykG\Moje dokumenty 2014-11-23 09:41 - 2012-04-11 09:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2014-11-23 09:41 - 2011-06-08 21:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2014-11-23 09:38 - 2012-04-27 09:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-21 18:14 - 2011-08-28 19:49 - 00000000 ____D () C:\Program Files\Notepad++ 2014-11-21 16:42 - 2011-06-08 18:24 - 00000000 ____D () C:\Documents and Settings\PatrykG\Pulpit 2014-11-19 23:18 - 2011-06-30 02:23 - 00000116 _____ () C:\Windows\NeroDigital.ini ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe [2004-08-04 12:00] - [2008-04-14 17:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 12:00] - [2008-04-14 17:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 12:00] - [2008-04-14 17:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 12:00] - [2009-02-09 11:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2004-08-04 12:00] - [2008-04-14 17:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 12:00] - [2008-04-14 17:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2004-08-04 12:00] - [2009-02-09 10:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 12:00] - [2008-04-14 16:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== Restore Points (XP) ===================== ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 3067.11 MB Available physical RAM: 2672.53 MB Total Pagefile: 2786.29 MB Available Pagefile: 1735.68 MB Total Virtual: 2047.88 MB Available Virtual: 2003.84 MB ==================== Drives ================================ Drive b: (RamDrive) (Fixed) (Total:0.97 GB) (Free:0.95 GB) NTFS Drive c: () (Fixed) (Total:23.44 GB) (Free:0.09 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (WDBlue1TB) (Fixed) (Total:50 GB) (Free:0.1 GB) NTFS Drive e: () (Fixed) (Total:0.96 GB) (Free:0.96 GB) FAT32 Drive g: () (Fixed) (Total:201.15 GB) (Free:0.18 GB) NTFS Drive h: () (Fixed) (Total:201.17 GB) (Free:0.23 GB) NTFS Drive i: (WDBlue1TB) (Fixed) (Total:50 GB) (Free:0.15 GB) NTFS Drive j: (HBCD 10.6) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS Drive x: (MiniXP) (Fixed) (Total:0.11 GB) (Free:0.01 GB) NTFS Drive y: () (Fixed) (Total:40 GB) (Free:0.4 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FB668040) Partition 1: (Active) - (Size=50 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=66.9 GB) - (Type=05) Partition 4: (Not Active) - (Size=120.1 GB) - (Type=83) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: F9E9FB0B) Partition 1: (Active) - (Size=40 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=425.8 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B436EBF9) ======================================================== Disk: 3 (Size: 984 MB) (Disk ID: 9964DBD9) Partition 1: (Active) - (Size=984 MB) - (Type=0B) ==================== End Of Log ============================