Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01 Ran by DOM (administrator) on DOM-CB1A357076F on 28-02-2015 13:42:29 Running from C:\Documents and Settings\DOM\Pulpit\Nowy folder Loaded Profiles: DOM (Available profiles: DOM) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe () C:\Program Files\802.11g Wireless LAN\Monitor.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Igor Pavlov) C:\Program Files\AVG\AVG2015\Notification\Launcher.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.) Startup: C:\Documents and Settings\DOM\Menu Start\Programy\Autostart\Monitor.lnk ShortcutTarget: Monitor.lnk -> C:\Program Files\802.11g Wireless LAN\Monitor.exe () BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\6j7e5b30.default FF Homepage: https://www.google.pl/webhp?tab=ww&ei=-lqyVPKrHc7cPeuSgPgE&ved=0CAcQ1S4 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Extension: Better Finder - C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\6j7e5b30.default\Extensions\{142c88f6-8b34-46f3-938d-72ffd58238dc} [2015-01-11] FF Extension: Adblock Plus - C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\6j7e5b30.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-15] (Microsoft Corporation) [File not signed] R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-15] (Microsoft Corporation) [File not signed] S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [172032 2008-04-15] (Microsoft Corporation) [File not signed] R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-15] (Microsoft Corporation) [File not signed] R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.) S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-15] (Microsoft Corporation) [File not signed] S2 Browser; C:\WINDOWS\System32\browser.dll [77824 2008-04-15] (Microsoft Corporation) [File not signed] S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-15] (Microsoft Corporation) [File not signed] S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-15] (Microsoft Corporation) [File not signed] R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-15] (Microsoft Corporation) [File not signed] R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [399360 2008-04-15] (Microsoft Corporation) [File not signed] R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126464 2008-04-15] (Microsoft Corporation) [File not signed] S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [225280 2008-04-15] (Microsoft Corp., Veritas Software) [File not signed] R2 dmserver; C:\WINDOWS\System32\dmserver.dll [24064 2008-04-15] (Microsoft Corp.) [File not signed] R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2008-04-15] (Microsoft Corporation) [File not signed] S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [133632 2008-04-15] (Microsoft Corporation) [File not signed] S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-15] (Microsoft Corporation) [File not signed] R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-15] (Microsoft Corporation) [File not signed] R2 Eventlog; C:\WINDOWS\system32\services.exe [109056 2008-04-15] (Microsoft Corporation) [File not signed] R3 EventSystem; C:\WINDOWS\system32\es.dll [246272 2008-04-15] (Microsoft Corporation) [File not signed] R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135680 2008-04-15] (Microsoft Corporation) [File not signed] R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-15] (Microsoft Corporation) [File not signed] S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-15] (Microsoft Corporation) [File not signed] S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-15] (Microsoft Corporation) [File not signed] S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-15] (Microsoft Corporation) [File not signed] R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [96768 2008-04-15] (Microsoft Corporation) [File not signed] R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2008-04-15] (Microsoft Corporation) [File not signed] R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-15] (Microsoft Corporation) [File not signed] S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-15] (Microsoft Corporation) [File not signed] S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-15] (Microsoft Corporation) [File not signed] S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-15] (Microsoft Corporation) [File not signed] S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-15] (Microsoft Corporation) [File not signed] S3 napagent; C:\WINDOWS\System32\qagentrt.dll [293376 2008-04-15] (Microsoft Corporation) [File not signed] S4 NetDDE; C:\WINDOWS\system32\netdde.exe [114688 2008-04-15] (Microsoft Corporation) [File not signed] S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [114688 2008-04-15] (Microsoft Corporation) [File not signed] S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-15] (Microsoft Corporation) [File not signed] R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-15] (Microsoft Corporation) [File not signed] R3 Nla; C:\WINDOWS\System32\mswsock.dll [246784 2008-04-15] (Microsoft Corporation) [File not signed] S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-15] (Microsoft Corporation) [File not signed] S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435712 2008-04-15] (Microsoft Corporation) [File not signed] R2 PlugPlay; C:\WINDOWS\system32\services.exe [109056 2008-04-15] (Microsoft Corporation) [File not signed] R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-15] (Microsoft Corporation) [File not signed] R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-15] (Microsoft Corporation) [File not signed] S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-15] (Microsoft Corporation) [File not signed] R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-15] (Microsoft Corporation) [File not signed] S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [142336 2008-04-15] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-15] (Microsoft Corporation) [File not signed] R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-15] (Microsoft Corporation) [File not signed] S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-15] (Microsoft Corporation) [File not signed] R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [399360 2008-04-15] (Microsoft Corporation) [File not signed] S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2008-04-15] (Microsoft Corporation) [File not signed] R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-15] (Microsoft Corporation) [File not signed] S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [98304 2008-04-15] (Microsoft Corporation) [File not signed] R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [193536 2008-04-15] (Microsoft Corporation) [File not signed] R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-15] (Microsoft Corporation) [File not signed] R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-15] (Microsoft Corporation) [File not signed] R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [330752 2008-04-15] (Microsoft Corporation) [File not signed] R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135680 2008-04-15] (Microsoft Corporation) [File not signed] R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [57856 2008-04-15] (Microsoft Corporation) [File not signed] R2 srservice; C:\WINDOWS\system32\srsvc.dll [171520 2008-04-15] (Microsoft Corporation) [File not signed] R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-15] (Microsoft Corporation) [File not signed] S3 stisvc; C:\WINDOWS\system32\wiaservc.dll [334336 2008-04-15] (Microsoft Corporation) [File not signed] S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [91136 2008-04-15] (Microsoft Corporation) [File not signed] R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-15] (Microsoft Corporation) [File not signed] R3 TermService; C:\WINDOWS\System32\termsrv.dll [296448 2008-04-15] (Microsoft Corporation) [File not signed] R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135680 2008-04-15] (Microsoft Corporation) [File not signed] S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [75264 2008-04-15] (Microsoft Corporation) [File not signed] R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-15] (Microsoft Corporation) [File not signed] S3 upnphost; C:\WINDOWS\System32\upnphost.dll [186880 2008-04-15] (Microsoft Corporation) [File not signed] S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-15] (Microsoft Corporation) [File not signed] S3 VSS; C:\WINDOWS\System32\vssvc.exe [291840 2008-04-15] (Microsoft Corporation) [File not signed] R2 W32Time; C:\WINDOWS\system32\w32time.dll [176128 2008-04-15] (Microsoft Corporation) [File not signed] R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-15] (Microsoft Corporation) [File not signed] R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [145408 2008-04-15] (Microsoft Corporation) [File not signed] S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed] S3 Wmi; C:\WINDOWS\System32\advapi32.dll [686592 2008-04-15] (Microsoft Corporation) [File not signed] S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-15] (Microsoft Corporation) [File not signed] S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [918016 2006-12-01] (Microsoft Corporation) [File not signed] R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-15] (Microsoft Corporation) [File not signed] R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-15] (Microsoft Corporation) [File not signed] R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-15] (Microsoft Corporation) [File not signed] S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-15] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [188544 2008-04-15] (Microsoft Corporation) [File not signed] S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [12032 2008-04-15] (Microsoft Corporation) [File not signed] S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed] R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138112 2008-04-15] (Microsoft Corporation) [File not signed] R1 AmdK7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [41856 2008-04-15] (Microsoft Corporation) [File not signed] S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-15] (Microsoft Corporation) [File not signed] R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-15] (Microsoft Corporation) [File not signed] S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-15] (Microsoft Corporation) [File not signed] R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed] R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [192792 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.) S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2008-04-15] (Microsoft Corporation) [File not signed] S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2008-04-15] (Microsoft Corporation) [File not signed] R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-15] (Microsoft Corporation) [File not signed] R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-15] (Microsoft Corporation) [File not signed] R3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.) [File not signed] R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-15] (Microsoft Corporation) [File not signed] S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [800000 2008-04-15] (Microsoft Corp., Veritas Software) [File not signed] R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153856 2008-04-15] (Microsoft Corp., Veritas Software) [File not signed] R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2008-04-15] (Microsoft Corp., Veritas Software.) [File not signed] S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed] S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed] R3 emu10k; C:\WINDOWS\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.) [File not signed] R3 emu10k1; C:\WINDOWS\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.) [File not signed] R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-15] (Microsoft Corporation) [File not signed] R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-15] (Microsoft Corporation) [File not signed] R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [46592 2011-02-10] (VIA Technologies, Inc. ) [File not signed] R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44672 2008-04-15] (Microsoft Corporation) [File not signed] R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-15] (Microsoft Corporation) [File not signed] R0 FltMgr; C:\WINDOWS\System32\DRIVERS\fltMgr.sys [129792 2008-04-15] (Microsoft Corporation) [File not signed] U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2008-04-15] (Microsoft Corporation) [File not signed] R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125568 2008-04-15] (Microsoft Corporation) [File not signed] R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation) [File not signed] R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-15] (Microsoft Corporation) [File not signed] R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [264832 2008-04-15] (Microsoft Corporation) [File not signed] R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [53248 2008-04-15] (Microsoft Corporation) [File not signed] R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-15] (Microsoft Corporation) [File not signed] S3 Ip6Fw; C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-15] (Microsoft Corporation) [File not signed] S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-15] (Microsoft Corporation) [File not signed] S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-15] (Microsoft Corporation) [File not signed] R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-15] (Microsoft Corporation) [File not signed] R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-15] (Microsoft Corporation) [File not signed] S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-15] (Microsoft Corporation) [File not signed] R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37632 2008-04-14] (Microsoft Corporation) [File not signed] R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24960 2008-04-15] (Microsoft Corporation) [File not signed] R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed] R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92288 2008-04-15] (Microsoft Corporation) [File not signed] R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2008-04-15] (Microsoft Corporation) [File not signed] S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30208 2008-04-15] (Microsoft Corporation) [File not signed] R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23296 2008-04-15] (Microsoft Corporation) [File not signed] R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-15] (Microsoft Corporation) [File not signed] R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-15] (Microsoft Corporation) [File not signed] R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456576 2008-04-15] (Microsoft Corporation) [File not signed] R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-15] (Microsoft Corporation) [File not signed] S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed] S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed] S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed] R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-15] (Microsoft Corporation) [File not signed] R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105344 2008-04-15] (Microsoft Corporation) [File not signed] R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-15] (Microsoft Corporation) [File not signed] R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10112 2008-04-15] (Microsoft Corporation) [File not signed] R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-15] (Microsoft Corporation) [File not signed] R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-15] (Microsoft Corporation) [File not signed] R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40576 2008-04-15] (Microsoft Corporation) [File not signed] R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-15] (Microsoft Corporation) [File not signed] R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-15] (Microsoft Corporation) [File not signed] R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-15] (Microsoft Corporation) [File not signed] R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-15] (Microsoft Corporation) [File not signed] R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2008-04-15] (Microsoft Corporation) [File not signed] S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-15] (Microsoft Corporation) [File not signed] S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-15] (Microsoft Corporation) [File not signed] R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80256 2008-04-15] (Microsoft Corporation) [File not signed] R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-15] (Microsoft Corporation) [File not signed] R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6912 2008-04-15] (Microsoft Corporation) [File not signed] R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68608 2008-04-15] (Microsoft Corporation) [File not signed] S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120320 2008-04-15] (Microsoft Corporation) [File not signed] R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-15] (Microsoft Corporation) [File not signed] R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-15] (Microsoft Corporation) [File not signed] R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2008-04-15] (Parallel Technologies, Inc.) [File not signed] R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2008-04-15] (Microsoft Corporation) [File not signed] R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-15] (Microsoft Corporation) [File not signed] R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-15] (Microsoft Corporation) [File not signed] R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2008-04-15] (Microsoft Corporation) [File not signed] R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-15] (Microsoft Corporation) [File not signed] R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2008-04-15] (Microsoft Corporation) [File not signed] R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation) [File not signed] R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [58880 2008-04-14] (Microsoft Corporation) [File not signed] R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [339072 2005-07-01] (Ralink Technology Inc.) [File not signed] S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-15] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-15] (Microsoft Corporation) [File not signed] R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [65280 2008-04-15] (Microsoft Corporation) [File not signed] S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-15] (Microsoft Corporation) [File not signed] R3 sfman; C:\WINDOWS\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.) [File not signed] S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed] R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-15] (Microsoft Corporation) [File not signed] R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [334848 2008-04-15] (Microsoft Corporation) [File not signed] R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-15] (Microsoft Corporation) [File not signed] S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed] R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed] R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361344 2008-04-15] (Microsoft Corporation) [File not signed] S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-15] (Microsoft Corporation) [File not signed] S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-15] (Microsoft Corporation) [File not signed] R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed] R0 uagp35; C:\WINDOWS\System32\DRIVERS\uagp35.sys [44672 2008-04-14] (Microsoft Corporation) [File not signed] S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-15] (Microsoft Corporation) [File not signed] R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-15] (Microsoft Corporation) [File not signed] R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30208 2008-04-15] (Microsoft Corporation) [File not signed] R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-15] (Microsoft Corporation) [File not signed] R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2008-04-15] (Microsoft Corporation) [File not signed] R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-15] (Microsoft Corporation) [File not signed] R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-15] (Microsoft Corporation) [File not signed] R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.) [File not signed] R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-15] (Microsoft Corporation) [File not signed] R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-15] (Microsoft Corporation) [File not signed] R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed] S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-28 13:42 - 2015-02-28 13:42 - 00000000 ____D () C:\FRST 2015-02-28 13:23 - 2015-02-28 13:42 - 00000000 ____D () C:\Documents and Settings\DOM\Pulpit\Nowy folder 2015-02-15 11:39 - 2015-02-15 11:39 - 00012328 _____ () C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-02-15 11:39 - 2015-02-15 11:39 - 00000000 ____D () C:\Documents and Settings\DOM\Dane aplikacji\AVG2015 2015-02-15 11:38 - 2015-02-15 11:38 - 00000732 _____ () C:\Documents and Settings\All Users\Pulpit\AVG 2015.lnk 2015-02-15 11:38 - 2015-02-15 11:38 - 00000000 ____D () C:\Documents and Settings\DOM\Dane aplikacji\TuneUp Software 2015-02-15 11:38 - 2015-02-15 11:38 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\AVG 2015-02-15 11:36 - 2015-02-15 11:39 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVG2015 2015-02-15 11:36 - 2015-02-15 11:36 - 00000000 ___HD () C:\$AVG 2015-02-15 11:35 - 2015-02-15 11:35 - 00000000 ____D () C:\Program Files\AVG 2015-02-15 11:31 - 2015-02-15 11:47 - 00000000 ____D () C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\Avg2015 2015-02-15 11:30 - 2015-02-28 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2015-02-15 11:30 - 2015-02-15 11:30 - 00000000 ____D () C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\MFAData 2015-02-15 11:30 - 2015-02-15 11:30 - 00000000 ____D () C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\Avg2014 2015-02-05 18:31 - 2015-02-05 18:31 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\McAfee 2015-01-31 15:15 - 2015-01-31 15:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini013115-01.dmp 2015-01-31 15:15 - 2015-01-31 15:15 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-31 15:05 - 2015-01-31 15:05 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-01-31 15:05 - 2015-01-31 15:05 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-01-31 15:05 - 2015-01-31 15:05 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\McAfee 2015-01-31 15:03 - 2015-01-31 15:05 - 00000000 ____D () C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\Adobe 2015-01-29 15:49 - 2015-01-29 15:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-28 13:43 - 2015-01-10 13:52 - 00000000 ____D () C:\Documents and Settings\DOM\Ustawienia lokalne\Temp 2015-02-28 13:23 - 2015-01-10 13:52 - 00000000 ____D () C:\Documents and Settings\DOM\Pulpit 2015-02-28 13:14 - 2015-01-10 13:27 - 00098346 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-28 13:08 - 2015-01-10 14:40 - 00182038 _____ () C:\WINDOWS\system32\nvapps.xml 2015-02-28 13:08 - 2015-01-10 13:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-28 13:05 - 2015-01-10 14:11 - 00279168 _____ () C:\WINDOWS\setupapi.log 2015-02-28 13:05 - 2015-01-10 13:52 - 00000188 ___SH () C:\Documents and Settings\DOM\ntuser.ini 2015-02-28 13:05 - 2015-01-10 13:50 - 00011364 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-28 12:59 - 2008-04-15 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-15 11:39 - 2015-01-10 13:52 - 00000000 __RHD () C:\Documents and Settings\DOM\Dane aplikacji 2015-02-15 11:39 - 2015-01-10 13:52 - 00000000 ___HD () C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji 2015-02-15 11:38 - 2015-01-10 14:11 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-02-15 11:38 - 2015-01-10 14:11 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-02-15 11:36 - 2015-01-10 14:11 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-02-15 11:10 - 2015-01-10 14:37 - 00000000 ____D () C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\Google 2015-02-15 11:10 - 2015-01-10 14:36 - 00000000 ____D () C:\Program Files\Google 2015-02-15 11:10 - 2015-01-10 14:11 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2015-01-29 16:02 - 2015-01-10 14:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2015-01-10 14:55 - 2015-01-13 18:54 - 0008192 _____ () C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\WINDOWS\system32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0399360 ____A (Microsoft Corporation) 02396dab9dd407b06539981f477f3fec ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================