Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Beata (administrator) on GDANSK-1 on 18-06-2015 18:55:06 Running from C:\Documents and Settings\Beata\Moje dokumenty\Pobrane Loaded Profiles: Beata (Available Profiles: Beata) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe (ESET) C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (A plus C Systems) C:\Program Files\A plus C Systems\uplook\Agent\Agent.Service.exe (A plus C Systems. Nyke Technology.) C:\Program Files\A plus C Systems\uplook\Agent\usm32\usmsrv.exe (A plus C Systems. Nyke Technology.) C:\Program Files\A plus C Systems\uplook\Agent\usm32\usmapp.exe (A plus C Systems. Nyke Technology.) C:\Program Files\A plus C Systems\uplook\Agent\usm32\usmapp.exe (A plus C Systems. Nyke Technology.) C:\Program Files\A plus C Systems\uplook\Agent\usm32\usmapp.exe (A plus C Systems. Nyke Technology.) C:\Program Files\A plus C Systems\uplook\Agent\usm32\usmapp.exe (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe (A plus C Systems. Nyke Technology.) C:\Program Files\A plus C Systems\uplook\Agent\usm32\usmapp.exe (A plus C Systems. Nyke Technology.) C:\Program Files\A plus C Systems\uplook\Agent\usm32\usmapp.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (ESET) C:\Program Files\ESET\ESET Endpoint Security\egui.exe (A plus C Systems) C:\Documents and Settings\Beata\Ustawienia lokalne\Dane aplikacji\A plus C Systems\Assistant-9.1.1\Uplook.Agent.Tools.Assistant.exe (Microsoft Corporation) C:\WINDOWS\system32\logon.scr (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Smapp] => C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [90112 2002-06-26] (Analog Devices, Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2008-05-07] () HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Security\egui.exe [3154424 2012-04-16] (ESET) HKLM\...\Run: [] => [X] HKLM\...\Run: [Uplook.Agent.Tools.Assistant] => C:\Program Files\A plus C Systems\uplook\Agent\Uplook.Agent.Tools.Assistant.exe [299216 2015-04-10] (A plus C Systems) HKU\S-1-5-21-1275210071-1303643608-725345543-1003\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit HKU\S-1-5-21-1275210071-1303643608-725345543-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk [2011-06-13] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1275210071-1303643608-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ HKU\S-1-5-21-1275210071-1303643608-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-1275210071-1303643608-725345543-1003 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File SearchScopes: HKU\S-1-5-21-1275210071-1303643608-725345543-1003 -> {A5F1AEAE-2900-420C-B7F6-02C4AFA0BB6B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated) BHO: pdfforge Toolbar -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> No File Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) Tcpip\..\Interfaces\{41826AC4-E76C-43DF-A47C-650101CD1FDB}: [NameServer] 194.204.159.1,194.204.152.34 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Beata\Dane aplikacji\Mozilla\Firefox\Profiles\ol5izfiz.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-11] () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-29] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird [2012-11-08] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [31024 2012-04-16] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe [999664 2012-04-16] (ESET) S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [183904 2012-04-16] (ESET) R2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [45568 2014-04-28] (Hewlett-Packard) [File not signed] R2 NVSvc; C:\WINDOWS\System32\nvsvc32.exe [77824 2003-11-17] (NVIDIA Corporation) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [55808 2014-04-28] (Hewlett-Packard) [File not signed] R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-07-15] (Analog Devices, Inc.) [File not signed] R2 uplook agent; C:\Program Files\A plus C Systems\uplook\Agent\Agent.Service.exe [18640 2015-04-10] (A plus C Systems) R2 usmsrv; C:\Program Files\A plus C Systems\uplook\Agent\usm32\usmsrv.exe [942288 2015-04-10] (A plus C Systems. Nyke Technology.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 APCMp50; C:\WINDOWS\System32\Drivers\APCMp50.sys [28224 2015-04-10] (Printing Communications Assoc., Inc. (PCAUSA)) R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [164424 2012-03-29] (ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [170616 2012-03-29] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [123760 2012-03-29] (ESET) R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [154160 2012-03-29] (ESET) R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [40336 2012-03-29] (ESET) R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61936 2012-03-29] (ESET) R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation) R0 IdeBusDr; C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys [13782 2002-08-14] (Intel Corporation) R0 IdeChnDr; C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys [93594 2002-08-14] (Intel Corporation) R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1618939 2003-11-17] (NVIDIA Corporation) [File not signed] S3 ufsf; C:\Program Files\A plus C Systems\uplook\Agent\Drivers\ufsf.sys [26552 2015-04-10] (A plus C Systems) R3 USMNTdrv; C:\Program Files\A plus C Systems\uplook\Agent\usm32\usm32wxp.sys [14816 2015-04-10] (A plus C Systems. Nyke Technology.) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-18 18:54 - 2015-06-18 18:55 - 00000000 ____D C:\FRST 2015-06-18 18:26 - 2015-06-18 18:26 - 00000348 _____ C:\WINDOWS\spupdsvc.log 2015-06-18 18:26 - 2015-06-18 18:26 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage 2015-06-18 18:25 - 2015-06-18 18:26 - 00011450 _____ C:\WINDOWS\setupapi.log 2015-06-18 18:25 - 2015-06-18 18:25 - 00000000 ____D C:\WINDOWS\LastGood 2015-06-18 18:25 - 2015-06-18 18:25 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-06-18 18:25 - 2015-06-18 18:25 - 00000000 _____ C:\WINDOWS\setupact.log 2015-06-18 18:03 - 2015-06-18 18:03 - 00062622 _____ C:\Documents and Settings\Beata\Moje dokumenty\cc_20150618_180341.reg 2015-06-16 06:01 - 2015-06-16 06:01 - 00000000 ____D C:\Documents and Settings\Beata\Menu Start\Programy\A plus C Systems 2015-06-16 05:51 - 2015-06-16 05:51 - 00000000 ____D C:\Program Files\A plus C Systems 2015-06-12 14:49 - 2015-06-12 14:50 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-18 18:55 - 2015-03-11 23:03 - 00000000 ____D C:\Documents and Settings\Beata\Moje dokumenty\Pobrane 2015-06-18 18:55 - 2011-06-10 16:17 - 00000000 ____D C:\Documents and Settings\Beata\Ustawienia lokalne\Temp 2015-06-18 18:28 - 2011-06-10 16:43 - 01234485 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-18 18:26 - 2011-06-10 17:03 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-06-18 18:26 - 2003-04-16 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2015-06-18 18:03 - 2011-06-10 16:17 - 00000000 ___RD C:\Documents and Settings\Beata\Moje dokumenty 2015-06-18 18:01 - 2011-06-13 09:57 - 00000000 ____D C:\Program Files\PDFCreator 2015-06-18 16:25 - 2011-06-20 13:38 - 00001772 ____H C:\Documents and Settings\Beata\Moje dokumenty\Default.rdp 2015-06-18 16:03 - 2011-06-10 17:05 - 00000157 ____N C:\WINDOWS\wiadebug.log 2015-06-18 16:03 - 2011-06-10 17:05 - 00000050 ____N C:\WINDOWS\wiaservc.log 2015-06-18 16:03 - 2011-06-10 16:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-18 16:02 - 2011-06-10 16:17 - 00000292 ___SH C:\Documents and Settings\Beata\ntuser.ini 2015-06-18 16:02 - 2011-06-10 16:16 - 00032430 ____N C:\WINDOWS\SchedLgU.Txt 2015-06-18 12:55 - 2011-06-10 16:17 - 00000000 ____D C:\Documents and Settings\Beata\Pulpit 2015-06-18 12:26 - 2014-09-30 12:41 - 00000000 ____D C:\skany 2015-06-18 12:02 - 2014-08-28 06:39 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job 2015-06-18 12:01 - 2014-08-28 06:59 - 00000222 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-06-18 07:38 - 2014-11-27 14:38 - 00246272 _____ C:\Documents and Settings\Beata\Pulpit\lISTA OBECNOŚCI 2014.xls 2015-06-18 07:14 - 2011-06-10 16:17 - 00000000 ____D C:\Documents and Settings\Beata 2015-06-16 07:34 - 2012-01-04 14:39 - 00000000 ____D C:\Documents and Settings\Beata\Pulpit\gdańsk 2015-06-16 06:01 - 2011-06-10 16:17 - 00000000 ___RD C:\Documents and Settings\Beata\Menu Start\Programy 2015-06-16 06:00 - 2014-08-02 10:36 - 00000000 ____D C:\Documents and Settings\Beata\Ustawienia lokalne\Dane aplikacji\A plus C Systems 2015-06-10 15:00 - 2014-10-22 13:30 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-10 14:52 - 2014-10-22 13:30 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-08 15:10 - 2014-08-28 06:59 - 00000216 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-06-01 08:57 - 2011-09-15 09:19 - 00000000 ____D C:\Documents and Settings\Beata\Pulpit\OFERTA TEMAR 2015-05-20 10:10 - 2015-01-05 08:49 - 00029184 _____ C:\Documents and Settings\Beata\Pulpit\Palety Rysiu.xls ==================== Files in the root of some directories ======= 2011-12-13 10:11 - 2011-12-13 10:11 - 0003584 ____C () C:\Documents and Settings\Beata\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-06-13 09:58 - 2011-06-13 09:58 - 0000130 ____C () C:\Documents and Settings\Beata\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2013-11-05 15:44 - 2013-11-05 16:45 - 0000600 _____ () C:\Documents and Settings\Beata\Ustawienia lokalne\Dane aplikacji\PUTTY.RND ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================