Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-08-2015 02 Ran by Krzysiek (administrator) on KRZYSZTO-1A03A9 (27-08-2015 19:14:50) Running from F:\ Loaded Profiles: Krzysiek (Available Profiles: Krzysiek) Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 6 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe (Microsoft Corporation) C:\WINDOWS\system32\wisptis.exe (Microsoft Corporation) C:\WINDOWS\system32\tabbtnu.exe (WACOM) C:\WINDOWS\system32\digtizer.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Lucent Technologies) C:\WINDOWS\LTSMMSG.exe (DAEMON'S HOME) C:\Program Files\D-Tools\daemon.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TabletWizard] => C:\WINDOWS\help\SplshWrp.exe [16384 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [TabletTip] => C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [271872 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [LTSMMSG] => C:\WINDOWS\LTSMMSG.exe [32768 2001-12-17] (Lucent Technologies) HKLM\...\Run: [DAEMON Tools-1033] => C:\Program Files\D-Tools\daemon.exe [81920 2004-08-22] (DAEMON'S HOME) HKLM\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [Regedit32] => C:\WINDOWS\system32\regedit.exe HKLM\...\Run: [BEWINTERNET-PLSessionManager] => "C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" HKLM\...\Run: [MFARestart] => "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2003-12-14] (Intel Corporation) Winlogon\Notify\loginkey: C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-03] (Microsoft Corporation) Winlogon\Notify\TabBtnWL: C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29] (Microsoft Corporation) Winlogon\Notify\tpgwlnotify: C:\WINDOWS\system32\tpgwlnot.dll [2004-08-03] (Microsoft Corporation) HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKU\S-1-5-21-1993962763-1935655697-1708537768-1003\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-09-16] (Ahead Software AG) HKU\S-1-5-21-1993962763-1935655697-1708537768-1003\...\Run: [CsimPlayer] => C:\Documents and Settings\Krzysiek\CsimPlayer.exe HKU\S-1-5-18\...\Run: [TabletWizard] => %windir%\help\wizard.hta BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart AlternateShell: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1993962763-1935655697-1708537768-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ HKU\S-1-5-21-1993962763-1935655697-1708537768-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-1993962763-1935655697-1708537768-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll No File FireFox: ======== FF ProfilePath: C:\Documents and Settings\Krzysiek\Application Data\Mozilla\Firefox\Profiles\lh9jlufe.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2009-10-27] () FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-25] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-02-08] (mozilla.org) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2009-05-20] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2009-05-20] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2009-05-20] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2009-05-20] Chrome: ======= CHR Profile: C:\Documents and Settings\Krzysiek\Local Settings\Application Data\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Digitizer; C:\WINDOWS\System32\digtizer.exe [61440 2004-06-30] (WACOM) [File not signed] S2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [X] S2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) R0 d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( ) [File not signed] R0 d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [5248 2004-08-22] ( ) [File not signed] R3 FJTabBtn; C:\WINDOWS\System32\DRIVERS\FjTabBtn.sys [10496 2003-01-09] (Fujitsu PC Corporation) [File not signed] S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2009-07-13] (Aladdin Knowledge Systems) [File not signed] R3 hidpen; C:\WINDOWS\System32\DRIVERS\hidpen.sys [31104 2004-08-02] (Wacom Co., Ltd) R2 HOSTNT; C:\WINDOWS\system32\Drivers\HOSTNT.sys [4032 2012-05-08] () [File not signed] S3 hwdatacard; C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys [102400 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [102656 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] R3 LucentSoftModem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [807021 2001-12-18] (Lucent Technologies) R1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42496 2004-08-03] (Microsoft Corporation) S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2009-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2009-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 PRISM; C:\WINDOWS\System32\DRIVERS\PRISMNDS.sys [642560 2003-06-02] (Intersil Corporation) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [45568 2002-06-12] (Realtek Semiconductor Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-03] () R3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [179664 2002-08-10] (SigmaTel, Inc.) R0 swopafwx; C:\WINDOWS\System32\Drivers\swopafwx.sys [40128 2009-12-11] () [File not signed] R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [359040 2004-08-03] (Microsoft Corporation) [File not signed] R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [122942 2004-01-05] (Intel Corporation) R3 {6D08DE67-D457-4d38-A7F5-D88CCB81EE00}; C:\WINDOWS\System32\drivers\A306.sys [16951 2004-01-05] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [99002 2004-01-05] (Intel Corporation) S3 amsint32; \??\C:\WINDOWS\system32\drivers\oiqpk.sys [X] R4 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-27 19:14 - 2015-08-27 19:14 - 00000000 ____D C:\FRST 2015-08-27 19:01 - 2015-08-27 19:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-08-27 18:53 - 2015-08-27 18:57 - 00000000 ____D C:\AdwCleaner 2015-08-27 18:19 - 2015-08-27 18:19 - 00000000 ___SD C:\ComboFix 2015-08-27 18:19 - 2015-08-27 18:19 - 00000000 ____D C:\Qoobox 2015-08-27 18:18 - 2015-08-27 18:18 - 00000000 ____D C:\WINDOWS\erdnt 2015-08-27 17:42 - 2015-08-27 17:42 - 00000000 ____D C:\Documents and Settings\Krzysiek\Application Data\TuneUp Software 2015-08-27 16:53 - 2015-08-27 16:53 - 00000000 ____D C:\Program Files\7-Zip 2015-08-27 16:53 - 2015-08-27 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip 2015-08-27 16:21 - 2015-08-26 11:26 - 148912384 _____ (AVG Technologies) C:\avg_isct_x86_all_2011_1153a3218.exe 2015-08-26 22:14 - 2015-08-26 22:14 - 00103140 __RSH C:\yrww.exe 2015-08-26 22:07 - 2015-08-26 22:07 - 00000000 ____D C:\Documents and Settings\Krzysiek\Application Data\AVG10 2015-08-26 21:15 - 2015-08-26 21:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini082615-01.dmp 2015-08-26 20:27 - 2015-08-26 20:27 - 00000000 ___HD C:\$AVG 2015-08-26 19:49 - 2015-08-27 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011 2015-08-26 19:48 - 2015-08-27 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG10 2015-08-26 19:48 - 2015-08-27 17:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\AVG 2015-08-26 19:46 - 2015-08-26 19:46 - 00000000 ____D C:\Program Files\AVG 2015-08-26 19:43 - 2015-08-26 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2015-08-26 19:21 - 2015-08-26 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files 2015-08-26 18:04 - 2015-08-26 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2015-08-26 17:56 - 2015-08-26 17:56 - 00003584 _____ C:\Documents and Settings\Krzysiek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-03-21 13:44 - 2009-07-15 00:45 - 00246272 _____ (Stirling Technologies, Inc.) C:\WINDOWS\UNINST16.EXE 2015-08-27 19:15 - 2009-05-19 22:45 - 00000000 ____D C:\Documents and Settings\Krzysiek\Local Settings\Temp 2015-08-27 19:09 - 2009-05-19 22:26 - 00040181 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-27 19:03 - 2010-02-08 21:37 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-27 19:03 - 2009-05-19 22:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-27 19:02 - 2009-05-19 22:45 - 00000178 ___SH C:\Documents and Settings\Krzysiek\ntuser.ini 2015-08-27 19:02 - 2009-05-19 22:43 - 00032458 _____ C:\WINDOWS\SchedLgU.Txt 2015-08-27 18:38 - 2010-02-08 21:37 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-27 17:49 - 2009-05-20 12:03 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-27 17:49 - 2009-05-19 14:39 - 00931265 _____ C:\WINDOWS\setupapi.log 2015-08-26 22:23 - 2009-05-19 22:45 - 00000000 ____D C:\Documents and Settings\Krzysiek 2015-08-26 22:22 - 2010-10-27 19:31 - 00000726 _____ C:\WINDOWS\system32\Drivers\etc\hosts.nav 2015-08-26 22:07 - 2009-05-19 22:30 - 00001514 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk 2015-08-26 20:45 - 2012-05-07 22:21 - 00000000 ____D C:\Program Files\WinRAR 2015-08-26 20:32 - 2010-02-08 21:37 - 00000000 ____D C:\Documents and Settings\Krzysiek\Local Settings\Application Data\Temp 2015-08-26 18:47 - 2010-10-27 19:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton 2015-08-26 18:42 - 2009-05-19 14:39 - 00245892 _____ C:\WINDOWS\setupact.log 2015-08-26 18:04 - 2004-08-03 21:00 - 00000266 _____ C:\WINDOWS\system.ini 2015-08-26 17:57 - 2009-07-26 21:00 - 00000116 _____ C:\WINDOWS\NeroDigital.ini 2015-08-26 17:54 - 2004-08-03 21:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl ==================== Files in the root of some directories ======= 2015-08-26 17:56 - 2015-08-26 17:56 - 0003584 _____ () C:\Documents and Settings\Krzysiek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-05-19 22:45 - 2009-05-19 22:45 - 0000131 _____ () C:\Documents and Settings\Krzysiek\Local Settings\Application Data\fusioncache.dat Some files in TEMP: ==================== C:\Documents and Settings\Krzysiek\Local Settings\Temp\avguidx.dll C:\Documents and Settings\Krzysiek\Local Settings\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================