Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2013 Ran by SYSTEM on 03-05-2013 18:05:45 Running from F:\ Windows Vista (TM) Home Premium (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM\...\Winlogon: [System] HKU\Ja\...\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [x] HKU\Ja\...\Run: [ChomikBox] C:\Program Files\ChomikBox\chomikbox.exe [ 2012-11-15] ( ) SSODL: EldosMountNotificator-cbfs4-0 - {AFD1120B-48AB-443B-8BAD-C5F12D0A3D58} - C:\Program Files\Common Files\CBFS\cbfsMntNtf4.dll (EldoS Corporation) ========================== Services (Whitelisted) ================= S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-29] (Flexera Software, Inc.) S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () ==================== Drivers (Whitelisted) ==================== S0 3b9ca2b195fd5875; C:\Windows\System32\Drivers\3b9ca2b195fd5875.sys [61312 2013-05-01] () <===== ATTENTION S4 3f91e68f99f2bd05; C:\Windows\System32\Drivers\3f91e68f99f2bd05.sys [61312 2013-05-01] () S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] () S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] () S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [97808 2011-03-30] (Advanced Micro Devices) S1 cbfs4-0; C:\Program Files\Common Files\CBFS\cbfs4.sys [315480 2012-12-24] (EldoS Corporation) S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16896 2010-05-12] (Danish Wireless Design A/S) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] () S3 qpavstrm; C:\Windows\System32\DRIVERS\qpavstrm.sys [595200 2012-04-11] (Sigma Designs, Inc.) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-04-24] (Duplex Secure Ltd.) S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [71539 2007-08-11] (Microsoft Corporation) S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1102848 2009-10-21] (VIA Technologies, Inc.) S3 EagleXNt; \??\C:\Users\Ja\AppData\Local\temp\EagleXNt.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No Registry Path. ==================== One Month Created Files and Folders ======== 2013-05-03 16:10 - 2013-05-03 16:11 - 126310400 ____A C:\Users\Ja\Documents\RepairDiscWindowsVista32-bit.iso 2013-05-03 14:58 - 2013-05-03 14:58 - 00000000 ____D C:\FRST 2013-05-03 04:11 - 2013-05-03 04:11 - 00000000 ____D C:\Users\Ja\AppData\Local\CrashDumps 2013-05-03 02:23 - 2013-05-03 16:50 - 00000000 ____D C:\Users\Ja\.gstreamer-0.10 2013-05-02 21:59 - 2013-05-02 21:59 - 00003616 ____A C:\AdwCleaner[S1].txt 2013-05-01 16:46 - 2013-05-01 18:13 - 00000000 ____D C:\Users\Ja\Desktop\UEFA.CL.Real.Madrid.vs.Borussia.Dortmund.30.04.2013.HDTV.720p.x264.German-MM 2013-05-01 01:17 - 2013-05-01 01:17 - 00061312 ____A C:\Windows\System32\Drivers\3f91e68f99f2bd05.sys 2013-05-01 01:15 - 2013-05-01 01:15 - 00061312 ____A C:\Windows\System32\Drivers\3b9ca2b195fd5875.sys 2013-04-12 11:26 - 2013-04-12 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-04-10 19:07 - 2013-02-22 05:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 19:07 - 2013-02-22 04:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 19:07 - 2013-02-22 04:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 19:07 - 2013-02-22 04:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 19:07 - 2013-02-22 04:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 19:07 - 2013-02-22 04:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-10 19:07 - 2013-02-22 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-10 19:07 - 2013-02-22 04:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 19:07 - 2013-02-22 04:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 19:07 - 2013-02-22 04:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-10 19:07 - 2013-02-22 04:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-10 19:07 - 2013-02-22 04:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 19:07 - 2013-02-22 04:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 19:07 - 2013-02-22 04:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 19:07 - 2013-02-22 04:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-10 19:07 - 2013-02-22 04:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 19:06 - 2013-04-10 19:06 - 00000118 ____A C:\Windows\System32\MRT.INI 2013-04-10 12:11 - 2013-03-11 14:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-10 12:11 - 2013-03-11 14:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 12:11 - 2013-03-09 04:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 12:11 - 2013-03-09 02:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 12:11 - 2013-03-08 04:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-04-10 12:11 - 2013-03-08 04:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 12:11 - 2013-03-05 02:40 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 12:11 - 2013-03-03 20:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======== 2013-05-04 02:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\LogFiles 2013-05-03 17:00 - 2006-11-02 14:01 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-03 17:00 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-03 17:00 - 2006-11-02 13:47 - 00004192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-03 17:00 - 2006-11-02 13:47 - 00004192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-03 16:51 - 2012-11-24 03:29 - 00000000 ____D C:\Users\Ja\AppData\Local\ChomikBox 2013-05-03 16:50 - 2013-05-03 02:23 - 00000000 ____D C:\Users\Ja\.gstreamer-0.10 2013-05-03 16:11 - 2013-05-03 16:10 - 126310400 ____A C:\Users\Ja\Documents\RepairDiscWindowsVista32-bit.iso 2013-05-03 14:58 - 2013-05-03 14:58 - 00000000 ____D C:\FRST 2013-05-03 14:55 - 2008-01-21 02:35 - 01217372 ____A C:\Windows\WindowsUpdate.log 2013-05-03 14:42 - 2008-01-21 03:47 - 06961982 ____A C:\Windows\PFRO.log 2013-05-03 14:40 - 2012-07-22 11:59 - 00000000 ____D C:\Users\Ja\Documents\filmy 2013-05-03 13:15 - 2008-01-21 07:24 - 01607950 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-03 13:15 - 2008-01-21 07:24 - 00711974 ____A C:\Windows\System32\perfh015.dat 2013-05-03 13:15 - 2008-01-21 07:24 - 00149960 ____A C:\Windows\System32\perfc015.dat 2013-05-03 04:11 - 2013-05-03 04:11 - 00000000 ____D C:\Users\Ja\AppData\Local\CrashDumps 2013-05-03 03:14 - 2012-07-05 11:55 - 00000000 ____D C:\Nexon 2013-05-03 02:27 - 2012-05-12 14:44 - 00000000 ____D C:\Users\Ja\Documents\Antywirusy 2013-05-03 02:24 - 2011-07-25 15:27 - 00091480 ____A C:\Users\Ja\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-03 02:23 - 2011-07-25 15:26 - 00000000 ____D C:\users\Ja 2013-05-03 02:21 - 2006-11-02 13:47 - 00341344 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-03 02:03 - 2009-08-05 15:46 - 00000000 ____D C:\Users\Ja\Desktop\Programy 2013-05-02 21:59 - 2013-05-02 21:59 - 00003616 ____A C:\AdwCleaner[S1].txt 2013-05-02 17:04 - 2011-09-10 14:41 - 00000000 ____D C:\Program Files\Google 2013-05-02 16:53 - 2012-04-04 09:43 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-02 16:53 - 2011-07-25 16:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-02 16:52 - 2011-07-25 16:15 - 00000000 ____D C:ProgramData\Adobe 2013-05-02 16:49 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\Performance 2013-05-01 23:50 - 2012-05-28 22:48 - 00000000 ___RD C:\Users\Ja\Documents\pi³ka 2013-05-01 18:13 - 2013-05-01 16:46 - 00000000 ____D C:\Users\Ja\Desktop\UEFA.CL.Real.Madrid.vs.Borussia.Dortmund.30.04.2013.HDTV.720p.x264.German-MM 2013-05-01 16:46 - 2013-03-17 12:07 - 00000000 ____D C:\Users\Ja\Desktop\My Shared Folder 2013-05-01 01:17 - 2013-05-01 01:17 - 00061312 ____A C:\Windows\System32\Drivers\3f91e68f99f2bd05.sys 2013-05-01 01:17 - 2011-08-20 23:47 - 00000000 ____D C:\Windows\Minidump 2013-05-01 01:15 - 2013-05-01 01:15 - 00061312 ____A C:\Windows\System32\Drivers\3b9ca2b195fd5875.sys 2013-04-25 00:38 - 2010-07-14 23:33 - 00000000 ____D C:\Users\Ja\Documents\Any Video Converter 2013-04-24 14:01 - 2012-11-25 04:50 - 00466008 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys 2013-04-24 13:48 - 2012-05-12 01:08 - 00054272 ____A C:\Users\Ja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-04-24 01:49 - 2011-10-06 15:27 - 00000182 ____A C:\Users\Ja\AppData\Roaming\default.rss 2013-04-24 01:49 - 2011-10-06 15:23 - 00000069 ____A C:\Windows\NeroDigital.ini 2013-04-18 22:03 - 2011-06-13 14:14 - 00000000 ____D C:\Users\Ja\Documents\MARIUSZ 2013-04-15 14:27 - 2011-07-27 15:29 - 00000000 ____D C:\Users\Ja\AppData\Roaming\ipla 2013-04-12 11:51 - 2013-04-12 11:26 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-04-10 19:06 - 2013-04-10 19:06 - 00000118 ____A C:\Windows\System32\MRT.INI 2013-04-10 18:58 - 2006-11-02 11:24 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-02 21:34:00 Restore point made on: 2013-05-02 21:34:30 ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 2046.5 MB Available physical RAM: 1633.79 MB Total Pagefile: 1862.25 MB Available Pagefile: 1710.18 MB Total Virtual: 2047.88 MB Available Virtual: 1981.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.88 GB) (Free:122.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (LRMCFRE_PL_DVD) (CDROM) (Total:2.92 GB) (Free:0 GB) CDFS Drive f: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:192.04 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Dysk ### Stan Rozmiar Wolne Dyn Gpt -------- ---------- ------- ------- --- --- Dysk 0 Online 233 GB 1177 KB Dysk 1 Online 932 GB 1528 KB Dysk 2 Brak no˜ni 0 B 0 B Dysk 3 Brak no˜ni 0 B 0 B Dysk 4 Brak no˜ni 0 B 0 B Dysk 5 Brak no˜ni 0 B 0 B Partitions of Disk 0: =============== Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 233 GB 1024 KB ================================================================================== Disk: 0 Partycja 1 Typ : 07 Ukryta: Nie Aktywna: Tak Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 6 C NTFS Partycja 233 GB Zdrowy ========================================================= Partitions of Disk 1: =============== Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 932 GB 32 KB ================================================================================== Disk: 1 Partycja 1 Typ : 07 Ukryta: Nie Aktywna: Nie Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 7 F FreeAgent D NTFS Partycja 932 GB Zdrowy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 233 GB) (Disk ID: 9430BC52) Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 4C2B4421) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) Last Boot: 2013-05-03 16:55 ==================== End Of Log ============================