Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 02 Ran by Gręzak (administrator) on PIOTR-EA63B5738 on 19-01-2014 17:00:57 Running from C:\Documents and Settings\Gręzak\Moje dokumenty\Pobieranie Microsoft Windows XP Home Edition Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Nero AG) C:\Program Files\Ahead\InCD\InCDsrv.exe (Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (CST) C:\Program Files\lg_fwupdate\fwupdate.exe (Cyberlink Corp.) C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Nero AG) C:\Program Files\Ahead\InCD\InCD.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe () C:\Program Files\Mobogenie\DaemonProcess.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Software 2000 Limited) C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe () C:\Program Files\Mobogenie\mgusb.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [4583424 2004-09-20] (NVIDIA Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2004-09-20] (NVIDIA Corporation) HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\fwupdate.exe [229376 2005-04-12] (CST) HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.) HKLM\...\Run: [InCD] - C:\Program Files\Ahead\InCD\InCD.exe [1397760 2005-06-10] (Nero AG) HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [738496 2013-10-18] () HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK RTL8185 Wireless LAN Utility.lnk ShortcutTarget: REALTEK RTL8185 Wireless LAN Utility.lnk -> C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) Startup: C:\Documents and Settings\Gręzak\Menu Start\Programy\Autostart\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1388949453&from=cor&uid=ST3160023A_4JS04SS8 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1388949453&from=cor&uid=ST3160023A_4JS04SS8&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1388949453&from=cor&uid=ST3160023A_4JS04SS8 SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 10.0.10.10 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Gręzak\Dane aplikacji\Mozilla\Firefox\Profiles\wgksw8kg.default-1390146086000 FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml FF Extension: Widget context - C:\Documents and Settings\Gręzak\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-01-19] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.sweet-page.com/?type=sc&ts=1388949453&from=cor&uid=ST3160023A_4JS04SS8 Chrome: ======= CHR Extension: (No Name) - C:\Documents and Settings\Gręzak\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-01-19] CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Documents and Settings\Gręzak\Dane aplikacji\BabSolution\CR\Delta.crx [2013-09-13] ========================== Services (Whitelisted) ================= R2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [869888 2005-06-10] (Nero AG) R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation) S2 uploadmgr; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-06-28] (Cisco Systems, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-05] (Disc Soft Ltd) R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation) R4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [99584 2005-06-10] (Nero AG) R1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [29696 2005-06-10] (Nero AG) U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [8704 2005-06-10] (Nero AG) R1 incdrm; C:\Windows\System32\Drivers\incdrm.sys [28160 2005-06-10] (Nero AG) R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.) S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks) S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-08-04] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-01-05] (Duplex Secure Ltd.) U3 afll453l; C:\Windows\System32\Drivers\afll453l.sys [0 ] (Microsoft Corporation) R3 catchme; \??\C:\ComboFix\catchme.sys [x] U3 TlntSvr; U3 mbr; \??\C:\DOCUME~1\GRZAK~1\USTAWI~1\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) ===================