Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014 Ran by Administrator (administrator) on KAZKUS-3C9A562F on 04-05-2014 12:52:08 Running from C:\Documents and Settings\Administrator\Pulpit\Diagnostyka Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ABBYY Production LLC) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe () C:\WINDOWS\system32\G-vga.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Robert Łajka & Pawel Porwisz) C:\totalcmd\TC UP.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE (Mozilla Corporation) C:\Program Files\Aurora\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd HKLM\...\Run: [ATIPTA] => C:\WINDOWS\system32\atiptaxx.exe [344064 2006-02-22] (ATI Technologies, Inc.) HKLM\...\Run: [VGAUtil] => C:\WINDOWS\system32\G-VGA.exe [544768 2003-10-08] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2014-02-03] (AVAST Software) HKLM\...\Run: [RegistryMechanic] => [X] Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1060284298-839522115-1177238915-500\...\Run: [uTorrent] => f:\AUTO\uT\uTorrent.exe [1141328 2014-05-03] (BitTorrent Inc.) ==================== Internet (Whitelisted) ==================== BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cmjrjl69.default FF Homepage: google.pl FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: uTorrentControl_v6 - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cmjrjl69.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2014-02-03] FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\cmjrjl69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-03] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Aurora\firefox.exe ========================== Services (Whitelisted) ================= R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2008-04-15] (Microsoft Corporation) R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [764216 2013-06-14] (ABBYY Production LLC) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-09-15] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-03] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-03] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2014-02-03] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-02-03] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-03] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-02-03] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2014-02-03] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2014-02-03] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-03] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [178304 2014-02-03] () R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [27600 2011-10-30] (CrystalIdea Software) R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [812416 2004-01-08] (C-Media Inc) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [41984 2003-11-11] (VIA Technologies, Inc. ) R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2009-06-30] (Microsoft Corporation) R2 GVCplDrv; C:\WINDOWS\system32\Drivers\GVCplDrv.sys [22880 2003-09-30] () S3 NTSIM; C:\WINDOWS\system32\ntsim.sys [7040 2003-07-17] (VIA Networking Technologies, Inc. ) R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [225856 2008-06-20] (Microsoft Corporation) R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.) S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X] S3 GAGPDrv; No ImagePath S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-04 12:49 - 2014-05-04 12:52 - 00000000 ____D () C:\FRST 2014-05-04 12:46 - 2014-05-04 12:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Diagnostyka 2014-05-04 12:14 - 2014-05-04 12:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\0F1F1C2Y1H1P1C0I0T 2014-05-04 12:08 - 2014-05-04 12:43 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-03 12:53 - 2014-05-04 12:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Pobrane 2014-05-03 12:51 - 2014-05-03 12:51 - 00000665 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Aurora.lnk 2014-05-03 12:51 - 2014-05-03 12:51 - 00000659 _____ () C:\Documents and Settings\All Users\Pulpit\Aurora.lnk 2014-05-03 12:50 - 2014-05-03 12:50 - 00000000 ____D () C:\Program Files\Aurora 2014-05-03 12:41 - 2014-05-03 12:42 - 00000009 _____ () C:\END 2014-05-03 12:40 - 2014-05-04 12:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2014-05-02 15:18 - 2014-05-02 15:18 - 00000749 _____ () C:\Documents and Settings\All Users\Pulpit\Metin2.lnk 2014-05-02 15:18 - 2014-05-02 15:18 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Metin2 2014-05-01 16:39 - 2014-05-01 16:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Gameforge4d 2014-05-01 16:38 - 2014-05-02 00:37 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Gameforge Live 2014-04-30 23:29 - 2014-05-03 22:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Gameforge Live 2014-04-24 23:23 - 2014-05-04 01:26 - 00000764 _____ () C:\m.txt 2014-04-23 20:12 - 2014-04-23 20:12 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\QFX Software 2014-04-23 20:12 - 2014-04-23 20:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\QFX Software 2014-04-23 19:55 - 2014-05-03 15:31 - 00000072 _____ () C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument tekstowy.txt 2014-04-09 23:09 - 2014-04-09 23:09 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\AVAST Software ==================== One Month Modified Files and Folders ======= 2014-05-04 12:52 - 2014-05-04 12:49 - 00000000 ____D () C:\FRST 2014-05-04 12:52 - 2014-05-04 12:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Diagnostyka 2014-05-04 12:46 - 2014-02-03 18:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-05-04 12:43 - 2014-05-04 12:08 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-04 12:33 - 2014-05-03 12:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Pobrane 2014-05-04 12:14 - 2014-05-04 12:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\0F1F1C2Y1H1P1C0I0T 2014-05-04 12:14 - 2014-02-03 18:42 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-05-04 12:14 - 2014-02-03 18:13 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2014-05-04 12:14 - 2014-02-03 18:13 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty 2014-05-04 12:14 - 2014-02-03 15:49 - 01141328 _____ (BitTorrent Inc.) C:\Documents and Settings\Administrator\Moje dokumenty\utorrent [1].exe 2014-05-04 12:11 - 2014-05-03 12:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2014-05-04 12:09 - 2014-02-03 18:13 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-05-04 12:08 - 2014-02-03 20:37 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-05-04 12:08 - 2014-02-03 20:37 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-05-04 12:08 - 2014-02-03 16:55 - 01249687 ____N () C:\WINDOWS\WindowsUpdate.log 2014-05-04 12:02 - 2014-02-03 18:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-04 12:02 - 2014-02-03 17:46 - 00000159 ____N () C:\WINDOWS\wiadebug.log 2014-05-04 12:02 - 2014-02-03 17:46 - 00000050 ____N () C:\WINDOWS\wiaservc.log 2014-05-04 12:01 - 2014-02-03 18:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-04 01:27 - 2014-02-03 18:12 - 00032412 ____N () C:\WINDOWS\SchedLgU.Txt 2014-05-04 01:26 - 2014-04-24 23:23 - 00000764 _____ () C:\m.txt 2014-05-04 01:26 - 2014-02-03 18:13 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-05-03 22:43 - 2014-04-30 23:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Gameforge Live 2014-05-03 21:27 - 2014-02-03 16:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie 2014-05-03 15:31 - 2014-04-23 19:55 - 00000072 _____ () C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument tekstowy.txt 2014-05-03 12:51 - 2014-05-03 12:51 - 00000665 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Aurora.lnk 2014-05-03 12:51 - 2014-05-03 12:51 - 00000659 _____ () C:\Documents and Settings\All Users\Pulpit\Aurora.lnk 2014-05-03 12:51 - 2014-02-03 17:42 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-05-03 12:51 - 2014-02-03 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-05-03 12:50 - 2014-05-03 12:50 - 00000000 ____D () C:\Program Files\Aurora 2014-05-03 12:49 - 2014-02-05 21:39 - 00000258 _____ () C:\Documents and Settings\Administrator\Pulpit\pp.txt 2014-05-03 12:42 - 2014-05-03 12:41 - 00000009 _____ () C:\END 2014-05-02 16:30 - 2014-03-01 14:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\7data 2014-05-02 15:18 - 2014-05-02 15:18 - 00000749 _____ () C:\Documents and Settings\All Users\Pulpit\Metin2.lnk 2014-05-02 15:18 - 2014-05-02 15:18 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Metin2 2014-05-02 12:30 - 2008-04-15 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-02 00:37 - 2014-05-01 16:38 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Gameforge Live 2014-05-01 23:47 - 2014-02-03 20:32 - 00002513 _____ () C:\Documents and Settings\Administrator\Pulpit\Microsoft Office Word 2007.lnk 2014-05-01 16:39 - 2014-05-01 16:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Gameforge4d 2014-05-01 16:39 - 2014-02-03 18:13 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-05-01 11:29 - 2014-02-05 19:43 - 00000000 __SHD () C:\WINDOWS\CSC 2014-04-28 22:16 - 2014-02-03 18:37 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-04-28 21:42 - 2014-03-30 21:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\ZUS 2014-04-23 20:12 - 2014-04-23 20:12 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\QFX Software 2014-04-23 20:12 - 2014-04-23 20:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\QFX Software 2014-04-23 20:12 - 2014-02-03 17:42 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-04-20 16:39 - 2014-03-17 21:05 - 00000000 ____D () C:\Program Files\ABBYY PDF Transformer 3.0 2014-04-20 00:42 - 2014-02-03 18:13 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-04-14 18:02 - 2014-03-16 19:12 - 00002315 _____ () C:\Documents and Settings\All Users\Pulpit\PaperPort.lnk 2014-04-10 18:50 - 2014-02-06 00:07 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-10 18:38 - 2014-02-06 00:06 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-09 23:09 - 2014-04-09 23:09 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\AVAST Software Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\utt1E.tmp.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\WINDOWS\system32\User32.dll [2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 14:00] - [2008-04-15 14:00] - 0399360 ____A (Microsoft Corporation) 02396dab9dd407b06539981f477f3fec ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================