Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014 Ran by Ania (administrator) on ANIA-DF9A0FC869 on 22-08-2014 17:13:23 Running from C:\Documents and Settings\Ania\Pulpit\fix Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe (PC Tools) C:\Program Files\Registry Mechanic\RegMech.exe (Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-03-01] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\Run: [RegistryMechanic] => C:\Program Files\Registry Mechanic\RegMech.exe [3233752 2010-04-08] (PC Tools) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-10-11] (Ahead Software AG) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {062d56a2-76d1-11df-a1dc-4d6564696130} - F:\MicroLauncher.exe HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {062d56a3-76d1-11df-a1dc-4d6564696130} - G:\ws.exe HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {2543433a-3e8b-11e0-a453-4d6564696130} - F:\ws.exe HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {37dbf00e-74ff-11e1-a7cd-4d6564696130} - F:\Startme.exe HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {9a28b876-23e3-11df-a0ad-4d6564696130} - F:\Launcher.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559&CUI=UN34857837451192111 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559 BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> No File BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: BS Player ControlBar Toolbar -> {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -> C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\BS_Player\prxtbBS_2.dll (ClientConnect Ltd.) Toolbar: HKLM - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\BS_Player\prxtbBS_2.dll (ClientConnect Ltd.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - BS Player ControlBar Toolbar - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\BS_Player\prxtbBS_2.dll (ClientConnect Ltd.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab FireFox: ======== FF ProfilePath: C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\52oa5iym.default FF Homepage: hxxp://www.onet.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\52oa5iym.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom) FF Extension: Iplex to ALLPlayer - C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\52oa5iym.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2014-02-01] FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2010-06-13] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-16] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-04-08] (PC Tools) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [621056 2009-03-04] (Nokia.) [File not signed] S2 EraserSvc11311; "C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe" /h ccCommon [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3960896 2006-03-31] (Realtek Semiconductor Corp.) S3 e4usbaw; C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [116992 2006-09-19] (Analog Devices Inc.) [File not signed] R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S2 IKANLOADER2; C:\WINDOWS\System32\Drivers\e4ldr.sys [64000 2006-09-15] (Analog Deivces) [File not signed] S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) S3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24160 2013-10-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-10-09] (Kaspersky Lab ZAO) S1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-06-17] (Kaspersky Lab ZAO) S1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145040 2013-04-22] (Kaspersky Lab ZAO) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16128 2003-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc) S0 kl1; system32\DRIVERS\kl1.sys [X] S1 KLIF; system32\DRIVERS\klif.sys [X] S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 17:12 - 2014-08-22 17:13 - 00000000 ____D () C:\FRST 2014-08-21 19:04 - 2014-08-21 19:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082114-01.dmp 2014-08-20 20:55 - 2014-08-20 20:55 - 00000570 _____ () C:\Documents and Settings\Ania\Pulpit\go.log 2014-08-20 20:53 - 2014-08-20 20:53 - 02359350 _____ () C:\Documents and Settings\Ania\Pulpit\bez tytułu.bmp 2014-08-20 18:35 - 2014-08-22 17:13 - 00000000 ____D () C:\Documents and Settings\Ania\Pulpit\fix ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 17:13 - 2014-08-22 17:12 - 00000000 ____D () C:\FRST 2014-08-22 17:13 - 2014-08-20 18:35 - 00000000 ____D () C:\Documents and Settings\Ania\Pulpit\fix 2014-08-22 17:13 - 2009-12-05 16:12 - 00000000 ____D () C:\Documents and Settings\Ania\Ustawienia lokalne\Temp 2014-08-22 17:09 - 2009-12-05 16:06 - 01266575 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-22 17:08 - 2014-03-22 00:05 - 00000220 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-08-22 17:08 - 2009-12-05 17:49 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2014-08-22 17:08 - 2009-12-05 17:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-08-22 17:08 - 2009-12-05 17:00 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-08-22 17:08 - 2009-12-05 16:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-21 21:02 - 2009-12-05 16:11 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-21 21:01 - 2009-12-05 16:12 - 00000188 ___SH () C:\Documents and Settings\Ania\ntuser.ini 2014-08-21 19:04 - 2014-08-21 19:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082114-01.dmp 2014-08-21 18:08 - 2006-03-02 14:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-20 20:55 - 2014-08-20 20:55 - 00000570 _____ () C:\Documents and Settings\Ania\Pulpit\go.log 2014-08-20 20:55 - 2009-12-05 16:12 - 00000000 ____D () C:\Documents and Settings\Ania\Pulpit 2014-08-20 20:53 - 2014-08-20 20:53 - 02359350 _____ () C:\Documents and Settings\Ania\Pulpit\bez tytułu.bmp 2014-08-20 11:59 - 2014-03-22 00:05 - 00000214 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-08-20 11:58 - 2009-12-05 17:45 - 00001374 ____C () C:\WINDOWS\system32\wpa.bak 2014-08-20 11:41 - 2013-04-09 22:39 - 00001089 _____ () C:\WINDOWS\setupact.log 2014-08-20 11:41 - 2013-04-06 23:45 - 00259348 _____ () C:\WINDOWS\setupapi.log Some content of TEMP: ==================== C:\Documents and Settings\Ania\Ustawienia lokalne\Temp\PC-Suite.exe C:\Documents and Settings\Ania\Ustawienia lokalne\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================