Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014 Ran by Ania (administrator) on ANIA-DF9A0FC869 on 23-08-2014 11:51:10 Running from C:\Documents and Settings\Ania\Pulpit\fix Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe (Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\wcescomm.exe (Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-03-01] (Realtek Semiconductor Corp.) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\Run: [RegistryMechanic] => C:\Program Files\Registry Mechanic\RegMech.exe /H HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-10-11] (Ahead Software AG) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3000680 2013-11-01] (ALLPlayer Group Ltd.) HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {062d56a2-76d1-11df-a1dc-4d6564696130} - F:\MicroLauncher.exe HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {062d56a3-76d1-11df-a1dc-4d6564696130} - G:\ws.exe HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {2543433a-3e8b-11e0-a453-4d6564696130} - F:\ws.exe HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {37dbf00e-74ff-11e1-a7cd-4d6564696130} - F:\Startme.exe HKU\S-1-5-21-1078081533-1500820517-1801674531-1004\...\MountPoints2: {9a28b876-23e3-11df-a0ad-4d6564696130} - F:\Launcher.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom) FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2010-06-13] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-16] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-04-08] (PC Tools) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [621056 2009-03-04] (Nokia.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3960896 2006-03-31] (Realtek Semiconductor Corp.) S3 e4usbaw; C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [116992 2006-09-19] (Analog Devices Inc.) [File not signed] R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S2 IKANLOADER2; C:\WINDOWS\System32\Drivers\e4ldr.sys [64000 2006-09-15] (Analog Deivces) [File not signed] S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16128 2003-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-23 11:41 - 2014-08-23 11:44 - 00000000 ____D () C:\AdwCleaner 2014-08-22 19:14 - 2014-08-23 11:38 - 00000000 ___SD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-08-22 19:14 - 2014-08-22 19:17 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-08-22 19:14 - 2014-08-22 19:14 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-08-22 19:14 - 2010-03-19 01:56 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-08-22 19:14 - 2010-03-19 01:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft Help 2014-08-22 19:14 - 2009-12-05 16:57 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2014-08-22 19:14 - 2009-12-05 16:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2014-08-22 19:14 - 2009-12-05 16:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start 2014-08-22 19:14 - 2009-12-05 16:57 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-08-22 19:14 - 2009-12-05 16:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2014-08-22 19:14 - 2009-12-05 16:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione 2014-08-22 19:14 - 2009-12-05 16:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-08-22 19:14 - 2009-12-05 16:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty 2014-08-22 19:14 - 2009-12-05 16:07 - 00001599 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk 2014-08-22 19:14 - 2009-12-05 16:07 - 00000792 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk 2014-08-22 19:14 - 2009-12-05 16:07 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria 2014-08-22 19:14 - 2009-12-05 16:07 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-08-22 19:14 - 2009-12-05 16:04 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony 2014-08-22 17:12 - 2014-08-23 11:51 - 00000000 ____D () C:\FRST 2014-08-21 19:04 - 2014-08-21 19:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082114-01.dmp 2014-08-20 20:55 - 2014-08-20 20:55 - 00000570 _____ () C:\Documents and Settings\Ania\Pulpit\go.log 2014-08-20 20:53 - 2014-08-20 20:53 - 02359350 _____ () C:\Documents and Settings\Ania\Pulpit\bez tytułu.bmp 2014-08-20 18:35 - 2014-08-23 11:51 - 00000000 ____D () C:\Documents and Settings\Ania\Pulpit\fix ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-23 11:51 - 2014-08-22 17:12 - 00000000 ____D () C:\FRST 2014-08-23 11:51 - 2014-08-20 18:35 - 00000000 ____D () C:\Documents and Settings\Ania\Pulpit\fix 2014-08-23 11:51 - 2009-12-05 16:12 - 00000000 ____D () C:\Documents and Settings\Ania\Ustawienia lokalne\Temp 2014-08-23 11:49 - 2009-12-05 16:06 - 01306341 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-23 11:47 - 2014-03-22 00:05 - 00000220 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-08-23 11:46 - 2009-12-05 17:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-08-23 11:46 - 2009-12-05 17:00 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-08-23 11:46 - 2009-12-05 16:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-23 11:44 - 2014-08-23 11:41 - 00000000 ____D () C:\AdwCleaner 2014-08-23 11:44 - 2009-12-05 16:57 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-08-23 11:44 - 2009-12-05 16:12 - 00000188 ___SH () C:\Documents and Settings\Ania\ntuser.ini 2014-08-23 11:44 - 2009-12-05 16:12 - 00000000 ___HD () C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji 2014-08-23 11:44 - 2009-12-05 16:11 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-23 11:40 - 2009-12-05 17:49 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2014-08-23 11:40 - 2009-12-05 16:12 - 00000000 ___SD () C:\Documents and Settings\Ania\Ustawienia lokalne\Historia 2014-08-23 11:38 - 2014-08-22 19:14 - 00000000 ___SD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-08-23 11:34 - 2009-12-05 16:57 - 00000000 ___SD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2014-08-23 11:34 - 2009-12-05 16:11 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2014-08-23 11:34 - 2009-12-05 16:10 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2014-08-23 11:09 - 2014-05-10 01:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-23 11:09 - 2009-12-05 16:57 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-08-23 11:09 - 2009-12-05 16:12 - 00000000 __RHD () C:\Documents and Settings\Ania\Dane aplikacji 2014-08-23 11:03 - 2009-12-05 16:36 - 00000000 ____D () C:\Program Files\Adobe 2014-08-23 11:00 - 2009-12-05 16:57 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-08-23 11:00 - 2009-12-05 16:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-22 19:29 - 2009-12-24 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2014-08-22 19:24 - 2013-04-09 22:39 - 00001205 _____ () C:\WINDOWS\setupact.log 2014-08-22 19:24 - 2013-04-06 23:45 - 00269153 _____ () C:\WINDOWS\setupapi.log 2014-08-22 19:24 - 2012-03-23 18:02 - 00002359 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft ActiveSync.lnk 2014-08-22 19:23 - 2006-03-02 14:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-22 19:21 - 2013-04-13 16:25 - 00000000 ____D () C:\Documents and Settings\Ania\Pulpit\kavremover 2014-08-22 19:17 - 2014-08-22 19:14 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-08-22 19:14 - 2014-08-22 19:14 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-08-21 19:04 - 2014-08-21 19:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082114-01.dmp 2014-08-21 19:04 - 2009-12-25 01:55 - 00000000 ____D () C:\WINDOWS\Minidump 2014-08-20 20:55 - 2014-08-20 20:55 - 00000570 _____ () C:\Documents and Settings\Ania\Pulpit\go.log 2014-08-20 20:55 - 2009-12-05 16:12 - 00000000 ____D () C:\Documents and Settings\Ania\Pulpit 2014-08-20 20:53 - 2014-08-20 20:53 - 02359350 _____ () C:\Documents and Settings\Ania\Pulpit\bez tytułu.bmp 2014-08-20 11:59 - 2014-03-22 00:05 - 00000214 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-08-20 11:58 - 2009-12-05 17:45 - 00001374 ____C () C:\WINDOWS\system32\wpa.bak Some content of TEMP: ==================== C:\Documents and Settings\Ania\Ustawienia lokalne\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================