Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 Ran by admin (administrator) on DOM on 28-09-2014 16:14:54 Running from C:\Documents and Settings\admin\Pulpit\stawiamy na nogi kompa Loaded Profile: admin (Available profiles: admin & Administrator) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\WINDOWS\system32\WLTRYSVC.EXE (Broadcom Corporation) C:\WINDOWS\system32\BCMWLTRY.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Broadcom Corporation) C:\WINDOWS\system32\WLTRAY.EXE (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe () C:\WINDOWS\SMINST\Scheduler.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe () C:\WINDOWS\FixCamera.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe () C:\WINDOWS\tsnpstd3.exe () C:\WINDOWS\vsnpstd3.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe () C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Opera Software) C:\Program Files\Opera\opera.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\instup.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1499136 2012-05-12] (Broadcom Corporation) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2007-10-19] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Recguard] => C:\WINDOWS\Sminst\Recguard.exe [1187840 2005-12-20] () HKLM\...\Run: [Reminder] => C:\WINDOWS\Creator\Remind_XP.exe [806912 2006-03-09] () HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [697976 2006-10-09] () HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [454656 2006-02-14] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Cpqset] => C:\Program Files\HPQ\Default Settings\cpqset.exe  @üz@ `(@üz@ HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [FixCamera] => C:\WINDOWS\FixCamera.exe [20480 2007-02-10] () HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [270336 2007-03-10] () HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [827392 2006-09-19] () HKLM\...\Run: [LaunchList] => C:\Program Files\Pinnacle\Studio 8\LaunchList.exe HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software) HKU\S-1-5-21-1343024091-1454471165-1417001333-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1343024091-1454471165-1417001333-1006\...\Run: [Hoolapp Android] => "C:\DOCUME~1\admin\DANEAP~1\HOOLAP~1\Hoolapp.exe" /Minimized HKU\S-1-5-21-1343024091-1454471165-1417001333-1006\...\Run: [ares] => "C:\Program Files\Ares\Ares.exe" -h HKU\S-1-5-21-1343024091-1454471165-1417001333-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1343024091-1454471165-1417001333-1006\...\Run: [Facebook Update] => C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2014-06-11] (Facebook Inc.) Startup: C:\Documents and Settings\admin\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/413 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0AyBtAtDtCtDyC0Ezy0E0FtAtCtN0D0Tzu0CtBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1591006633 SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} SearchScopes: HKLM - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0AyBtAtDtCtDyC0Ezy0E0FtAtCtN0D0Tzu0CtBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1591006633 SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} SearchScopes: HKCU - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0AyBtAtDtCtDyC0Ezy0E0FtAtCtN0D0Tzu0CtBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1591006633 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.100.252 FireFox: ======== FF ProfilePath: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\b1616cfn.default FF SearchEngineOrder.1: Search Results FF Homepage: hxxp://www.searchnu.com/413 FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF user.js: detected! => C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\b1616cfn.default\user.js FF SearchPlugin: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\b1616cfn.default\searchplugins\Search.xml FF SearchPlugin: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\b1616cfn.default\searchplugins\Search_Results.xml FF Extension: Funmoods.com - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\b1616cfn.default\Extensions\ffxtlbr@funmoods.com [2012-08-27] FF Extension: Funmoods New Tab - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\b1616cfn.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2013-10-18] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-01] Chrome: ======= CHR HomePage: Default -> hxxp://www.searchnu.com/413 CHR RestoreOnStartup: Default -> "hxxp://www.searchnu.com/413", "hxxp://www.google.com" CHR NewTab: Default -> "chrome-extension://cjpglkicenollcignonpgiafdgfeehoj/content/newtab/newtab.html" CHR DefaultSearchKeyword: Default -> r CHR DefaultSearchProvider: Default -> Search Results CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=crb&appid=0&systemid=413&sr=0&q={searchTerms} CHR DefaultSuggestURL: Default -> CHR CustomProfile: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Funmoods Chat) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2012-08-27] CHR Extension: (YouTube) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-27] CHR Extension: (Funmoods) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2012-08-27] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-01] CHR Extension: (Gmail) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-01] CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\DOCUME~1\admin\USTAWI~1\DANEAP~1\funmoods.crx [2012-08-26] CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\DOCUME~1\admin\USTAWI~1\DANEAP~1\funmoods-speeddial.crx [2012-08-26] CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\DOCUME~1\admin\USTAWI~1\DANEAP~1\funmoods.crx [2012-08-26] CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\DOCUME~1\admin\USTAWI~1\DANEAP~1\funmoods-speeddial.crx [2012-08-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-01] (AVAST Software) R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [258103 2006-02-15] (Broadcom Corporation.) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed] R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1265664 2012-05-12] (Broadcom Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 arusb(Atheros); C:\WINDOWS\System32\DRIVERS\arusb.sys [601088 2010-04-20] (Atheros Communications, Inc.) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-06-01] () R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-06-01] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-06-01] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-06-01] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-06-01] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-06-01] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-06-01] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-06-01] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [822272 2012-05-12] (Broadcom Corporation) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30363 2006-02-15] (Broadcom Corporation.) [File not signed] R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342570 2006-02-15] (Broadcom Corporation.) [File not signed] R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [30189 2006-02-15] (Broadcom Corporation.) [File not signed] R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57096 2006-02-15] (Broadcom Corporation.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP) R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252544 2007-03-26] (Sonix Co. Ltd.) [File not signed] U1 eabfiltr; No ImagePath S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 16:14 - 2014-09-28 16:15 - 00000000 ____D () C:\FRST 2014-09-28 16:11 - 2014-09-28 16:14 - 00000000 ____D () C:\Documents and Settings\admin\Pulpit\stawiamy na nogi kompa 2014-09-28 16:00 - 2014-09-28 16:00 - 04454454 _____ () C:\Documents and Settings\admin\Pulpit\aa.bmp 2014-09-28 15:26 - 2014-09-28 15:26 - 04454454 _____ () C:\Documents and Settings\admin\Pulpit\a.bmp 2014-09-04 20:46 - 2014-09-04 20:46 - 03072054 _____ () C:\Documents and Settings\admin\Pulpit\błąd przy uruchomieniu.bmp 2014-08-31 20:19 - 2014-08-31 20:19 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 16:15 - 2012-07-27 21:51 - 00000000 ____D () C:\Documents and Settings\admin\Ustawienia lokalne\Temp 2014-09-28 16:12 - 2012-07-27 21:51 - 00000000 ____D () C:\Documents and Settings\admin\Pulpit 2014-09-28 15:58 - 2014-06-11 21:52 - 00001002 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-1454471165-1417001333-1006UA.job 2014-09-28 15:28 - 2012-07-27 20:59 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-09-28 15:25 - 2012-05-12 17:56 - 01325468 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-28 15:23 - 2014-06-01 17:50 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-09-28 15:23 - 2012-05-12 19:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-28 15:23 - 2012-05-12 19:46 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-09-28 15:23 - 2012-05-12 18:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-28 15:23 - 2012-05-12 08:52 - 00000000 ____D () C:\WINDOWS\SMINST 2014-09-28 13:57 - 2014-06-01 17:50 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-09-28 13:56 - 2012-07-30 19:15 - 00000000 ____D () C:\Documents and Settings\admin\Dane aplikacji\Skype 2014-09-28 13:54 - 2008-04-15 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-05 00:07 - 2012-07-27 21:51 - 00000188 ___SH () C:\Documents and Settings\admin\ntuser.ini 2014-09-05 00:07 - 2012-05-12 18:01 - 00032558 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-31 21:58 - 2014-06-11 21:52 - 00000980 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-1454471165-1417001333-1006Core.job 2014-08-31 20:19 - 2012-05-13 22:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype 2014-08-31 20:19 - 2012-05-13 22:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype Some content of TEMP: ==================== C:\Documents and Settings\admin\Ustawienia lokalne\Temp\binkw32.dll C:\Documents and Settings\admin\Ustawienia lokalne\Temp\d2l_Install.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\FreemakeVideoConverter_3.1.1.4.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\ggdrive-menu.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\ggdrive-overlay.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\ICReinstall_aresregular224_Downloader.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\InsMagic.dll C:\Documents and Settings\admin\Ustawienia lokalne\Temp\installhelper.dll C:\Documents and Settings\admin\Ustawienia lokalne\Temp\installstats.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\jre-7u11-windows-i586-iftw.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\jre-7u6-windows-i586-iftw.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\jre-7u60-windows-i586-iftw.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\jre-7u7-windows-i586-iftw.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\jre-7u9-windows-i586-iftw.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\SetupDataMngr_Searchqu.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\setup_wm.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\admin\Ustawienia lokalne\Temp\SRAssetsHelper.dll C:\Documents and Settings\admin\Ustawienia lokalne\Temp\swt-win32-3349.dll C:\Documents and Settings\admin\Ustawienia lokalne\Temp\wisemsg.dll C:\Documents and Settings\jakub\Ustawienia lokalne\Temp\FP_PL_PFS_INSTALLER_32bit.exe C:\Documents and Settings\jakub\Ustawienia lokalne\Temp\fx-runtime.exe C:\Documents and Settings\jakub\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\jakub\Ustawienia lokalne\Temp\Tsu-0208.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================