Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014 Ran by Ja (administrator) on DARIA on 04-12-2014 16:20:27 Running from C:\Documents and Settings\Ja\Pulpit Loaded Profile: Ja (Available profiles: Ja) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\userinit.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-12-01] (Realtek Semiconductor Corp.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1060284298-796845957-1417001333-1005\...\MountPoints2: {641c1265-f879-11e3-9d2a-001109edb03c} - H:\LGAutoRun.exe HKU\S-1-5-21-1060284298-796845957-1417001333-1005\...\MountPoints2: {9de11fe5-9e2c-11e2-a4cb-806d6172696f} - F:\Setup.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-1060284298-796845957-1417001333-1005] => Internet Explorer proxy is enabled. HKU\S-1-5-21-1060284298-796845957-1417001333-1005\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140911 HKU\S-1-5-21-1060284298-796845957-1417001333-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140911 URLSearchHook: HKU\S-1-5-21-1060284298-796845957-1417001333-1005 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) URLSearchHook: HKU\S-1-5-21-1060284298-796845957-1417001333-1005 - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Livebox\SearchURLHook\SearchPageURL.dll () HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing. BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\77ayvyou.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\77ayvyou.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-08] FF Extension: SmarterPower 1.0.1 - C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\77ayvyou.default\Extensions\{c393de5d-8149-4434-ab91-01ec8ea15264}.xpi [2014-11-30] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [425984 2004-12-01] (ATI Technologies Inc.) [File not signed] S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed] S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed] S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-04-08] (Oracle Corporation) S2 MaintainerSvc7.71.837357; C:\Documents and Settings\All Users\Dane aplikacji\66d59f5c-9429-4c86-9f63-c339daeaabaf\maintainer.exe [123680 2014-12-02] () S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S2 Util SmarterPower; "C:\Program Files\SmarterPower\bin\utilSmarterPower.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2300928 2004-12-01] (Realtek Semiconductor Corp.) S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [35840 2004-10-21] (Advanced Micro Devices) S3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [928256 2004-12-01] (ATI Technologies Inc.) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP) R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [87936 2004-12-07] (NVIDIA Corporation) S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33408 2004-11-24] (NVIDIA Corporation) S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-11-24] (NVIDIA Corporation) S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2003-09-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2006-03-01] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S1 {24616444-765b-4b21-a0d9-3f0c17b29bfe}t; C:\WINDOWS\System32\drivers\{24616444-765b-4b21-a0d9-3f0c17b29bfe}t.sys [55872 2014-11-28] (StdLib) S1 {29b7765c-96a7-42da-b89f-2a7b5f6b5cba}t; C:\WINDOWS\System32\drivers\{29b7765c-96a7-42da-b89f-2a7b5f6b5cba}t.sys [55872 2014-11-30] (StdLib) S1 {397e3208-0393-47ca-9748-370b27e14021}t; C:\WINDOWS\System32\drivers\{397e3208-0393-47ca-9748-370b27e14021}t.sys [55832 2014-10-19] (StdLib) S1 {4059f7a9-d023-4137-a1c8-01f0f6fe6110}t; C:\WINDOWS\System32\drivers\{4059f7a9-d023-4137-a1c8-01f0f6fe6110}t.sys [55832 2014-10-20] (StdLib) S1 {55825785-0831-456c-8958-bd781398505d}t; C:\WINDOWS\System32\drivers\{55825785-0831-456c-8958-bd781398505d}t.sys [55872 2014-11-26] (StdLib) S1 {5eeb83d0-96ea-4249-942c-beead6847053}t; C:\WINDOWS\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}t.sys [55064 2014-09-12] (StdLib) S1 {632916e0-3570-41b8-afb5-b10d86ad94c7}t; C:\WINDOWS\System32\drivers\{632916e0-3570-41b8-afb5-b10d86ad94c7}t.sys [55832 2014-10-21] (StdLib) S1 {71d5e150-c72b-4e5b-a773-e49420251642}t; C:\WINDOWS\System32\drivers\{71d5e150-c72b-4e5b-a773-e49420251642}t.sys [55832 2014-10-22] (StdLib) S1 {8e282837-b584-46f4-a220-bfdd4678d061}t; C:\WINDOWS\System32\drivers\{8e282837-b584-46f4-a220-bfdd4678d061}t.sys [55872 2014-12-01] (StdLib) S1 {98a55059-ac5d-40d9-81ae-6bff294c9b89}t; C:\WINDOWS\System32\drivers\{98a55059-ac5d-40d9-81ae-6bff294c9b89}t.sys [55832 2014-10-19] (StdLib) S1 {c28516e7-f1f3-4437-81ce-ec213355cd9c}t; C:\WINDOWS\System32\drivers\{c28516e7-f1f3-4437-81ce-ec213355cd9c}t.sys [55872 2014-12-01] (StdLib) S1 {c393de5d-8149-4434-ab91-01ec8ea15264}t; C:\WINDOWS\System32\drivers\{c393de5d-8149-4434-ab91-01ec8ea15264}t.sys [55872 2014-11-30] (StdLib) S1 {d0ee745f-6f92-44ac-a7b8-87dfc4a60a3a}t; C:\WINDOWS\System32\drivers\{d0ee745f-6f92-44ac-a7b8-87dfc4a60a3a}t.sys [55872 2014-11-29] (StdLib) S1 {e168bb47-74a7-440b-bf7d-d17153007d6b}t; C:\WINDOWS\System32\drivers\{e168bb47-74a7-440b-bf7d-d17153007d6b}t.sys [55832 2014-10-11] (StdLib) S1 {efa349b9-003c-4506-9e55-957c1cff853c}t; C:\WINDOWS\System32\drivers\{efa349b9-003c-4506-9e55-957c1cff853c}t.sys [55832 2014-10-22] (StdLib) S1 {f06ee1ad-d0c2-4bf7-ada2-fa0fb563c169}t; C:\WINDOWS\System32\drivers\{f06ee1ad-d0c2-4bf7-ada2-fa0fb563c169}t.sys [55832 2014-10-15] (StdLib) S1 {fa50efa5-2c2a-4d8c-b58d-b9548ceccd2b}t; C:\WINDOWS\System32\drivers\{fa50efa5-2c2a-4d8c-b58d-b9548ceccd2b}t.sys [55832 2014-10-11] (StdLib) S1 {fc8e6a5c-9413-4b64-b2fd-0aad0e9e50eb}t; C:\WINDOWS\System32\drivers\{fc8e6a5c-9413-4b64-b2fd-0aad0e9e50eb}t.sys [55832 2014-10-16] (StdLib) S1 {fec0fd95-7a4f-4f0e-93f4-63bcf3ad1706}t; C:\WINDOWS\System32\drivers\{fec0fd95-7a4f-4f0e-93f4-63bcf3ad1706}t.sys [55832 2014-10-13] (StdLib) S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X] S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X] S4 IntelIde; No ImagePath S3 KUsbGuard; \??\C:\program files\kingsoft\kingsoft antivirus\kusbquery.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 16:20 - 2014-12-04 16:20 - 00011693 _____ () C:\Documents and Settings\Ja\Pulpit\FRST.txt 2014-12-04 16:19 - 2014-12-04 16:19 - 00000000 ____D () C:\Documents and Settings\Ja\Pulpit\Nowy folder (2) 2014-12-04 16:16 - 2014-12-04 16:16 - 01110016 _____ (Farbar) C:\Documents and Settings\Ja\Pulpit\FRST.exe 2014-12-04 16:16 - 2014-12-04 16:16 - 00000000 ____D () C:\FRST 2014-12-04 16:00 - 2014-12-04 16:00 - 00000000 ____D () C:\Documents and Settings\Ja\Pulpit\bluescreenview 2014-12-04 15:59 - 2014-12-04 15:59 - 00005420 _____ () C:\WINDOWS\setupapi.log 2014-12-04 15:54 - 2014-12-04 15:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini120414-01.dmp 2014-12-04 15:10 - 2008-04-14 21:41 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys 2014-12-02 08:11 - 2014-12-01 19:23 - 00055872 _____ (StdLib) C:\WINDOWS\system32\Drivers\{8e282837-b584-46f4-a220-bfdd4678d061}t.sys 2014-12-01 19:32 - 2014-12-01 06:23 - 00055872 _____ (StdLib) C:\WINDOWS\system32\Drivers\{c28516e7-f1f3-4437-81ce-ec213355cd9c}t.sys 2014-12-01 19:21 - 2014-12-01 19:21 - 00000175 _____ () C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2014-12-01 07:46 - 2014-11-30 17:23 - 00055872 _____ (StdLib) C:\WINDOWS\system32\Drivers\{29b7765c-96a7-42da-b89f-2a7b5f6b5cba}t.sys 2014-11-30 16:25 - 2014-11-30 04:30 - 00055872 _____ (StdLib) C:\WINDOWS\system32\Drivers\{c393de5d-8149-4434-ab91-01ec8ea15264}t.sys 2014-11-30 12:47 - 2014-11-29 15:25 - 00055872 _____ (StdLib) C:\WINDOWS\system32\Drivers\{d0ee745f-6f92-44ac-a7b8-87dfc4a60a3a}t.sys 2014-11-28 10:43 - 2014-11-28 00:25 - 00055872 _____ (StdLib) C:\WINDOWS\system32\Drivers\{24616444-765b-4b21-a0d9-3f0c17b29bfe}t.sys 2014-11-27 10:45 - 2014-11-26 21:22 - 00055872 _____ (StdLib) C:\WINDOWS\system32\Drivers\{55825785-0831-456c-8958-bd781398505d}t.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 16:19 - 2013-04-05 20:34 - 00000188 ___SH () C:\Documents and Settings\Ja\ntuser.ini 2014-12-04 16:19 - 2013-04-05 20:27 - 00595786 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-04 15:04 - 2014-09-11 10:23 - 00000424 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410423781.job 2014-12-04 15:04 - 2013-04-05 20:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-04 15:04 - 2013-04-05 20:20 - 00000159 ____N () C:\WINDOWS\wiadebug.log 2014-12-04 14:58 - 2013-04-05 20:33 - 00032526 ____N () C:\WINDOWS\SchedLgU.Txt 2014-12-04 14:58 - 2013-04-05 20:20 - 00000050 ____N () C:\WINDOWS\wiaservc.log 2014-12-04 14:56 - 2008-04-15 12:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-02 08:10 - 2008-04-15 12:00 - 00000710 _____ () C:\WINDOWS\win.ini 2014-12-01 19:38 - 2013-04-08 18:54 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-27 10:42 - 2013-04-08 18:54 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-11-27 10:42 - 2013-04-08 18:54 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\SmarterPowerUntemp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================