Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by Edytka (administrator) on ACER on 05-05-2015 12:23:12
Running from C:\Documents and Settings\Edytka\Pulpit
Loaded Profiles: Edytka (Available profiles: Edytka & Administrator & Gość)
Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 2 (X86) OS Language: Polski
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Broadcom Corporation) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
() C:\WINDOWS\system32\acs.exe
(Broadcom Corporation) C:\WINDOWS\system32\WLTRAY.EXE
(Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
() C:\Program Files\Launch Manager\LaunchAp.exe
() C:\Program Files\Launch Manager\OSDCtrl.exe
() C:\Program Files\Launch Manager\WButton.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe
(OSA Technologies Inc.) C:\Acer\eManager\anbmServ.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
(CryptoTech) C:\WINDOWS\system32\CCPkiWNT.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY
HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [253952 2005-01-31] (Atheros Communications, Inc.)
HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2005-03-30] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\HotkeyApp.exe [69632 2005-06-06] (Wistron)
HKLM\...\Run: [CtrlVol] => C:\Program Files\Launch Manager\CtrlVol.exe [20480 2003-09-16] (Wistron)
HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSDCtrl.exe [241664 2005-06-06] ()
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [81920 2005-06-21] ()
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [102490 2005-02-04] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [708698 2005-02-04] (Synaptics, Inc.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2008-08-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23] (Intel Corporation)
HKU\S-1-5-21-57989841-329068152-725345543-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1667584 2004-08-04] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutorunsDisabled [2015-05-05] ()
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk [2008-07-30]
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-57989841-329068152-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-57989841-329068152-725345543-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
Toolbar: HKU\S-1-5-21-57989841-329068152-725345543-1004 -> No Name - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2004-08-04] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2004-08-04] (Microsoft Corporation)

FireFox:
========
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2010-03-16] ( )

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\WINDOWS\system32\acs.exe [36864 2004-12-27] () [File not signed]
R2 anbmService; C:\Acer\eManager\anbmServ.exe [1287168 2004-08-16] (OSA Technologies Inc.) [File not signed]
R2 btwdins; C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe [258103 2005-05-31] (Broadcom Corporation.) [File not signed]
R2 CCPkiWNT; C:\WINDOWS\system32\CCPkiWNT.exe [94208 2003-12-16] (CryptoTech) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [827499 2004-12-22] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2008-07-30] (Meetinghouse Data Communications) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2008-08-01] (Realtek Semiconductor Corp.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [369024 2004-12-22] (Broadcom Corporation)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1341466 2005-05-31] (Broadcom Corporation.) [File not signed]
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2005-05-31] (Broadcom Corporation.) [File not signed]
R2 BTSLBCSP; C:\WINDOWS\system32\drivers\btslbcsp.sys [222876 2005-05-31] (Broadcom Corporation.) [File not signed]
R1 Hotkey; C:\WINDOWS\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-28] (HP)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [207232 2004-12-15] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 POWERKEY; C:\Program Files\Launch Manager\POWERKEY.sys [2343 2000-12-19] () [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 SCR3xx USB Smart Card Reader; C:\WINDOWS\System32\DRIVERS\SCR3XX2K.sys [47488 2006-11-07] (SCM Microsystems Inc.)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 12:23 - 2015-05-05 12:24 - 00008999 _____ () C:\Documents and Settings\Edytka\Pulpit\FRST.txt
2015-05-05 12:00 - 2015-05-05 11:59 - 00090112 _____ () C:\WINDOWS\Minidump\Mini050515-02.dmp
2015-05-05 11:57 - 2015-05-05 11:57 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-05 11:57 - 2015-05-05 11:56 - 00090112 _____ () C:\WINDOWS\Minidump\Mini050515-01.dmp
2015-05-05 11:41 - 2015-05-05 11:41 - 00000000 ____D () C:\Documents and Settings\Edytka\Pulpit\Autoruns
2015-05-05 11:08 - 2015-05-05 11:08 - 00046027 _____ () C:\Documents and Settings\Edytka\Pulpit\Firefox 3.0.19 (pl) - 2015-05-05.pcv
2015-05-05 11:06 - 2015-05-05 11:06 - 00000702 _____ () C:\Documents and Settings\All Users\Pulpit\MozBackup.lnk
2015-05-05 11:06 - 2015-05-05 11:06 - 00000000 ____D () C:\Program Files\MozBackup
2015-05-05 11:06 - 2015-05-05 11:06 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\MozBackup
2015-05-05 10:47 - 2015-05-05 10:48 - 00741672 _____ (Web software ) C:\Documents and Settings\Edytka\Pulpit\MozBackup(12613)-dp.exe
2015-05-04 01:26 - 2015-04-01 14:38 - 03640880 _____ () C:\Documents and Settings\Edytka\Pulpit\avg_remover_neshta.exe
2015-05-04 00:50 - 2015-05-05 12:23 - 00000000 ____D () C:\FRST
2015-05-03 22:47 - 2015-05-03 22:47 - 00380416 _____ () C:\Documents and Settings\Edytka\Pulpit\kv4ogrjm.exe
2015-05-03 22:45 - 2015-05-03 22:46 - 01140736 _____ (Farbar) C:\Documents and Settings\Edytka\Pulpit\FRST.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 12:24 - 2008-07-30 19:31 - 00000000 ____D () C:\Documents and Settings\Edytka\Ustawienia lokalne\Temp
2015-05-05 12:23 - 2008-07-30 19:31 - 00000000 ____D () C:\Documents and Settings\Edytka\Pulpit
2015-05-05 12:20 - 2008-07-30 19:22 - 00386285 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-05 12:19 - 2008-07-30 21:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-05 12:19 - 2008-07-30 21:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-05-05 12:18 - 2008-07-30 19:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-05 12:16 - 2008-07-30 19:31 - 00000292 ___SH () C:\Documents and Settings\Edytka\ntuser.ini
2015-05-05 11:50 - 2008-07-30 19:29 - 00032384 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-05 11:47 - 2008-07-30 21:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
2015-05-05 11:26 - 2008-07-30 19:31 - 00000000 ___SD () C:\Documents and Settings\Edytka\Ustawienia lokalne\Historia
2015-05-05 11:16 - 2015-03-31 20:59 - 00000000 ___SD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia
2015-05-05 11:16 - 2015-03-31 20:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp
2015-05-05 11:16 - 2008-07-31 12:55 - 00000000 ___SD () C:\Documents and Settings\Gość\Ustawienia lokalne\Historia
2015-05-05 11:14 - 2008-07-30 21:02 - 00000000 ___SD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia
2015-05-05 11:14 - 2008-07-30 19:29 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia
2015-05-05 11:14 - 2008-07-30 19:29 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia
2015-05-05 11:14 - 2008-07-30 19:29 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp
2015-05-05 11:12 - 2008-07-30 19:31 - 00000000 __RHD () C:\Documents and Settings\Edytka\Dane aplikacji
2015-05-05 11:12 - 2008-07-30 19:31 - 00000000 ___HD () C:\Documents and Settings\Edytka\Ustawienia lokalne\Dane aplikacji
2015-05-05 11:09 - 2009-03-07 22:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-05 11:09 - 2008-07-30 21:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2015-05-05 11:09 - 2008-07-30 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2015-05-05 11:07 - 2008-07-30 19:31 - 00000000 ___RD () C:\Documents and Settings\Edytka\Moje dokumenty
2015-05-05 11:03 - 2008-07-31 14:35 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\OpenOffice.org 3.0
2015-05-05 11:01 - 2008-07-30 21:02 - 00000000 ___HD () C:\Documents and Settings\All Users\Szablony
2015-05-05 11:00 - 2008-07-31 14:34 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2015-05-05 10:55 - 2008-07-30 21:02 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2015-05-05 10:54 - 2008-08-01 13:12 - 00000000 ____D () C:\Program Files\Google
2015-05-05 10:43 - 2008-08-01 13:13 - 00000000 ____D () C:\Documents and Settings\Edytka\Ustawienia lokalne\Dane aplikacji\Google
2015-05-05 10:43 - 2008-08-01 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Google
2015-05-05 10:21 - 2008-07-31 14:22 - 00000000 ____D () C:\Program Files\Adobe
2015-05-05 10:20 - 2008-07-31 14:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2015-05-05 10:18 - 2008-07-31 14:24 - 00000000 ____D () C:\Documents and Settings\Edytka\Ustawienia lokalne\Dane aplikacji\Adobe
2015-05-05 10:11 - 2008-07-31 14:38 - 00000000 ____D () C:\Documents and Settings\Edytka\Dane aplikacji\OpenOffice.org3
2015-05-05 10:11 - 2008-07-30 19:31 - 00000000 ___RD () C:\Documents and Settings\Edytka\Menu Start\Programy\Autostart
2015-05-05 10:05 - 2008-08-03 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\HP
2015-05-05 10:00 - 2004-08-04 14:00 - 00013728 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-04 01:25 - 2008-07-30 21:02 - 00683399 _____ () C:\WINDOWS\setupapi.log
2015-05-03 22:41 - 2015-03-31 21:24 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2008-07-30 19:56 - 2012-10-27 22:13 - 0007168 _____ () C:\Documents and Settings\Edytka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-03 09:34 - 2008-08-03 09:34 - 0000131 _____ () C:\Documents and Settings\Edytka\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================