Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015 Ran by Radek (administrator) on XP-RK on 25-06-2015 12:38:41 Running from D:\instalki Loaded Profiles: Radek (Available Profiles: Radek) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Atheros) C:\WINDOWS\system32\acs.exe () C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe () C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE () D:\MEWA\bin\wrapper.exe (Conceiva Pty. Ltd.) C:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe () C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (Sun Microsystems, Inc.) D:\MEWA\jre\bin\java.exe () C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (THOMSON Telecom Belgium) C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE (Creative Technology Ltd.) C:\WINDOWS\V0420Mon.exe () C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe (BitLeader) C:\Program Files\lg_fwupdate\fwupdate.exe (Spotify Ltd) C:\SpotifyWebHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17676288 2008-11-17] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [Six Engine] => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [5634560 2009-02-13] () HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd) HKLM\...\Run: [P17Helper] => Rundll32 SPIRun.dll,RunDLLEntry HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-07-14] (Nero AG) HKLM\...\Run: [LGODDFU] => C:\Program Files\lg_fwupdate\lgfw.exe [27760 2013-05-29] (Bitleader) HKLM\...\Run: [SpeedTouch USB Diagnostics] => C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [877568 2004-08-06] (THOMSON Telecom Belgium) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.) HKLM\...\Run: [V0420Mon.exe] => C:\WINDOWS\V0420Mon.exe [32768 2007-04-30] (Creative Technology Ltd.) HKLM\...\Run: [Family Tree Builder Update] => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [226832 2010-10-31] (MyHeritage) HKLM\...\Run: [BtTray] => C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [278016 2009-02-27] () HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-29] (AVAST Software) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29] (ATI Technologies Inc.) HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\Run: [Spotify Web Helper] => C:\SpotifyWebHelper.exe [2023480 2015-06-25] (Spotify Ltd) HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd) HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {061040d6-3875-11e2-9f86-a19af497879a} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {088cd61e-03bc-11e2-9f65-00248c7ecc1c} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {0b4b9824-9c6f-11de-a184-00248c7ecc1c} - J:\EXPLORER.EXE HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {359abd70-fe39-11e1-9f59-00248c7ecc1c} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {359abd73-fe39-11e1-9f59-0003c980067a} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {3b2be1a2-08a2-11e1-9d76-f00ab765b133} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {5ec78a40-f536-11e1-9f38-b25bb4206242} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {5ec78a43-f536-11e1-9f38-de62a882ab28} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {5ec78a45-f536-11e1-9f38-aa7b36c2130a} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {5ec78a48-f536-11e1-9f38-d1c6f7e8ade9} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {6bf6622e-f598-11e1-9f3b-87cd794e3e01} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {6bf66230-f598-11e1-9f3b-b68c885c2ee4} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {7159f504-fe2c-11e1-9f56-0003c980067a} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {7159f506-fe2c-11e1-9f56-0003c980067a} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {d1e0d9c8-5f44-11e2-9fba-001e101fa7a5} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {d29fc360-f5ef-11e1-9f3c-c7d311223cfb} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {d29fc363-f5ef-11e1-9f3c-ab4d2f1504a7} - I:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {d7040818-f559-11e0-9d5c-a8afeddfaafb} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {d9dbf046-fa18-11e0-9d65-987b5bddc8d4} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {d9dbf048-fa18-11e0-9d65-e8e6f5acc8aa} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {fb22aff6-f8d8-11e0-9d63-a3d3261b4cd9} - K:\AutoRun.exe HKU\S-1-5-21-1343024091-1450960922-725345543-1004\...\MountPoints2: {fb22aff8-f8d8-11e0-9d63-a3bbf83934bf} - K:\AutoRun.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TP-LINK Wireless Configuration Utility.lnk [2013-03-21] ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2014-07-15] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Radek\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Radek\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Radek\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Radek\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm URLSearchHook: HKU\S-1-5-21-1343024091-1450960922-725345543-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) URLSearchHook: HKU\S-1-5-21-1343024091-1450960922-725345543-1004 - MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} SearchScopes: HKU\S-1-5-21-1343024091-1450960922-725345543-1004 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} BHO: MHTBPos00 Class -> {0C37B053-FD68-456a-82E1-D788EE342E6F} -> C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] () DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{5C74C598-1F64-4788-94CC-63AD2BDF892C}: [NameServer] 194.204.152.34,194.204.159.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\q51hgiq4.default FF SearchEngineOrder.1: Yahoo! (Avast) FF Homepage: https://www.google.pl/?gfe_rd=cr&ei=nWK2VPWxKYrz8QPE2IGYBg FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-01] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll [2014-04-01] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-11-14] (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-10-22] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-10-22] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-10-22] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-10-22] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-10-22] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll [2010-07-21] ( ) FF SearchPlugin: C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\q51hgiq4.default\searchplugins\yahoo-avast.xml [2014-05-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-06] FF HKLM\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files\fbphotozoom\fbphotozoom13.xpi Chrome: ======= CHR Profile: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2011-03-31] (Atheros) [File not signed] S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-10-28] () [File not signed] R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-15] (AVAST Software) R2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [850432 2009-02-27] () [File not signed] R3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407 2009-02-27] () [File not signed] R2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2009-02-27] () [File not signed] R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed] R2 eForms_Offline; D:\MEWA\bin\wrapper.exe [204800 2006-10-18] () [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed] S2 gupdate1cabf073e2dc546; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-03-08] (Google Inc.) S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed] S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-03-31] (wireless) [File not signed] R2 Mezzmo; C:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe [4127016 2013-03-29] (Conceiva Pty. Ltd.) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2008-04-15] (Microsoft Corporation) R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1606976 2011-04-12] (Atheros Communications, Inc.) R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] () R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-15] () R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-07-15] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-15] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-15] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-15] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-15] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-15] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-15] () R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices) S3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [14088 2008-12-07] (IVT Corporation.) S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.) R0 BtHidBus; C:\WINDOWS\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.) R3 btnetBUs; C:\WINDOWS\System32\Drivers\btnetBus.sys [30088 2008-12-07] () S3 BTNetFilter; C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-22] (IVT Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation) R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [162176 2006-08-07] (Creative Technology Ltd.) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP) R3 IvtBtBUs; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.) R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2011-03-31] (Atheros Communications, Inc.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-15] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-15] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-15] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-15] (Microsoft Corporation) R3 P17xfi; C:\WINDOWS\System32\drivers\P17xfi.sys [1173504 2006-09-25] (Creative Technology Ltd.) R3 p17xfilt; C:\WINDOWS\System32\drivers\p17xfilt.sys [1659008 2007-03-22] (Sensaura) S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtHDMI.sys [3688960 2008-04-29] (Realtek Semiconductor Corp.) R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [56268 2009-03-15] (PowerISO Computing, Inc.) [File not signed] R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 V0420VID; C:\WINDOWS\System32\DRIVERS\V0420Vid.sys [99648 2007-05-31] (Creative Technology Ltd.) S3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.) R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [31880 2009-01-08] (IVT Corporation.) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2011-03-31] (Atheros Communications, Inc.) [File not signed] U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33800 2008-11-25] (IVT Corporation.) S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-25 11:17 - 2015-06-25 11:49 - 00000000 ____D C:\AdwCleaner 2015-06-24 20:13 - 2015-06-25 12:38 - 00000000 ____D C:\FRST 2015-06-03 08:15 - 2015-06-03 21:00 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-25 12:38 - 2009-09-08 01:23 - 00000000 ____D C:\Documents and Settings\Radek\Ustawienia lokalne\Temp 2015-06-25 12:33 - 2009-09-08 01:14 - 01879668 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-25 12:28 - 2013-05-17 10:55 - 00000000 ____D C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Spotify 2015-06-25 12:28 - 2013-05-17 10:54 - 00000000 ____D C:\Documents and Settings\Radek\Dane aplikacji\Spotify 2015-06-25 12:27 - 2009-09-08 03:02 - 00000000 ___SD C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-06-25 12:09 - 2015-04-29 09:40 - 41287224 _____ C:\libcef.dll 2015-06-25 12:09 - 2015-04-29 09:40 - 10457856 _____ C:\icudtl.dat 2015-06-25 12:09 - 2015-04-29 09:40 - 07415864 _____ (Spotify Ltd) C:\Spotify.exe 2015-06-25 12:09 - 2015-04-29 09:40 - 04253463 _____ C:\devtools_resources.pak 2015-06-25 12:09 - 2015-04-29 09:40 - 03457592 _____ (Microsoft Corporation) C:\d3dcompiler_47.dll 2015-06-25 12:09 - 2015-04-29 09:40 - 02106424 _____ (Microsoft Corporation) C:\d3dcompiler_43.dll 2015-06-25 12:09 - 2015-04-29 09:40 - 02023480 _____ (Spotify Ltd) C:\SpotifyWebHelper.exe 2015-06-25 12:09 - 2015-04-29 09:40 - 02018406 _____ C:\cef.pak 2015-06-25 12:09 - 2015-04-29 09:40 - 01488440 _____ C:\libGLESv2.dll 2015-06-25 12:09 - 2015-04-29 09:40 - 00968248 _____ (The Chromium Authors) C:\ffmpegsumo.dll 2015-06-25 12:09 - 2015-04-29 09:40 - 00777272 _____ (Spotify Ltd) C:\SpotifyCrashService.exe 2015-06-25 12:09 - 2015-04-29 09:40 - 00598403 _____ C:\cef_200_percent.pak 2015-06-25 12:09 - 2015-04-29 09:40 - 00444515 _____ C:\cef_100_percent.pak 2015-06-25 12:09 - 2015-04-29 09:40 - 00124472 _____ (Spotify Ltd) C:\SpotifyLauncher.exe 2015-06-25 12:09 - 2015-04-29 09:40 - 00079928 _____ C:\libEGL.dll 2015-06-25 12:09 - 2015-04-29 09:40 - 00073272 _____ C:\wow_helper.exe 2015-06-25 12:09 - 2015-04-29 09:40 - 00000020 _____ C:\inst_ver.dat 2015-06-25 12:09 - 2015-04-29 09:40 - 00000000 ____D C:\locales 2015-06-25 11:56 - 2012-11-23 14:10 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-06-25 11:55 - 2009-09-08 03:03 - 00004884 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-06-25 11:55 - 2008-04-15 14:00 - 01343988 _____ C:\WINDOWS\system32\perfh015.dat 2015-06-25 11:55 - 2008-04-15 14:00 - 00505816 _____ C:\WINDOWS\system32\perfc015.dat 2015-06-25 11:51 - 2014-03-31 11:52 - 00000222 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-06-25 11:51 - 2013-04-02 11:48 - 00000043 _____ C:\WINDOWS\MezzmoMediaServer.INI 2015-06-25 11:51 - 2010-03-09 18:34 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-25 11:51 - 2009-09-08 03:04 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-06-25 11:51 - 2009-09-08 03:04 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-06-25 11:51 - 2009-09-08 01:22 - 00032586 _____ C:\WINDOWS\SchedLgU.Txt 2015-06-25 11:51 - 2009-02-27 17:04 - 00001082 _____ C:\WINDOWS\system32\bscs.ini 2015-06-25 11:50 - 2013-03-21 16:15 - 00524288 _____ C:\WINDOWS\system32\config\ACS.evt 2015-06-25 11:50 - 2009-09-08 01:52 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2015-06-25 11:50 - 2009-09-08 01:23 - 00000188 ___SH C:\Documents and Settings\Radek\ntuser.ini 2015-06-25 11:50 - 2009-09-08 01:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-25 11:50 - 2009-01-16 04:44 - 00060452 _____ C:\WINDOWS\system32\ativvaxx.cap 2015-06-25 11:49 - 2014-04-26 13:09 - 00000000 ____D C:\Documents and Settings\SUPPORT_388945a0\Ustawienia lokalne\Dane aplikacji 2015-06-25 11:49 - 2014-04-26 13:09 - 00000000 ____D C:\Documents and Settings\Pomocnik\Ustawienia lokalne\Dane aplikacji 2015-06-25 11:49 - 2014-04-26 13:09 - 00000000 ____D C:\Documents and Settings\Gość\Ustawienia lokalne\Dane aplikacji 2015-06-25 11:49 - 2014-04-26 13:09 - 00000000 ____D C:\Documents and Settings\ASPNET\Ustawienia lokalne\Dane aplikacji 2015-06-25 11:49 - 2014-04-26 13:09 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2015-06-25 11:49 - 2009-09-08 03:02 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-06-25 11:49 - 2009-09-08 03:02 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2015-06-25 11:49 - 2009-09-08 01:23 - 00000000 ___RD C:\Documents and Settings\Radek\Menu Start\Programy 2015-06-25 11:49 - 2009-09-08 01:23 - 00000000 ___HD C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji 2015-06-25 11:45 - 2010-03-09 18:34 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-25 10:53 - 2009-09-08 01:23 - 00000000 ___RD C:\Documents and Settings\Radek\Dane aplikacji 2015-06-24 20:08 - 2009-09-08 21:42 - 00000389 _____ C:\WINDOWS\lgfwup.ini 2015-06-24 20:08 - 2009-09-08 21:42 - 00000000 ____D C:\Program Files\lg_fwupdate 2015-06-24 20:07 - 2009-09-08 03:02 - 00209696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-06-24 20:07 - 2009-09-08 01:52 - 00049288 _____ C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-06-24 20:06 - 2012-03-08 10:46 - 00262144 _____ C:\WINDOWS\system32\config\ODiag.evt 2015-06-24 20:05 - 2009-09-08 20:17 - 00000000 ___SD C:\Documents and Settings\Radek\UserData 2015-06-24 20:05 - 2009-09-08 01:23 - 00000000 ____D C:\Documents and Settings\Radek 2015-06-24 20:03 - 2011-01-12 15:02 - 00000000 ____D C:\Program Files\Adobe 2015-06-24 20:03 - 2009-09-08 13:23 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-06-24 20:03 - 2009-09-08 13:23 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2015-06-24 20:02 - 2009-09-08 03:02 - 00000000 __RHD C:\Documents and Settings\Default User\Dane aplikacji 2015-06-24 19:33 - 2014-10-06 11:05 - 00000000 ____D C:\Program Files\OpenOffice 4 2015-06-24 19:33 - 2009-09-08 03:02 - 00000000 ___HD C:\Documents and Settings\All Users\Szablony 2015-06-22 10:47 - 2009-09-08 01:23 - 00000000 ____D C:\Documents and Settings\Radek\Pulpit 2015-06-22 10:46 - 2012-07-05 21:02 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-06-22 10:26 - 2009-09-08 01:23 - 00000000 ___RD C:\Documents and Settings\Radek\Menu Start 2015-06-21 11:10 - 2008-04-15 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2015-06-11 09:13 - 2014-08-25 11:25 - 00000000 ____D C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Adobe 2015-06-10 20:18 - 2013-08-17 19:01 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-10 20:13 - 2009-09-15 15:55 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-09 22:45 - 2009-09-26 19:05 - 00150528 _____ C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-08 20:05 - 2014-03-31 11:52 - 00000216 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-06-03 21:00 - 2013-10-22 10:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-05-27 19:59 - 2015-01-05 12:24 - 00000000 ____D C:\Documents and Settings\Radek\Pulpit\pliki foldery pulpit ==================== Files in the root of some directories ======= 2013-04-02 10:37 - 2013-04-02 10:37 - 10521954 _____ (ALLCinema Ltd. ) C:\Program Files\ALLMediaServer.exe 2011-04-26 12:00 - 2011-04-26 12:07 - 36872808 _____ () C:\Program Files\DJ_AIO_DriverOnly_NonNetwork_PLK_NB.exe 2009-08-31 13:36 - 2009-08-31 13:36 - 1707856 _____ (Microsoft Corporation) C:\Program Files\instmsia.exe 2009-08-31 13:36 - 2009-08-31 13:36 - 1821008 _____ (Microsoft Corporation) C:\Program Files\instmsiw.exe 2011-12-13 13:52 - 2011-12-13 13:52 - 154679843 _____ () C:\Program Files\openofficeorg1.cab 2009-08-31 13:36 - 2009-08-31 13:36 - 9810944 _____ () C:\Program Files\openofficeorg31.msi 2011-12-13 13:49 - 2011-12-13 13:49 - 3018752 _____ () C:\Program Files\openofficeorg33.msi 2011-12-13 13:49 - 2011-12-13 13:49 - 0469504 _____ () C:\Program Files\setup.exe 2011-12-13 13:49 - 2011-12-13 13:49 - 0000290 _____ () C:\Program Files\setup.ini 2009-09-26 19:05 - 2015-06-09 22:45 - 0150528 _____ () C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-09-11 20:43 - 2009-09-11 20:43 - 0000130 _____ () C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2011-12-22 16:08 - 2011-12-22 16:09 - 2161160 _____ (DownVision ) C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\setup.exe Some files in TEMP: ==================== C:\Documents and Settings\Radek\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\Radek\Ustawienia lokalne\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================