Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by NTT (administrator) on NTT on 08-07-2015 12:29:23 Running from C:\Documents and Settings\NTT\Pulpit Loaded Profiles: NTT (Available Profiles: NTT) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (CryptoTech) C:\WINDOWS\system32\CCPkiWNT.exe (ComArch S.A.) C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe (Doctor Web, Ltd.) C:\Program Files\DrWeb\dwservice.exe (Doctor Web, Ltd.) C:\Program Files\DrWeb\frwl_svc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe () C:\Program Files\ABG\mMedica\mmService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\WINDOWS\system32\PnkBstrA.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe (Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwarkdaemon.exe (Doctor Web, Ltd.) C:\Program Files\DrWeb\dwnetfilter.exe (Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe (Novell, Inc.) C:\WINDOWS\system32\nwtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Doctor Web, Ltd.) C:\Program Files\DrWeb\spideragent.exe (Doctor Web, Ltd.) C:\Program Files\DrWeb\frwl_notify.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [NWTRAY] => C:\WINDOWS\system32\NWTRAY.EXE [28672 2002-03-12] (Novell, Inc.) HKLM\...\Run: [EasyTuneVPro] => C:\Program Files\Gigabyte\ET5Pro\ETcall.exe [20480 2007-07-26] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-02-10] () HKLM\...\Run: [SpIDerAgent] => C:\Program Files\DrWeb\spideragent.exe [14739600 2015-05-14] (Doctor Web, Ltd.) HKLM\...\Run: [Firewall] => C:\Program Files\DrWeb\frwl_notify.exe [5058800 2014-10-31] (Doctor Web, Ltd.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2012-05-24] (ATI Technologies Inc.) Lsa: [Authentication Packages] msv1_0 nwv1_0 ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2012-12-12] (Autodesk, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-790525478-1677128483-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-790525478-1677128483-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-790525478-1677128483-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-790525478-1677128483-839522115-1004\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKU\S-1-5-21-790525478-1677128483-839522115-1004\Software\Microsoft\Internet Explorer\Main,Strona wyszukiwania = http://www.msn.com/access/allinone.asp HKU\S-1-5-21-790525478-1677128483-839522115-1004\Software\Microsoft\Internet Explorer\Main,Strona początkowa = http://www.microsoft.com/msoffice/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-790525478-1677128483-839522115-1004 -> {165A6B98-5F6D-4EA8-85DB-A87F05A8A4F1} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-04] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation) DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://online2.nfz-rzeszow.pl/CLO_WS/Authorized/Sos/smsx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {313E8D50-B1DE-453D-AB28-353BFE1BF744} https://hb.kbsa.pl/_nsas.int_/dll/NokiaPFP.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab Winsock: Catalog5 01 C:\WINDOWS\system32\netware\NWWS2NDS.DLL [36943 2008-03-31] (Novell, Inc.) Winsock: Catalog5 02 C:\WINDOWS\system32\netware\NWWS2SAP.DLL [34112 2008-03-31] (Novell, Inc.) Winsock: Catalog5 03 C:\WINDOWS\system32\netware\NWWS2SLP.DLL [50512 2008-03-31] (Novell, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EB5F637C-B103-4E44-9340-C36395999710}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\NTT\Dane aplikacji\Mozilla\Firefox\Profiles\t9q1tgip.default-1432100475375 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-26] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-790525478-1677128483-839522115-1004: @autodesk.com/DWF -> C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll [2011-01-24] (Autodesk) FF Plugin HKU\S-1-5-21-790525478-1677128483-839522115-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\NTT\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-17] (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-28] Chrome: ======= CHR Profile: C:\Documents and Settings\NTT\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759072 2008-10-27] (ABBYY (BIT Software)) S2 AktualizujPP; C:\Program Files\Asseco Poland SA\Płatnik\ASSECO.AKTUALIZUJ.PP.exe [31584 2015-02-12] (Asseco Poland S.A.) S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [647168 2012-05-24] (ATI Technologies Inc.) [File not signed] S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-08-21] () [File not signed] S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 CCPkiWNT; C:\WINDOWS\system32\CCPkiWNT.exe [94208 2003-12-16] (CryptoTech) [File not signed] R2 ComarchCardServer; C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe [151552 2011-02-18] (ComArch S.A.) [File not signed] S2 cusrvc; C:\WINDOWS\system32\cusrvc.exe [36864 2004-04-05] (Novell, Inc.) [File not signed] R2 DrWebAVService; C:\Program Files\DrWeb\dwservice.exe [10839512 2014-11-07] (Doctor Web, Ltd.) R3 DrWebEngine; C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2135464 2015-01-15] (Doctor Web, Ltd.) R2 DrWebFwSvc; C:\Program Files\DrWeb\frwl_svc.exe [1218720 2014-10-31] (Doctor Web, Ltd.) R3 DrWebNetFilter; C:\Program Files\DrWeb\dwnetfilter.exe [4588176 2014-10-31] (Doctor Web, Ltd.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-02-04] (Oracle Corporation) R2 mmService; C:\Program Files\ABG\mMedica\mMService.exe [5623296 2015-05-04] () [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2010-12-09] () R2 postgresmm-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [110592 2012-01-20] (Asseco Poland S.A. (TS)) [File not signed] S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [918016 2006-12-01] (Microsoft Corporation) [File not signed] S3 ZuneBusEnum; C:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation) S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec) S3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [7746048 2012-05-24] (ATI Technologies Inc.) [File not signed] R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 cpuz132; C:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows (R) Codename Longhorn DDK provider) [File not signed] S3 cpuz134; C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider) R0 DrWebLwf; C:\WINDOWS\System32\drivers\DrWebLwf.sys [222352 2014-10-31] (Doctor Web, Ltd.) R1 DrWebWfp; C:\WINDOWS\System32\drivers\dw_wfp.sys [58016 2014-09-30] (Doctor Web, Ltd.) R0 DwProt; C:\WINDOWS\System32\drivers\dwprot.sys [301576 2014-10-31] (Doctor Web, Ltd.) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed] R3 ET5Drv; C:\WINDOWS\system32\Drivers\ET5Drv.sys [40136 2006-11-24] (Microsoft Corporation) S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2008-04-04] (Windows (R) 2000 DDK provider) S3 GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto) S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2008-10-07] () [File not signed] S3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.) R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-29] (HP) R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-29] (HP) R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-29] (HP) S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-09-23] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 NetwareWorkstation; C:\WINDOWS\System32\NetWare\nwfs.sys [473646 2004-06-14] (Novell, Inc.) [File not signed] R0 NICM; C:\WINDOWS\System32\drivers\nicm.sys [37856 2004-05-24] (Novell, Inc.) [File not signed] R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2013-02-18] (NVIDIA Corporation) R2 NWDHCP; C:\WINDOWS\System32\NetWare\nwdhcp.sys [16176 2004-02-23] () [File not signed] R3 NWDNS; C:\WINDOWS\System32\NetWare\nwdns.sys [34511 2004-04-29] () [File not signed] R0 NWFILTER; C:\WINDOWS\System32\NetWare\nwfilter.sys [15762 2004-03-05] (Novell, Inc.) [File not signed] R3 NWHOST; C:\WINDOWS\System32\NetWare\NWHOST.sys [11856 2004-02-17] () [File not signed] R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-03-02] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-03-02] (Microsoft Corporation) R3 NWSAP; C:\WINDOWS\System32\NetWare\NWSAP.sys [23232 2003-02-26] () [File not signed] R2 NWSIPX32; C:\WINDOWS\System32\NetWare\nwsipx32.sys [41888 2004-03-11] (Novell, Inc.) [File not signed] R3 NWSLP; C:\WINDOWS\System32\NetWare\nwslp.sys [19407 2004-04-29] () [File not signed] R3 NWSNS; C:\WINDOWS\System32\NetWare\NWSNS.sys [5808 2003-02-13] () [File not signed] R2 OkiPar; C:\WINDOWS\System32\DRIVERS\OKIPAR.SYS [40192 2001-10-02] (Oki Data Corporation) [File not signed] R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed] R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-08-25] (Sonic Solutions) [File not signed] R2 RESMGR; C:\WINDOWS\System32\NetWare\resmgr.sys [27249 2004-06-01] (Novell, Inc.) [File not signed] S3 SCR3xx USB Smart Card Reader; C:\WINDOWS\System32\DRIVERS\SCR3XX2K.sys [47488 2006-11-07] (SCM Microsystems Inc.) R0 SpiderG3; C:\WINDOWS\System32\drivers\spiderg3.sys [181552 2014-11-24] (Doctor Web, Ltd.) R2 SRVLOC; C:\WINDOWS\System32\NetWare\srvloc.sys [153456 2004-05-03] (Novell, Inc.) [File not signed] S3 WFUSBIILE; C:\WINDOWS\System32\drivers\wfremora.sys [81536 2007-12-04] (Leadtek Research Inc.) [File not signed] R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation) S3 AtiHDAudioService; system32\drivers\AtihdXP3.sys [X] S3 catchme; \??\C:\DOCUME~1\NTT\USTAWI~1\Temp\catchme.sys [X] U2 CertPropSvc; No ImagePath U3 DfSdkS; No ImagePath U4 dwshd; \SystemRoot\System32\drivers\dwshd.sys [X] U0 dwshd636b3c3a; \SystemRoot\System32\drivers\dwshd.sys [X] S3 esihdrv; \??\C:\DOCUME~1\NTT\USTAWI~1\Temp\esihdrv.sys [X] S5 GVTDrv; C:\WINDOWS\system32\Drivers\GVTDrv.sys [24944 2015-07-08] () S4 IntelIde; No ImagePath S0 Lbd; system32\DRIVERS\Lbd.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; No ImagePath S3 WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [X] U3 pxtdqpow; \??\C:\DOCUME~1\NTT\USTAWI~1\Temp\pxtdqpow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-08 12:12 - 2015-07-08 12:13 - 00072655 _____ C:\Documents and Settings\NTT\Pulpit\Addition.txt 2015-07-08 12:11 - 2015-07-08 12:29 - 00018313 _____ C:\Documents and Settings\NTT\Pulpit\FRST.txt 2015-07-08 12:08 - 2015-07-08 12:08 - 02244096 _____ C:\Documents and Settings\NTT\Pulpit\AdwCleaner.exe 2015-07-06 09:23 - 2015-07-06 09:23 - 00041472 _____ C:\Documents and Settings\NTT\Moje dokumenty\spr.kw.zał.nr2 - 2kw.2015.xls 2015-07-06 09:22 - 2015-07-06 09:22 - 00041472 _____ C:\Documents and Settings\NTT\Pulpit\spr.kw.zał.nr2 - 1kw.2015.xls 2015-07-01 09:52 - 2015-07-01 09:52 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Asseco Poland SA 2015-07-01 09:51 - 2015-07-01 09:51 - 00000655 _____ C:\Documents and Settings\All Users\Pulpit\Płatnik 10.01.001.lnk 2015-07-01 09:51 - 2015-07-01 09:51 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Płatnik 10.01.001 2015-06-16 11:24 - 2015-06-16 11:24 - 00253952 _____ C:\Documents and Settings\NTT\Pulpit\TABELA(leki 2015).XLS 2015-06-16 09:45 - 2015-06-16 11:23 - 00253952 _____ C:\Documents and Settings\NTT\Pulpit\TABELA(1).XLS 2015-06-15 13:15 - 2015-06-15 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\doPDF 7 2015-06-15 13:15 - 2011-02-15 16:30 - 00023376 _____ (Softland) C:\WINDOWS\system32\dopdfmn7.dll 2015-06-15 13:15 - 2011-02-15 16:30 - 00020304 _____ (Softland) C:\WINDOWS\system32\dopdfmi7.dll 2015-06-12 10:27 - 2015-06-12 10:27 - 00347440 _____ (Microsoft Corporation) C:\Documents and Settings\NTT\Pulpit\MicrosoftFixit-portable.exe 2015-06-12 10:24 - 2015-06-12 10:24 - 00000240 _____ C:\Documents and Settings\NTT\Pulpit\fixbufor.bat 2015-06-12 09:14 - 2015-06-12 09:14 - 00006600 _____ C:\WINDOWS\DPINST.LOG 2015-06-09 08:15 - 2015-06-09 08:15 - 00000006 _____ C:\usb001 2015-06-08 13:29 - 2008-04-13 20:47 - 00025856 _____ (Microsoft Corporation) C:\Documents and Settings\NTT\Pulpit\usbprint.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-08 12:29 - 2014-12-02 13:51 - 00000000 ____D C:\FRST 2015-07-08 12:29 - 2014-04-30 14:15 - 00000000 ____D C:\Documents and Settings\NTT\Ustawienia lokalne\temp 2015-07-08 12:29 - 2013-02-01 10:04 - 30055148 _____ C:\pkcs11-r.log 2015-07-08 12:12 - 2008-03-26 14:01 - 00000000 ____D C:\Documents and Settings\NTT\Pulpit 2015-07-08 12:11 - 2015-05-20 07:51 - 00000000 ____D C:\Documents and Settings\NTT\Moje dokumenty\Pobrane 2015-07-08 12:07 - 2014-12-02 13:49 - 01636352 _____ (Farbar) C:\Documents and Settings\NTT\Pulpit\FRST.exe 2015-07-08 11:30 - 2014-06-16 11:05 - 00008976 _____ C:\WINDOWS\system32\nvAppTimestamps 2015-07-08 07:25 - 2014-03-21 09:23 - 00000218 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-07-08 07:25 - 2008-04-04 08:34 - 00024944 _____ C:\WINDOWS\system32\Drivers\GVTDrv.sys 2015-07-08 07:20 - 2008-03-26 13:57 - 01066556 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-08 07:00 - 2008-03-26 14:51 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-07-08 07:00 - 2008-03-26 14:51 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-07-08 07:00 - 2008-03-26 14:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-07 14:28 - 2008-03-26 14:01 - 00000188 ___SH C:\Documents and Settings\NTT\ntuser.ini 2015-07-07 14:28 - 2008-03-26 14:00 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-07 09:22 - 2010-07-04 09:34 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2015-07-07 08:06 - 2013-08-08 12:38 - 04245504 _____ C:\Documents and Settings\NTT\Pulpit\zam.mdb 2015-07-06 09:23 - 2008-03-26 14:01 - 00000000 ___RD C:\Documents and Settings\NTT\Moje dokumenty 2015-07-06 07:02 - 2006-03-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-03 13:25 - 2015-05-29 14:22 - 00025398 _____ C:\WINDOWS\setupapi.log 2015-07-03 10:23 - 2008-04-01 09:17 - 00112640 _____ C:\Documents and Settings\NTT\Moje dokumenty\komp zol.xls 2015-07-03 10:09 - 2011-05-26 14:24 - 00055808 _____ C:\Documents and Settings\NTT\Pulpit\rozliczenia z kasą 2011.xls 2015-07-01 10:14 - 2010-09-03 08:43 - 00001984 _____ C:\WINDOWS\system32\d3d9caps.dat 2015-07-01 10:06 - 2008-03-26 14:01 - 00000000 ____D C:\Documents and Settings\NTT 2015-07-01 09:52 - 2008-03-26 14:48 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2015-07-01 09:52 - 2008-03-26 14:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-07-01 09:51 - 2008-03-26 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-07-01 09:46 - 2014-05-12 07:33 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2015-06-26 07:59 - 2012-03-30 07:00 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-06-26 07:59 - 2011-05-19 06:57 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-06-26 07:58 - 2014-09-02 13:12 - 00000000 ____D C:\Documents and Settings\NTT\Ustawienia lokalne\Dane aplikacji\Adobe 2015-06-22 11:57 - 2014-07-03 09:08 - 00131072 _____ C:\WINDOWS\system32\config\Doctor Web.evt 2015-06-19 09:59 - 2008-03-28 22:47 - 00000000 ____D C:\Program Files\DrWeb 2015-06-19 07:29 - 2008-03-26 14:49 - 01258032 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-06-19 07:29 - 2006-03-02 14:00 - 00556420 _____ C:\WINDOWS\system32\perfh015.dat 2015-06-19 07:29 - 2006-03-02 14:00 - 00105452 _____ C:\WINDOWS\system32\perfc015.dat 2015-06-17 12:39 - 2008-04-02 09:57 - 00016992 _____ C:\WINDOWS\NTT.acl 2015-06-17 08:53 - 2014-08-27 10:12 - 00000000 __SHD C:\DrWeb Quarantine 2015-06-15 13:15 - 2009-04-06 07:45 - 00000000 ____D C:\Program Files\Softland 2015-06-12 08:43 - 2013-08-27 07:05 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-12 08:38 - 2008-04-01 08:55 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-08 07:03 - 2014-10-28 14:19 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2013-07-05 12:29 - 2013-07-05 12:29 - 1128836 _____ () C:\Program Files\IrfanView.7z 2009-12-04 10:51 - 2009-12-04 10:51 - 0000012 _____ () C:\Documents and Settings\NTT\Dane aplikacji\fvgqad.dat 2008-03-28 22:51 - 2015-03-10 09:21 - 0125440 _____ () C:\Documents and Settings\NTT\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-26 13:42 - 2015-01-26 13:42 - 0003206 _____ () C:\Documents and Settings\NTT\Ustawienia lokalne\Dane aplikacji\unins000.dat 2015-01-26 13:42 - 2015-01-26 13:42 - 0707744 _____ () C:\Documents and Settings\NTT\Ustawienia lokalne\Dane aplikacji\unins000.exe 2015-01-26 13:42 - 2015-01-26 13:42 - 0011761 _____ () C:\Documents and Settings\NTT\Ustawienia lokalne\Dane aplikacji\unins000.msg Some files in TEMP: ==================== C:\Documents and Settings\NTT\Ustawienia lokalne\temp\lj1018-HB-pd-win32-plp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed