Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 02 Ran by smo (administrator) on BLACKV8 on 17-01-2014 16:37:42 Running from D:\Documents and Settings\smo\Pulpit Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe (COMODO) D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (SANDBOXIE L.T.D) D:\Program Files\Sandboxie\SbieSvc.exe (artArmin) D:\Program Files\Vista Drive Icon\DrvIcon.exe () D:\Program Files\Unlocker\UnlockerAssistant.exe (A4Tech Co., Ltd.) D:\Program Files\A4Tech\Mouse\Amoumain.exe (Creative Technology Ltd) D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd) D:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) D:\WINDOWS\system32\CTXFIHLP.EXE (Ultima Prime & Pawel Porwisz) D:\Program Files\TC UP\TC UP.exe (COMODO) D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (Creative Technology Ltd) D:\WINDOWS\system32\CTXFISPI.EXE (NEC Electronics Corporation) D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (O&O Software GmbH) D:\Program Files\OO Software\Defrag\oodtray.exe (Idea2) D:\Program Files\Desktop Sidebar\dsidebar.exe (Outertech) D:\Program Files\Cacheman\CachemanTray.exe (Ghisler Software GmbH) D:\Program Files\TC UP\TOTALCMD.EXE (SANDBOXIE L.T.D) D:\Program Files\Sandboxie\SbieCtrl.exe (FreeDownloadManager.ORG) D:\Program Files\Free Download Manager\fdm.exe (PeerBlock, LLC) D:\Program Files\PeerBlock\peerblock.exe (PHU XimSoft Tomasz Wyderka) D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe (Hagel Technologies Ltd) D:\Program Files\DU Meter\DUMeter.exe ( ) D:\Program Files\Copy Handler\ch.exe (Thong Nguyen) D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe (SUPERAntiSpyware.com) D:\Program Files\SUPERAntiSpyware\SASCore.exe () D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe () D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe (Outertech) D:\Program Files\Cacheman\CachemanServ.exe (Hagel Technologies Ltd) D:\Program Files\DU Meter\DUMeterSvc.exe (Sun Microsystems, Inc.) D:\Program Files\Java\jre6\bin\jqs.exe (O&O Software GmbH) D:\Program Files\OO Software\Defrag\oodag.exe (Raxco Software, Inc.) D:\Program Files\Raxco\PerfectDisk\PDAgent.exe (VMware, Inc.) D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) D:\WINDOWS\system32\vmnat.exe (VMware, Inc.) D:\WINDOWS\system32\vmnetdhcp.exe () D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe () D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (Raxco Software, Inc.) D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (MPC-BE Team) D:\Program Files\MPC-BE\mpc-be.exe (http://winmerge.org) D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [DrvIcon] - D:\Program Files\Vista Drive Icon\DrvIcon.exe [49152 2008-04-13] (artArmin) HKLM\...\Run: [UnlockerAssistant] - D:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] () HKLM\...\Run: [amd_dc_opt] - D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2012-01-10] (AMD) HKLM\...\Run: [NvMediaCenter] - D:\WINDOWS\system32\NvMcTray.dll [110696 2010-01-11] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] - D:\WINDOWS\system32\NvCpl.dll [13666408 2010-01-11] (NVIDIA Corporation) HKLM\...\Run: [WheelMouse] - D:\Program Files\A4Tech\Mouse\Amoumain.exe [163840 2006-02-17] (A4Tech Co., Ltd.) HKLM\...\Run: [VolPanel] - D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [122880 2005-07-11] (Creative Technology Ltd) HKLM\...\Run: [CTHelper] - D:\Windows\CTHELPER.EXE [16384 2005-08-07] (Creative Technology Ltd) HKLM\...\Run: [CTxfiHlp] - D:\Windows\system32\CTXFIHLP.EXE [18944 2005-08-07] (Creative Technology Ltd) HKLM\...\Run: [TC UP] - D:\Program Files\TC UP\TC UP.exe [615936 2010-11-14] (Ultima Prime & Pawel Porwisz) HKLM\...\Run: [COMODO Internet Security] - D:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO) HKLM\...\Run: [NUSB3MON] - D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation) HKLM\...\Run: [OODefragTray] - D:\Program Files\OO Software\Defrag\oodtray.exe [5029232 2012-10-02] (O&O Software GmbH) HKLM\...\Run: [Copy Handler] - [x] HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKCU\...\Run: [SIDEBAR] - D:\Program Files\Desktop Sidebar\dsidebar.exe [1777664 2006-07-09] (Idea2) HKCU\...\Run: [CachemanTray] - D:\Program Files\Cacheman\CachemanTray.exe [345088 2009-05-18] (Outertech) HKCU\...\Run: [SandboxieControl] - D:\Program Files\Sandboxie\SbieCtrl.exe [545552 2012-12-16] (SANDBOXIE L.T.D) HKCU\...\Run: [Free Download Manager] - D:\Program Files\Free Download Manager\fdm.exe [6860288 2013-01-16] (FreeDownloadManager.ORG) HKCU\...\Run: [PeerBlock] - D:\Program Files\PeerBlock\peerblock.exe [1867888 2010-11-06] (PeerBlock, LLC) HKCU\...\Run: [Google Update] - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [136176 2012-01-10] (Google Inc.) HKCU\...\Run: [RAMKontroler] - D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe [618496 2012-01-10] (PHU XimSoft Tomasz Wyderka) HKCU\...\Run: [DU Meter] - D:\Program Files\DU Meter\DUMeter.exe [2582288 2013-07-03] (Hagel Technologies Ltd) HKCU\...\Run: [Copy Handler] - D:\Program Files\Copy Handler\ch.exe [489472 2010-03-07] ( ) HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32 HKU\Default User\...\RunOnce: [_nltide_3] - D:\Windows\system32\advpack.dll [ 2009-03-08] (Microsoft Corporation) AppInit_DLLs: D:\WINDOWS\system32\guard32.dll [301264 2012-11-08] (COMODO) Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\reg-ico.bat () Startup: D:\Documents and Settings\Default User\Menu Start\Programy\Autostart\Styler.lnk ShortcutTarget: Styler.lnk -> D:\Documents and Settings\smo\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe () Startup: D:\Documents and Settings\smo\Menu Start\Programy\Autostart\PowerMenu.exe.lnk ShortcutTarget: PowerMenu.exe.lnk -> D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe (Thong Nguyen) Startup: D:\Documents and Settings\smo\Menu Start\Programy\Autostart\Styler.lnk ShortcutTarget: Styler.lnk -> D:\Documents and Settings\smo\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe () SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - D:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\WINDOWS\system32\skype4com.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) FireFox: ======== FF ProfilePath: D:\Documents and Settings\smo\Dane aplikacji\Mozilla\Firefox\Profiles\hsfsxvrg.default FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @adobe.com/ShockwavePlayer - D:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/JavaPlugin - D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - D:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - D:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - D:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - D:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - D:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.) FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Extension: Free Download Manager plugin - D:\Documents and Settings\smo\Dane aplikacji\Mozilla\Firefox\Profiles\hsfsxvrg.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-15] FF Extension: No Name - D:\Documents and Settings\smo\Dane aplikacji\Mozilla\Firefox\Profiles\hsfsxvrg.default\Extensions\staged [2014-01-17] FF Extension: DownThemAll! AntiContainer - D:\Documents and Settings\smo\Dane aplikacji\Mozilla\Firefox\Profiles\hsfsxvrg.default\Extensions\anticontainer@downthemall.net.xpi [2012-05-02] FF Extension: Torrent Finder Toolbar - D:\Documents and Settings\smo\Dane aplikacji\Mozilla\Firefox\Profiles\hsfsxvrg.default\Extensions\TFToolbarX@torrent-finder.xpi [2012-05-28] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - D:\Documents and Settings\smo\Dane aplikacji\Mozilla\Firefox\Profiles\hsfsxvrg.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-25] FF Extension: Download Statusbar - D:\Documents and Settings\smo\Dane aplikacji\Mozilla\Firefox\Profiles\hsfsxvrg.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-07-12] FF Extension: DownThemAll! - D:\Documents and Settings\smo\Dane aplikacji\Mozilla\Firefox\Profiles\hsfsxvrg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-05-02] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - D:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-28] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - D:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Shockwave Flash) - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (BitTorrent) - D:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll (BitTorrent, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U31) - D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Winamp Application Detector) - D:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Microsoft\u00AE DRM) - D:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft\u00AE DRM) - D:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - D:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Google Update) - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Foxit Reader Plugin for Mozilla) - D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Silverlight Plug-In) - D:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - D:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - D:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave for Director) - D:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Windows Presentation Foundation) - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Dysk Google) - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10] CHR Extension: (Google Wallet) - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (DVDVideoSoftTB) - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo [2012-09-12] CHR HKLM\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-09-11] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - D:\DOCUME~1\smo\USTAWI~1\DANEAP~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-10] CHR StartMenuInternet: Google Chrome - D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 !SASCORE; D:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) R2 6to4; D:\Windows\System32\6to4svc.dll [100864 2010-05-07] (Microsoft Corporation) R2 BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [775168 2012-07-17] () R3 BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [69735 2012-01-10] () R2 BsMobileCS; D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2012-01-10] () R2 CachemanService; D:\Program Files\Cacheman\CachemanServ.exe [210944 2009-05-16] (Outertech) R2 cmdAgent; D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO) S3 Desura Install Service; D:\Program Files\Common Files\Desura\desura_service.exe [131912 2013-07-08] (Desura Pty Ltd) R2 DUMeterSvc; D:\Program Files\DU Meter\DUMeterSvc.exe [1382672 2013-07-03] (Hagel Technologies Ltd) S2 GsServer; D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [3521832 2012-12-21] () R2 JavaQuickStarterService; D:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-28] (Sun Microsystems, Inc.) R2 OODefragAgent; D:\Program Files\OO Software\Defrag\oodag.exe [2019184 2012-10-02] (O&O Software GmbH) R2 PDAgent; D:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1415032 2012-10-04] (Raxco Software, Inc.) R3 PDEngine; D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2166648 2012-10-04] (Raxco Software, Inc.) S4 PuranDefrag; D:\WINDOWS\system32\PuranDefragS.exe [260992 2013-01-17] (Puran Software) R2 SbieSvc; D:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-12-16] (SANDBOXIE L.T.D) R2 VMAuthdService; D:\Program Files\VMware\VMware Workstation\vmware-authd.exe [79872 2012-01-18] (VMware, Inc.) R2 VMnetDHCP; D:\WINDOWS\system32\vmnetdhcp.exe [354416 2012-01-18] (VMware, Inc.) R2 VMUSBArbService; D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.) R2 VMware NAT Service; D:\WINDOWS\system32\vmnat.exe [433264 2012-01-18] (VMware, Inc.) R2 VMwareHostd; D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-01-18] () S3 McComponentHostService; "D:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [x] ==================== Drivers (Whitelisted) ==================== S1 AmdK8; D:\Windows\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices) R1 AmdPPM; D:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 Amfilter; D:\Windows\System32\DRIVERS\Amfilter.sys [8704 2006-01-11] (A4Tech Co.,Ltd.) S3 Amusbprt; D:\Windows\System32\DRIVERS\Amusbprt.sys [13312 2006-01-11] (A4Tech Co.,Ltd.) S3 BT; D:\Windows\System32\DRIVERS\btnetdrv.sys [14600 2008-01-21] (IVT Corporation.) S3 Btcsrusb; D:\Windows\System32\Drivers\btcusb.sys [38920 2008-07-02] (IVT Corporation.) R0 BtHidBus; D:\Windows\System32\Drivers\BtHidBus.sys [20616 2008-07-31] (IVT Corporation.) S3 CisUtMonitor; D:\Windows\System32\DRIVERS\CisUtMonitor.sys [27600 2011-10-30] (CrystalIdea Software) R1 cmderd; D:\Windows\System32\DRIVERS\cmderd.sys [18096 2012-11-08] (COMODO) R1 cmdGuard; D:\Windows\System32\DRIVERS\cmdguard.sys [497952 2012-11-08] (COMODO) R1 cmdHlp; D:\Windows\System32\DRIVERS\cmdhlp.sys [32640 2012-11-08] (COMODO) S3 ctdvda2k; D:\Windows\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd) R2 DefragFS; D:\Windows\System32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.) R2 hcmon; D:\WINDOWS\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.) R0 Inspect; D:\Windows\System32\DRIVERS\inspect.sys [99080 2012-11-08] (COMODO) R1 ISODrive; D:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2012-01-10] (EZB Systems, Inc.) R3 IvtBtBUs; D:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.) R3 pbfilter; D:\Program Files\PeerBlock\pbfilter.sys [19056 2010-11-06] () R2 PDFSFilter; D:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.) S3 PortTalk; D:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) S3 pwdrvio; D:\WINDOWS\system32\pwdrvio.sys [16472 2012-01-10] () S3 pwdspio; D:\WINDOWS\system32\pwdspio.sys [11104 2012-01-10] () S3 reparse; D:\Windows\System32\DRIVERS\cbreparse.sys [444232 2011-10-25] (COMODO Security Solutions Inc.) S3 RTLTEAMING; D:\Windows\System32\DRIVERS\RTLTEAMING.SYS [29440 2009-10-12] (Realtek Semiconductor Corporation) S3 RTLVLAN; D:\Windows\System32\DRIVERS\RTLVLAN.SYS [17536 2009-02-16] (Realtek Semiconductor Corporation ) R2 RtNdPt5x; D:\Windows\System32\DRIVERS\RtNdPt5x.sys [22016 2008-07-09] (Realtek Semiconductor Corporation ) R1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SbieDrv; D:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-12-16] (SANDBOXIE L.T.D) R0 Si3112; D:\Windows\System32\Drivers\Si3112.sys [62208 2010-01-17] (Silicon Image, Inc.) R0 sptd; D:\Windows\System32\Drivers\sptd.sys [443448 2013-10-18] () R3 SSCBFS3; D:\Windows\System32\DRIVERS\sscbfs3.sys [295936 2013-01-30] (EldoS Corporation) R2 StarOpen; D:\Windows\System32\Drivers\StarOpen.sys [13120 2013-08-25] () R1 Tcpip6; D:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-05-07] (Microsoft Corporation) S3 VComm; D:\Windows\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.) R3 VcommMgr; D:\Windows\System32\Drivers\VcommMgr.sys [29960 2008-07-02] (IVT Corporation.) R1 VD_FileDisk; D:\Windows\System32\Drivers\VD_FileDisk.sys [16384 2009-10-25] (Flint Incorporation) R3 VMnetAdapter; D:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2012-01-18] (VMware, Inc.) R2 VMnetBridge; D:\Windows\System32\DRIVERS\vmnetbridge.sys [33776 2012-01-18] (VMware, Inc.) R2 VMnetuserif; D:\WINDOWS\system32\drivers\vmnetuserif.sys [25712 2012-01-18] (VMware, Inc.) R2 VMparport; D:\WINDOWS\system32\Drivers\VMparport.sys [23792 2012-01-18] (VMware, Inc.) R2 vmx86; D:\WINDOWS\system32\Drivers\vmx86.sys [55664 2012-01-18] (VMware, Inc.) R2 vstor2-mntapi10-shared; D:\Windows\System32\drivers\vstor2-mntapi10-shared.sys [22768 2011-07-08] (VMware, Inc.) S3 w300bus; D:\Windows\System32\DRIVERS\w300bus.sys [60800 2006-03-13] (MCCI) S3 w300mdfl; D:\Windows\System32\DRIVERS\w300mdfl.sys [9264 2006-03-13] (MCCI) S3 w300mdm; D:\Windows\System32\DRIVERS\w300mdm.sys [96352 2006-03-13] (MCCI) S3 w300mgmt; D:\Windows\System32\DRIVERS\w300mgmt.sys [87824 2006-03-13] (MCCI) S3 w300obex; D:\Windows\System32\DRIVERS\w300obex.sys [85696 2006-03-13] (MCCI) U5 BlueletAudio; D:\Windows\System32\Drivers\BlueletAudio.sys [33800 2008-07-02] (IVT Corporation.) U4 CiSvc; S4 IntelIde; No ImagePath U4 Messenger; U5 UnlockerDriver5; D:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2012-01-10] () U3 pfldqpog; \??\D:\DOCUME~1\smo\USTAWI~1\Temp\pfldqpog.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-17 16:37 - 2014-01-17 16:37 - 00024966 _____ D:\Documents and Settings\smo\Pulpit\FRST.txt 2014-01-17 16:23 - 2014-01-17 16:23 - 00000000 ____D D:\FRST 2014-01-17 16:19 - 2014-01-17 16:19 - 01220096 ____C (Farbar) D:\Documents and Settings\smo\Pulpit\FRST.exe 2014-01-17 16:16 - 2014-01-17 16:16 - 00602112 ____C (OldTimer Tools) D:\Documents and Settings\smo\Pulpit\OTL.exe 2014-01-17 16:10 - 2014-01-17 16:10 - 00193675 _____ D:\Documents and Settings\smo\Pulpit\gmer-malware-scan.log 2014-01-17 15:18 - 2014-01-17 15:18 - 00379904 _____ D:\Documents and Settings\smo\Pulpit\gmer.exe 2014-01-17 15:15 - 2014-01-17 15:16 - 00000572 _____ D:\Documents and Settings\smo\Pulpit\catchme.log 2014-01-17 15:14 - 2014-01-17 15:14 - 00147456 _____ D:\Documents and Settings\smo\Pulpit\catchme.exe 2014-01-07 12:44 - 2014-01-07 12:44 - 00001708 ____C D:\Documents and Settings\All Users\Pulpit\Foxit Reader.lnk 2014-01-07 12:44 - 2014-01-07 12:44 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\Foxit Reader 2014-01-07 12:44 - 2014-01-07 12:44 - 00000000 ___DC D:\Documents and Settings\All Users\Foxit Software 2014-01-07 12:44 - 2014-01-07 12:44 - 00000000 ____D D:\DownloadFolder 2014-01-07 12:38 - 2014-01-07 12:38 - 00000000 ___DC D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Foxit Reader 2014-01-07 12:38 - 2014-01-07 12:38 - 00000000 ____D D:\FileIDCache 2014-01-07 12:38 - 2014-01-07 12:38 - 00000000 ____D D:\DownloadCache 2014-01-05 13:22 - 2014-01-05 13:22 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\Auslogics 2014-01-05 11:35 - 2014-01-05 11:35 - 00001876 ____C D:\Documents and Settings\All Users\Pulpit\Free YouTube Download.lnk 2014-01-04 23:16 - 2014-01-04 23:16 - 00000848 ____C D:\Documents and Settings\All Users\Pulpit\Oracle VM VirtualBox.lnk 2014-01-04 23:16 - 2014-01-04 23:16 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\Oracle VM VirtualBox 2013-12-25 12:11 - 2013-12-25 12:11 - 00000687 _____ D:\Documents and Settings\smo\Pulpit\CDRoller.lnk 2013-12-25 12:11 - 2013-12-25 12:11 - 00000000 ___DC D:\Program Files\CDRoller 2013-12-25 12:11 - 2013-12-25 12:11 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\CDRoller 6.31 2013-12-18 17:38 - 2013-12-18 17:38 - 00126224 _____ (Oracle Corporation) D:\WINDOWS\system32\Drivers\VBoxNetFlt.sys 2013-12-18 17:37 - 2013-12-18 17:37 - 00174864 _____ (Oracle Corporation) D:\WINDOWS\system32\VBoxNetFltNobj.dll 2013-12-18 17:28 - 2013-12-18 17:28 - 00000000 ___DC D:\Documents and Settings\Default User\Ustawienia lokalne\Dane aplikacji\Google ==================== One Month Modified Files and Folders ======= 2014-01-17 16:37 - 2014-01-17 16:37 - 00024966 _____ D:\Documents and Settings\smo\Pulpit\FRST.txt 2014-01-17 16:37 - 2011-04-30 13:07 - 00000000 ____D D:\Documents and Settings\smo\Pulpit 2014-01-17 16:28 - 2012-01-10 02:33 - 00001124 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1770027372-1801674531-1002UA.job 2014-01-17 16:23 - 2014-01-17 16:23 - 00000000 ____D D:\FRST 2014-01-17 16:23 - 2013-12-10 22:13 - 00001030 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-17 16:23 - 2013-12-10 22:13 - 00001026 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-17 16:19 - 2014-01-17 16:19 - 01220096 ____C (Farbar) D:\Documents and Settings\smo\Pulpit\FRST.exe 2014-01-17 16:18 - 2013-08-21 23:04 - 00000000 ___DC D:\Program Files\Mozilla Firefox 2014-01-17 16:16 - 2014-01-17 16:16 - 00602112 ____C (OldTimer Tools) D:\Documents and Settings\smo\Pulpit\OTL.exe 2014-01-17 16:10 - 2014-01-17 16:10 - 00193675 _____ D:\Documents and Settings\smo\Pulpit\gmer-malware-scan.log 2014-01-17 15:18 - 2014-01-17 15:18 - 00379904 _____ D:\Documents and Settings\smo\Pulpit\gmer.exe 2014-01-17 15:16 - 2014-01-17 15:15 - 00000572 _____ D:\Documents and Settings\smo\Pulpit\catchme.log 2014-01-17 15:14 - 2014-01-17 15:14 - 00147456 _____ D:\Documents and Settings\smo\Pulpit\catchme.exe 2014-01-17 14:40 - 2011-05-26 09:51 - 00000000 __HDC D:\_gsdata_ 2014-01-17 14:31 - 2011-04-30 12:49 - 00000000 ____D D:\WINDOWS\Registration 2014-01-17 14:31 - 2010-05-26 16:55 - 00090934 _____ D:\WINDOWS\system32\langs.xml 2014-01-17 14:25 - 2011-05-26 08:45 - 00000000 ___DC D:\Documents and Settings\smo\Dane aplikacji\GoodSync 2014-01-17 14:19 - 2012-01-12 22:27 - 00000000 ___DC D:\Program Files\PeerBlock 2014-01-17 14:18 - 2011-05-28 05:01 - 00000000 ___DC D:\Documents and Settings\LocalService\Dane aplikacji\VMware 2014-01-17 14:18 - 2011-05-28 05:00 - 00000000 ___DC D:\Documents and Settings\All Users\Dane aplikacji\VMware 2014-01-17 14:18 - 2008-08-04 17:04 - 00000965 _____ D:\WINDOWS\system32\bscs.ini 2014-01-17 14:16 - 2012-10-18 11:21 - 00393008 _____ D:\WINDOWS\system32\oodbs.lor 2014-01-17 14:16 - 2011-04-30 13:07 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT 2014-01-17 14:16 - 2010-01-11 21:17 - 00272317 _____ D:\WINDOWS\system32\NvApps.xml 2014-01-17 14:16 - 2001-07-22 02:17 - 00002206 _____ D:\WINDOWS\system32\wpa.dbl 2014-01-16 20:09 - 2013-10-17 16:56 - 00009529 _____ D:\WINDOWS\WindowsUpdate.log 2014-01-16 20:09 - 2011-04-30 14:01 - 00002064 _____ D:\WINDOWS\system32\settingsbkup.sfm 2014-01-16 20:09 - 2011-04-30 14:01 - 00002064 _____ D:\WINDOWS\system32\settings.sfm 2014-01-16 20:09 - 2011-04-30 13:07 - 00032380 _____ D:\WINDOWS\SchedLgU.Txt 2014-01-16 20:08 - 2012-10-18 19:38 - 00009171 _____ D:\Documents and Settings\smo\Moje dokumenty\config.xml 2014-01-16 20:07 - 2011-05-03 15:09 - 00000000 ____D D:\tmp 2014-01-16 18:03 - 2012-09-06 20:54 - 00000000 ___DC D:\Program Files\Puran Defrag 2014-01-16 17:28 - 2012-01-10 02:33 - 00001072 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1770027372-1801674531-1002Core.job 2014-01-16 17:08 - 2011-04-30 14:38 - 00000000 ___DC D:\Documents and Settings\All Users\Pulpit 2014-01-16 17:08 - 2011-04-30 14:38 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy 2014-01-16 14:09 - 2011-05-11 14:13 - 00000000 ___DC D:\Documents and Settings\smo\Dane aplikacji\Desktop Sidebar 2014-01-16 14:06 - 2013-07-23 19:07 - 00000930 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-16 14:06 - 2013-07-23 19:06 - 00000000 ___DC D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Adobe 2014-01-16 14:06 - 2012-04-01 06:41 - 00692616 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe 2014-01-16 14:06 - 2012-01-10 03:34 - 00071048 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-01-07 12:44 - 2014-01-07 12:44 - 00001708 ____C D:\Documents and Settings\All Users\Pulpit\Foxit Reader.lnk 2014-01-07 12:44 - 2014-01-07 12:44 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\Foxit Reader 2014-01-07 12:44 - 2014-01-07 12:44 - 00000000 ___DC D:\Documents and Settings\All Users\Foxit Software 2014-01-07 12:44 - 2014-01-07 12:44 - 00000000 ____D D:\DownloadFolder 2014-01-07 12:44 - 2012-01-10 02:17 - 00000000 ___DC D:\Documents and Settings\smo\Dane aplikacji\Foxit Software 2014-01-07 12:38 - 2014-01-07 12:38 - 00000000 ___DC D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji\Foxit Reader 2014-01-07 12:38 - 2014-01-07 12:38 - 00000000 ____D D:\FileIDCache 2014-01-07 12:38 - 2014-01-07 12:38 - 00000000 ____D D:\DownloadCache 2014-01-07 12:38 - 2011-04-30 13:07 - 00000000 __HDC D:\Documents and Settings\smo\Ustawienia lokalne\Dane aplikacji 2014-01-06 16:10 - 2012-01-10 03:58 - 00000000 ___DC D:\Documents and Settings\smo\Dane aplikacji\uTorrent 2014-01-05 13:22 - 2014-01-05 13:22 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\Auslogics 2014-01-05 13:22 - 2013-09-05 03:47 - 00000827 _____ D:\Documents and Settings\smo\Pulpit\Auslogics DiskDefrag.lnk 2014-01-05 13:22 - 2013-06-21 20:29 - 00000000 ___DC D:\Program Files\Auslogics 2014-01-05 11:35 - 2014-01-05 11:35 - 00001876 ____C D:\Documents and Settings\All Users\Pulpit\Free YouTube Download.lnk 2014-01-05 11:35 - 2013-11-06 09:22 - 00000897 ____C D:\Documents and Settings\All Users\Pulpit\DVDVideoSoft Free Studio.lnk 2014-01-05 11:35 - 2013-11-06 09:22 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\DVDVideoSoft 2014-01-05 11:35 - 2013-11-06 09:20 - 00000000 ___DC D:\Program Files\Common Files\DVDVideoSoft 2014-01-05 11:35 - 2012-09-17 22:01 - 00000000 ___DC D:\Documents and Settings\smo\Dane aplikacji\DVDVideoSoft 2014-01-05 11:35 - 2012-08-24 03:51 - 00000000 ___DC D:\Program Files\DVDVideoSoft 2014-01-04 23:21 - 2013-06-07 14:36 - 00000000 ___DC D:\Program Files\UltraDefrag7beta1 2014-01-04 23:19 - 2011-07-13 11:31 - 00000000 ___DC D:\Documents and Settings\smo\.VirtualBox 2014-01-04 23:17 - 2013-10-18 18:55 - 00280758 _____ D:\WINDOWS\setupapi.log 2014-01-04 23:16 - 2014-01-04 23:16 - 00000848 ____C D:\Documents and Settings\All Users\Pulpit\Oracle VM VirtualBox.lnk 2014-01-04 23:16 - 2014-01-04 23:16 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\Oracle VM VirtualBox 2014-01-04 16:48 - 2013-12-15 15:25 - 00001972 ____C D:\Documents and Settings\All Users\Pulpit\Free YouTube to MP3 Converter.lnk 2013-12-25 12:11 - 2013-12-25 12:11 - 00000687 _____ D:\Documents and Settings\smo\Pulpit\CDRoller.lnk 2013-12-25 12:11 - 2013-12-25 12:11 - 00000000 ___DC D:\Program Files\CDRoller 2013-12-25 12:11 - 2013-12-25 12:11 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\CDRoller 6.31 2013-12-18 17:39 - 2011-07-13 11:30 - 00203024 _____ (Oracle Corporation) D:\WINDOWS\system32\Drivers\VBoxDrv.sys 2013-12-18 17:38 - 2013-12-18 17:38 - 00126224 _____ (Oracle Corporation) D:\WINDOWS\system32\Drivers\VBoxNetFlt.sys 2013-12-18 17:38 - 2011-07-13 11:30 - 00103696 _____ (Oracle Corporation) D:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2013-12-18 17:38 - 2011-04-26 14:10 - 00114960 _____ (Oracle Corporation) D:\WINDOWS\system32\Drivers\VBoxNetAdp.sys 2013-12-18 17:37 - 2013-12-18 17:37 - 00174864 _____ (Oracle Corporation) D:\WINDOWS\system32\VBoxNetFltNobj.dll 2013-12-18 17:29 - 2013-12-10 22:14 - 00000000 ___DC D:\Documents and Settings\All Users\Menu Start\Programy\Google Drive 2013-12-18 17:28 - 2013-12-18 17:28 - 00000000 ___DC D:\Documents and Settings\Default User\Ustawienia lokalne\Dane aplikacji\Google 2013-12-18 17:28 - 2011-04-30 14:38 - 00000000 ___DC D:\Documents and Settings\Default User\Ustawienia lokalne\Dane aplikacji 2013-12-18 17:22 - 2012-10-20 08:09 - 00000042 _____ D:\WINDOWS\oodjobd.INI Some content of TEMP: ==================== D:\Documents and Settings\smo\Ustawienia lokalne\Temp\catchme.dll D:\Documents and Settings\smo\Ustawienia lokalne\Temp\Checkupdate.exe D:\Documents and Settings\smo\Ustawienia lokalne\Temp\Foxit Reader Updater.exe D:\Documents and Settings\smo\Ustawienia lokalne\Temp\Foxit Updater.exe D:\Documents and Settings\smo\Ustawienia lokalne\Temp\gcapi_dll.dll D:\Documents and Settings\smo\Ustawienia lokalne\Temp\gtapi_signed.dll ==================== Bamital & volsnap Check ================= D:\Windows\explorer.exe [2009-12-09 14:40] - [2009-12-09 14:40] - 1705984 ____A (Microsoft Corporation) a9bd5f368966ea709a4bff992f583f07 D:\Windows\System32\winlogon.exe [2010-01-17 15:29] - [2010-01-17 15:29] - 0549888 ____A (Microsoft Corporation) 335813eacd16e84f3047a3326f6e5473 D:\Windows\System32\svchost.exe [2008-04-14 23:51] - [2008-04-14 23:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce D:\Windows\System32\services.exe [2010-01-17 15:00] - [2010-01-17 15:00] - 0111104 ____A (Microsoft Corporation) 8816e60bf654353e8e0d35ed98875445 D:\Windows\System32\User32.dll [2009-06-26 09:30] - [2009-06-26 09:30] - 0642560 ____A (Microsoft Corporation) 946665fa0cc98f57e1023cd21f149d8b D:\Windows\System32\userinit.exe [2008-04-14 23:51] - [2008-04-14 23:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 D:\Windows\System32\rpcss.dll [2010-01-17 15:00] - [2010-01-17 15:00] - 0401408 ____A (Microsoft Corporation) c9e5ac78d9a00b1de8ce2ad1bdde7e42 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. D:\Windows\System32\Drivers\volsnap.sys [2008-04-14 22:31] - [2008-04-14 22:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================