Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by Paulina (administrator) on PAULINA-NETBOOK on 11-03-2014 17:57:04
Running from C:\Documents and Settings\Paulina\Moje dokumenty
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\devmgrsrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64\opera.exe
() C:\Program Files\Opera\20.0.1387.64\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64\opera.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64\opera.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64\opera.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\audiosrv.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Documents and Settings\Paulina\Moje dokumenty\ux3hp8lk.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Intel\Bluetooth\btmshell.dll [32947280 2012-09-17] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GfxServiceInstall] - C:\WINDOWS\system32\GfxCUIServiceInstall.vbs
HKLM\...\Run: [DMHotKey] - C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [466944 2006-12-27] (SAMSUNG Electronics)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [GB_UPDATE] - C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe [2051688 2013-06-05] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [XP_EOS] - C:\WINDOWS\system32\xp_eos.exe /r [13312 2014-02-27] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes\Malwarebytes Anti-Malware\cleanup.dll",ProcessCleanupScript "C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes\Malwarebytes Anti-Malware" [1652024 2014-01-28] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\.DEFAULT\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\.DEFAULT\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-19\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-20\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-682003330-839522115-527237240-1003\...\Run: [Smart Brightness Controller] - C:\Program Files\Smart Brightness Controller\Smart Brightness Controller.exe
HKU\S-1-5-21-682003330-839522115-527237240-1003\...\Run: [DriverToolkit] - "C:\Program Files\DriverToolkit\DriverToolkit.exe" --autorun
HKU\S-1-5-21-682003330-839522115-527237240-1003\...\MountPoints2: {491bdb58-55cb-11e3-86dd-81edc3309ae0} - E:\AutoRun.exe
HKU\S-1-5-21-682003330-839522115-527237240-1003\...\MountPoints2: {4dff5f3c-4df4-11e3-86cb-8eee011884db} - E:\AutoRun.exe
HKU\S-1-5-21-682003330-839522115-527237240-1003\...\MountPoints2: {4dff5f40-4df4-11e3-86cb-f0dc65a972be} - E:\AutoRun.exe
HKU\S-1-5-21-682003330-839522115-527237240-1003\...\MountPoints2: {6e699f7e-6e6b-11e3-872e-e6726e77a4a4} - E:\AutoRun.exe
HKU\S-1-5-21-682003330-839522115-527237240-1003\...\MountPoints2: {708cdfb2-5117-11e3-86d1-d6d40fb6782b} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=20.4.0.40
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS543232A7A384_E2P312333LZ7WJ3LZ7WJX&ts=1384188134&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS543232A7A384_E2P312333LZ7WJ3LZ7WJX&ts=1384188134&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=20.4.0.40
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=HitachiXHTS543232A7A384_E2P312333LZ7WJ3LZ7WJX&ts=1384188134
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

R3 Bluetooth Device Manager; C:\Program Files\Intel\Bluetooth\devmgrsrv.exe [3541584 2012-06-18] (Intel Corporation)
R2 Bluetooth Media Service; C:\Program Files\Intel\Bluetooth\audiosrv.exe [949328 2012-06-18] (Intel Corporation)
R2 Bluetooth OBEX Service; C:\Program Files\Intel\Bluetooth\obexsrv.exe [566864 2012-06-18] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-01-28] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [842040 2014-01-28] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 analog; C:\WINDOWS\System32\DRIVERS\analog.sys [9088 2012-09-30] (Intel Corporation)
S3 BTMCOM; C:\WINDOWS\System32\Drivers\btmcom.sys [41472 2011-03-10] (Intel Corporation)
R3 BTMUSB; C:\WINDOWS\System32\DRIVERS\btmusb.sys [566784 2012-09-17] (Intel Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 DOSMEMIO; C:\WINDOWS\system32\MEMIO.SYS [4300 2000-08-24] ()
S3 dp; C:\WINDOWS\System32\DRIVERS\dp.sys [21504 2012-09-30] (Intel Corporation)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 hdmi; C:\WINDOWS\System32\DRIVERS\hdmi.sys [16000 2012-09-30] (Intel Corporation)
R3 iBtFltCoex; C:\WINDOWS\System32\DRIVERS\iBtFltCoex.sys [55336 2012-08-03] (Intel Corporation)
R3 iegdmini; C:\WINDOWS\System32\DRIVERS\iegdmini.sys [638464 2012-09-30] (Intel Corporation)
R3 lvds; C:\WINDOWS\System32\DRIVERS\lvds.sys [12032 2012-09-30] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-01-28] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107224 2014-03-11] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETwNx32; C:\WINDOWS\System32\DRIVERS\Netwxn00.sys [10287984 2013-05-02] (Intel Corporation)
U0 rthdqiax; C:\WINDOWS\System32\drivers\ennihcaw.sys [52440 2014-03-11] (Malwarebytes Corporation)
R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [69168 2013-11-11] (Silicon Image, Inc.)
S0 Si3114r5; C:\WINDOWS\system32\Drivers\Si3114r5.sys [211496 2013-11-11] (Silicon Image, Inc)
R0 Si3124; C:\WINDOWS\system32\Drivers\Si3124.sys [69248 2013-11-11] (Silicon Image, Inc.)
R0 Si3132; C:\WINDOWS\system32\Drivers\Si3132.sys [80424 2013-11-11] (Silicon Image, Inc)
R0 Si3132r5; C:\WINDOWS\system32\Drivers\Si3132r5.sys [217128 2013-11-11] (Silicon Image, Inc)
R0 Si3531; C:\WINDOWS\system32\Drivers\Si3531.sys [210736 2013-11-11] (Silicon Image, Inc)
R3 WinRing0_1_2_0; C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [14416 2012-08-01] (OpenLibSys.org)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 igddim32; system32\DRIVERS\igddim32.sys [X]
S3 igdkmd32; system32\DRIVERS\igdkmd32.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; 
U3 awtdqaod; \??\C:\DOCUME~1\Paulina\USTAWI~1\Temp\awtdqaod.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 17:57 - 2014-03-11 17:57 - 00011524 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\FRST.txt
2014-03-11 17:55 - 2014-03-11 17:57 - 00000000 ____D () C:\FRST
2014-03-11 17:54 - 2014-03-11 17:55 - 00015067 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\GMER.txt
2014-03-11 16:28 - 2014-03-11 16:28 - 00070616 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\OTL.Txt
2014-03-11 16:28 - 2014-03-11 16:28 - 00033952 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\Extras.Txt
2014-03-11 16:09 - 2014-03-11 16:09 - 01145856 _____ (Farbar) C:\Documents and Settings\Paulina\Moje dokumenty\FRST.exe
2014-03-11 16:02 - 2014-03-11 16:02 - 00380416 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\ux3hp8lk.exe
2014-03-11 15:59 - 2014-03-11 15:59 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Paulina\Moje dokumenty\OTL.exe
2014-03-11 15:53 - 2014-03-11 15:53 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\ennihcaw.sys
2014-03-11 15:53 - 2014-03-11 15:53 - 00002292 _____ () C:\WINDOWS\system32\lsuckum
2014-03-11 15:36 - 2014-03-11 16:19 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-11 15:36 - 2014-03-11 15:36 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-03-11 15:36 - 2014-03-11 15:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2014-03-11 15:35 - 2014-03-11 15:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-11 15:35 - 2014-03-11 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-03-11 15:35 - 2014-02-20 10:47 - 00000000 ____D () C:\Documents and Settings\Paulina\Pulpit\Malwarebytes' Anti-Malware 2.00.0.0502 B ( Multi )( Zarejestrowany )
2014-03-11 15:35 - 2014-01-28 12:39 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-11 15:35 - 2014-01-28 12:38 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-11 15:33 - 2014-03-11 15:28 - 18215203 _____ () C:\Documents and Settings\Paulina\Pulpit\Malwarebytes'.Anti-Malware.2.00.0.0502.B.Zarejestrowany.rar
2014-03-11 14:09 - 2014-03-11 14:10 - 00004928 _____ () C:\WINDOWS\KB2934207.log
2014-03-11 14:09 - 2014-03-11 14:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-11 14:09 - 2014-03-11 14:09 - 00000000 ____D () C:\WINDOWS\LastGood
2014-03-11 13:36 - 2014-02-27 00:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-11 13:36 - 2014-02-27 00:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-10 21:17 - 2014-03-10 21:17 - 02072555 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\cstrike (10).rar
2014-03-10 21:17 - 2014-03-10 21:17 - 00000000 ____D () C:\Documents and Settings\Paulina\Moje dokumenty\cstrike (10)
2014-03-10 19:49 - 2014-03-10 19:49 - 05696365 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\download.zip
2014-02-22 12:15 - 2014-02-22 12:32 - 00000024 _____ () C:\Documents and Settings\Paulina\random.dat
2014-02-22 12:15 - 2014-02-22 12:15 - 00000063 _____ () C:\Documents and Settings\Paulina\jagex_cl_runescape_LIVE.dat
2014-02-22 12:15 - 2014-02-22 12:15 - 00000000 ____D () C:\Documents and Settings\Paulina\jagexcache
2014-02-22 11:52 - 2014-02-22 11:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini022214-01.dmp
2014-02-22 11:24 - 2014-02-22 11:24 - 00064200 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2014-02-22 11:23 - 2014-02-22 11:53 - 00001084 _____ () C:\WINDOWS\spupdsvc.log
2014-02-21 19:56 - 2014-02-21 19:56 - 00000000 ____D () C:\WINDOWS\Sun
2014-02-21 19:55 - 2014-02-21 19:55 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java
2014-02-21 19:55 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-21 19:55 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-21 19:55 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-21 19:55 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-21 19:55 - 2013-12-18 20:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-02-21 19:54 - 2014-02-21 19:55 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-21 19:53 - 2014-02-21 19:53 - 00921512 _____ (Oracle Corporation) C:\Documents and Settings\Paulina\Moje dokumenty\jre-7u51-windows-i586-iftw.exe
2014-02-14 18:13 - 2014-02-14 18:14 - 00011323 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-14 16:19 - 2014-02-14 18:14 - 00003604 _____ () C:\WINDOWS\updspapi.log
2014-02-14 16:19 - 2014-02-14 16:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-14 16:03 - 2014-03-11 14:10 - 00026809 _____ () C:\WINDOWS\iis6.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00014736 _____ () C:\WINDOWS\ocgen.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00011319 _____ () C:\WINDOWS\tsoc.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00007706 _____ () C:\WINDOWS\msmqinst.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00004332 _____ () C:\WINDOWS\netfxocm.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00001544 _____ () C:\WINDOWS\ocmsn.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00001276 _____ () C:\WINDOWS\tabletoc.log
2014-02-14 16:03 - 2014-03-11 14:10 - 00001236 _____ () C:\WINDOWS\msgsocm.log
2014-02-14 16:02 - 2014-02-14 16:03 - 00004237 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-13 20:50 - 2014-02-13 20:50 - 00010240 ___SH () C:\Documents and Settings\Paulina\Moje dokumenty\Thumbs.db
2014-02-12 11:11 - 2014-02-14 16:19 - 00012152 _____ () C:\WINDOWS\KB2916036.log

==================== One Month Modified Files and Folders =======

2014-03-11 17:57 - 2014-03-11 17:57 - 00011524 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\FRST.txt
2014-03-11 17:57 - 2014-03-11 17:55 - 00000000 ____D () C:\FRST
2014-03-11 17:57 - 2013-11-11 15:59 - 00000000 ___RD () C:\Documents and Settings\Paulina\Moje dokumenty
2014-03-11 17:55 - 2014-03-11 17:54 - 00015067 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\GMER.txt
2014-03-11 17:13 - 2014-01-30 14:08 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-11 16:28 - 2014-03-11 16:28 - 00070616 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\OTL.Txt
2014-03-11 16:28 - 2014-03-11 16:28 - 00033952 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\Extras.Txt
2014-03-11 16:24 - 2013-11-11 15:51 - 01917146 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-11 16:19 - 2014-03-11 15:36 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-11 16:19 - 2014-01-28 14:25 - 00005952 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-03-11 16:18 - 2013-11-11 16:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-11 16:18 - 2013-11-11 16:46 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-03-11 16:18 - 2013-11-11 15:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-11 16:17 - 2013-11-11 15:58 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-11 16:17 - 2013-11-11 15:58 - 00000188 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-03-11 16:09 - 2014-03-11 16:09 - 01145856 _____ (Farbar) C:\Documents and Settings\Paulina\Moje dokumenty\FRST.exe
2014-03-11 16:02 - 2014-03-11 16:02 - 00380416 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\ux3hp8lk.exe
2014-03-11 15:59 - 2014-03-11 15:59 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Paulina\Moje dokumenty\OTL.exe
2014-03-11 15:53 - 2014-03-11 15:53 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\ennihcaw.sys
2014-03-11 15:53 - 2014-03-11 15:53 - 00002292 _____ () C:\WINDOWS\system32\lsuckum
2014-03-11 15:53 - 2013-11-11 16:44 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-03-11 15:53 - 2013-11-11 15:59 - 00000000 ___HD () C:\Documents and Settings\Paulina\Ustawienia lokalne\Dane aplikacji
2014-03-11 15:36 - 2014-03-11 15:36 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-03-11 15:36 - 2014-03-11 15:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2014-03-11 15:36 - 2014-03-11 15:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-11 15:36 - 2013-11-11 16:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-03-11 15:36 - 2013-11-11 16:44 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-03-11 15:35 - 2014-03-11 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-03-11 15:35 - 2013-11-11 15:59 - 00000000 ____D () C:\Documents and Settings\Paulina\Pulpit
2014-03-11 15:28 - 2014-03-11 15:33 - 18215203 _____ () C:\Documents and Settings\Paulina\Pulpit\Malwarebytes'.Anti-Malware.2.00.0.0502.B.Zarejestrowany.rar
2014-03-11 14:55 - 2013-11-29 20:03 - 00000000 ____D () C:\Program Files\Steam
2014-03-11 14:12 - 2014-02-03 22:31 - 00054772 _____ () C:\WINDOWS\KB2481109.log
2014-03-11 14:10 - 2014-03-11 14:09 - 00004928 _____ () C:\WINDOWS\KB2934207.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00026809 _____ () C:\WINDOWS\iis6.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00014736 _____ () C:\WINDOWS\ocgen.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00011319 _____ () C:\WINDOWS\tsoc.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00007706 _____ () C:\WINDOWS\msmqinst.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00004332 _____ () C:\WINDOWS\netfxocm.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00001544 _____ () C:\WINDOWS\ocmsn.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00001276 _____ () C:\WINDOWS\tabletoc.log
2014-03-11 14:10 - 2014-02-14 16:03 - 00001236 _____ () C:\WINDOWS\msgsocm.log
2014-03-11 14:10 - 2013-11-11 16:44 - 00636027 _____ () C:\WINDOWS\FaxSetup.log
2014-03-11 14:10 - 2013-11-11 16:44 - 00221970 _____ () C:\WINDOWS\comsetup.log
2014-03-11 14:10 - 2013-11-11 16:44 - 00132727 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-11 14:09 - 2014-03-11 14:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-11 14:09 - 2014-03-11 14:09 - 00000000 ____D () C:\WINDOWS\LastGood
2014-03-11 13:44 - 2013-12-07 05:50 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-03-11 13:41 - 2013-11-15 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService
2014-03-11 13:40 - 2014-01-01 14:12 - 00100433 _____ () C:\WINDOWS\setupapi.log
2014-03-11 13:34 - 2014-01-30 14:00 - 00007773 _____ () C:\autoupdate.log
2014-03-11 13:34 - 2013-11-11 15:58 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-10 23:24 - 2013-11-11 15:59 - 00000188 ___SH () C:\Documents and Settings\Paulina\ntuser.ini
2014-03-10 21:23 - 2013-11-24 16:57 - 00000000 ____D () C:\Documents and Settings\Paulina\Dane aplikacji\TS3Client
2014-03-10 21:17 - 2014-03-10 21:17 - 02072555 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\cstrike (10).rar
2014-03-10 21:17 - 2014-03-10 21:17 - 00000000 ____D () C:\Documents and Settings\Paulina\Moje dokumenty\cstrike (10)
2014-03-10 20:00 - 2014-01-28 22:46 - 00000000 ___RD () C:\Documents and Settings\Paulina\Moje dokumenty\Moje obrazy
2014-03-10 19:49 - 2014-03-10 19:49 - 05696365 _____ () C:\Documents and Settings\Paulina\Moje dokumenty\download.zip
2014-03-10 13:47 - 2014-01-21 21:56 - 00000000 ____D () C:\Documents and Settings\Paulina\Pulpit\cs
2014-03-04 17:26 - 2013-11-11 16:11 - 00000000 ____D () C:\Program Files\Opera
2014-03-01 09:02 - 2013-11-11 16:44 - 00281699 _____ () C:\WINDOWS\setupact.log
2014-02-27 00:28 - 2014-03-11 13:36 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-27 00:28 - 2014-03-11 13:36 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-22 12:32 - 2014-02-22 12:15 - 00000024 _____ () C:\Documents and Settings\Paulina\random.dat
2014-02-22 12:15 - 2014-02-22 12:15 - 00000063 _____ () C:\Documents and Settings\Paulina\jagex_cl_runescape_LIVE.dat
2014-02-22 12:15 - 2014-02-22 12:15 - 00000000 ____D () C:\Documents and Settings\Paulina\jagexcache
2014-02-22 12:15 - 2013-11-11 15:59 - 00000000 ____D () C:\Documents and Settings\Paulina
2014-02-22 11:53 - 2014-02-22 11:23 - 00001084 _____ () C:\WINDOWS\spupdsvc.log
2014-02-22 11:52 - 2014-02-22 11:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini022214-01.dmp
2014-02-22 11:52 - 2013-11-11 19:03 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-22 11:52 - 2013-11-11 16:43 - 00096664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-22 11:45 - 2013-11-11 15:49 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-22 11:34 - 2013-11-11 19:47 - 00012328 _____ () C:\Documents and Settings\Paulina\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2014-02-22 11:33 - 2013-11-11 16:44 - 01205056 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-22 11:33 - 2013-11-11 16:13 - 00554706 _____ () C:\WINDOWS\system32\perfh015.dat
2014-02-22 11:33 - 2013-11-11 16:13 - 00104354 _____ () C:\WINDOWS\system32\perfc015.dat
2014-02-22 11:24 - 2014-02-22 11:24 - 00064200 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2014-02-22 11:24 - 2013-12-14 05:05 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-02-22 11:24 - 2013-11-11 15:58 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji
2014-02-22 11:16 - 2013-11-11 15:51 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-02-22 11:13 - 2013-11-11 17:33 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-22 11:13 - 2013-11-11 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-21 19:56 - 2014-02-21 19:56 - 00000000 ____D () C:\WINDOWS\Sun
2014-02-21 19:55 - 2014-02-21 19:55 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java
2014-02-21 19:55 - 2014-02-21 19:54 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-21 19:55 - 2013-11-11 18:30 - 00000000 ____D () C:\Program Files\Java
2014-02-21 19:53 - 2014-02-21 19:53 - 00921512 _____ (Oracle Corporation) C:\Documents and Settings\Paulina\Moje dokumenty\jre-7u51-windows-i586-iftw.exe
2014-02-20 10:47 - 2014-03-11 15:35 - 00000000 ____D () C:\Documents and Settings\Paulina\Pulpit\Malwarebytes' Anti-Malware 2.00.0.0502 B ( Multi )( Zarejestrowany )
2014-02-15 02:24 - 2013-11-11 20:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-15 02:22 - 2013-11-11 20:09 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-14 18:14 - 2014-02-14 18:13 - 00011323 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-14 18:14 - 2014-02-14 16:19 - 00003604 _____ () C:\WINDOWS\updspapi.log
2014-02-14 18:14 - 2013-11-11 16:44 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-14 18:13 - 2013-11-11 20:03 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-14 16:19 - 2014-02-14 16:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-14 16:19 - 2014-02-12 11:11 - 00012152 _____ () C:\WINDOWS\KB2916036.log
2014-02-14 16:03 - 2014-02-14 16:02 - 00004237 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-13 20:50 - 2014-02-13 20:50 - 00010240 ___SH () C:\Documents and Settings\Paulina\Moje dokumenty\Thumbs.db

Files to move or delete:
====================
C:\Documents and Settings\Paulina\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Paulina\random.dat


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2013-11-11 16:10] - [2013-11-11 16:10] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2013-11-11 16:09] - [2013-11-11 16:09] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2013-11-11 16:05] - [2013-11-11 16:05] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2013-11-11 16:13] - [2013-11-11 16:13] - 0111104 ____A (Microsoft Corporation) 8816e60bf654353e8e0d35ed98875445 

C:\WINDOWS\system32\User32.dll
[2013-11-11 16:02] - [2013-11-11 16:02] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2013-11-11 16:08] - [2013-11-11 16:08] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2013-11-11 16:00] - [2013-11-11 16:00] - 0401408 ____A (Microsoft Corporation) c9e5ac78d9a00b1de8ce2ad1bdde7e42 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2013-11-11 16:07] - [2013-11-11 16:07] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================