Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by oem (administrator) on 415AE251E69D485 on 05-04-2014 22:43:28
Running from C:\Documents and Settings\oem.415AE251E69D485\Pulpit
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DrvIcon] - C:\Program Files\Vista Drive Icon\DrvIcon.exe
HKLM\...\Run: [HKLM] - C:\WINDOWS\system32\WinDir\Svchost.exe [1172472 2008-07-25] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LogonInit: logonInit.dll [X]
HKLM\...\Policies\Explorer\Run: [Policies] - C:\WINDOWS\system32\WinDir\Svchost.exe [1172472 2008-07-25] ( (Microsoft Corporation))
HKU\S-1-5-21-436374069-1390067357-527237240-1003\...\Run: [HKCU] - C:\WINDOWS\system32\WinDir\Svchost.exe [1172472 2008-07-25] (Microsoft Corporation)
HKU\S-1-5-21-436374069-1390067357-527237240-1003\...\Policies\Explorer\Run: [Policies] - C:\WINDOWS\system32\WinDir\Svchost.exe [1172472 2008-07-25] (Microsoft Corporation)
HKU\S-1-5-21-436374069-1390067357-527237240-1003\...\MountPoints2: {58c4fb06-4f55-11e2-ba85-00304f66e5da} - F:\RunClubSanDisk.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles%\Internet Explorer\iexplore.exe,0
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382808386&from=cor&uid=ST340014A_5JX959AK&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382808386&from=cor&uid=ST340014A_5JX959AK&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\OEM~1.415\DANEAP~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
Toolbar: HKLM - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 188.125.128.2 78.28.48.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\oem.415AE251E69D485\Dane aplikacji\Mozilla\Firefox\Profiles\abn881hl.Zyzz
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: General Crawler - C:\Documents and Settings\oem.415AE251E69D485\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-11-16]
FF Extension: PutLockerDownloader V6.0 - C:\Documents and Settings\oem.415AE251E69D485\Dane aplikacji\Mozilla\Firefox\Profiles\abn881hl.Zyzz\Extensions\2142c4b4-74c0-4c8d-9be5-fdb4bf61b17b@fa0a20eb-0225-46ef-ba03-84e45a86b7d9.com [2013-12-09]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2014-03-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-08]

========================== Services (Whitelisted) =================

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2010-01-17] (Microsoft Corporation)
R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.)

==================== Drivers (Whitelisted) ====================

R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2013-07-27] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-01-06] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPPTNT2; C:\WINDOWS\system32\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [62336 2010-01-17] (Silicon Image, Inc.)
S0 Si3114r5; C:\WINDOWS\system32\Drivers\Si3114r5.sys [195072 2010-01-17] (Silicon Image, Inc)
R0 Si3124; C:\WINDOWS\system32\Drivers\Si3124.sys [69248 2010-01-17] (Silicon Image, Inc.)
R0 Si3132; C:\WINDOWS\system32\Drivers\Si3132.sys [74672 2010-01-17] (Silicon Image, Inc.)
R0 Si3132r5; C:\WINDOWS\system32\Drivers\Si3132r5.sys [215856 2010-01-17] (Silicon Image, Inc)
R0 Si3531; C:\WINDOWS\system32\Drivers\Si3531.sys [212520 2010-01-17] (Silicon Image, Inc)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [225856 2010-01-17] (Microsoft Corporation)
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12800 2010-01-17] (Microsoft Corporation)
R3 V0770Afx; C:\WINDOWS\System32\DRIVERS\V0770Afx.sys [408320 2011-04-28] (Creative Technology Ltd.)
R3 V0770Vid; C:\WINDOWS\System32\DRIVERS\V0770Vid.sys [325376 2012-06-01] (Creative Technology Ltd.)
R3 vscombus; C:\WINDOWS\System32\DRIVERS\vsc2k.sys [140992 2007-06-21] (Vision Systems GmbH)
R3 vspcipar; C:\WINDOWS\System32\DRIVERS\vsp2k.sys [48128 2007-06-21] (Vision Systems GmbH)
S2 WCMVCAM; C:\WINDOWS\System32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider)
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S1 MpKslda0c4348; \??\c:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{CF859B1E-86C8-4485-9E94-1D73FE61B5ED}\MpKslda0c4348.sys [X]
S0 mv91xx; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () <===== ATTENTION Necurs Rootkit?
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 22:43 - 2014-04-05 22:44 - 00013515 ____C () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\FRST.txt
2014-04-05 22:42 - 2014-04-05 22:43 - 00000000 ___DC () C:\FRST
2014-04-05 22:38 - 2014-04-05 22:41 - 01145856 ____C (Farbar) C:\Documents and Settings\oem.415AE251E69D485\Pulpit\FRST.exe
2014-04-05 22:17 - 2014-04-05 22:17 - 00080330 ____C () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\OTL.Txt
2014-04-05 22:17 - 2014-04-05 22:17 - 00042052 ____C () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\Extras.Txt
2014-04-05 21:44 - 2014-04-05 21:44 - 00602112 ____C (OldTimer Tools) C:\Documents and Settings\oem.415AE251E69D485\Pulpit\OTL.scr
2014-04-05 21:41 - 2014-04-05 21:41 - 00602112 ____C (OldTimer Tools) C:\Documents and Settings\oem.415AE251E69D485\Pulpit\OTL.exe
2014-04-05 20:38 - 2014-04-05 20:57 - 00000000 ___DC () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\Dieta
2014-03-30 13:45 - 2014-03-30 13:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-28 23:16 - 2012-03-03 13:27 - 00000000 ___DC () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\[2012] The End Is Where We Begin

==================== One Month Modified Files and Folders =======

2014-04-05 22:44 - 2014-04-05 22:43 - 00013515 ____C () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\FRST.txt
2014-04-05 22:43 - 2014-04-05 22:42 - 00000000 ___DC () C:\FRST
2014-04-05 22:43 - 2012-10-30 01:40 - 00000000 ___DC () C:\Documents and Settings\oem.415AE251E69D485\Pulpit
2014-04-05 22:41 - 2014-04-05 22:38 - 01145856 ____C (Farbar) C:\Documents and Settings\oem.415AE251E69D485\Pulpit\FRST.exe
2014-04-05 22:17 - 2014-04-05 22:17 - 00080330 ____C () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\OTL.Txt
2014-04-05 22:17 - 2014-04-05 22:17 - 00042052 ____C () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\Extras.Txt
2014-04-05 21:56 - 2012-10-30 05:48 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-05 21:44 - 2014-04-05 21:44 - 00602112 ____C (OldTimer Tools) C:\Documents and Settings\oem.415AE251E69D485\Pulpit\OTL.scr
2014-04-05 21:41 - 2014-04-05 21:41 - 00602112 ____C (OldTimer Tools) C:\Documents and Settings\oem.415AE251E69D485\Pulpit\OTL.exe
2014-04-05 21:35 - 2014-02-02 19:52 - 00008059 _____ () C:\WINDOWS\setupact.log
2014-04-05 21:31 - 2012-10-30 01:21 - 01504236 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-05 21:28 - 2014-01-21 23:30 - 00407029 _____ () C:\WINDOWS\setupapi.log
2014-04-05 21:24 - 2012-10-30 02:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-05 21:24 - 2012-10-30 02:00 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-05 21:24 - 2012-10-30 01:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-05 21:22 - 2012-10-30 01:40 - 00000188 __SHC () C:\Documents and Settings\oem.415AE251E69D485\ntuser.ini
2014-04-05 21:22 - 2012-10-30 01:32 - 00032618 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-05 21:19 - 2013-07-01 20:56 - 00147608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-05 21:19 - 2011-10-09 14:34 - 00000000 ____D () C:\WINDOWS\system32\VITrans
2014-04-05 21:18 - 2012-12-10 19:04 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-04-05 21:13 - 2013-12-22 16:35 - 00000000 ___DC () C:\Documents and Settings\oem.415AE251E69D485\Dane aplikacji\Skype
2014-04-05 21:09 - 2012-10-30 01:56 - 00000000 __RDC () C:\Documents and Settings\All Users.WINDOWS\Menu Start
2014-04-05 21:09 - 2011-05-19 17:14 - 00000000 ____D () C:\WINDOWS\Media
2014-04-05 21:09 - 2011-05-19 17:14 - 00000000 ____D () C:\WINDOWS\Cursors
2014-04-05 21:05 - 2014-02-04 13:50 - 00043888 _____ () C:\WINDOWS\DPINST.LOG
2014-04-05 21:05 - 2012-10-30 01:56 - 00000000 __RDC () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy
2014-04-05 21:05 - 2012-10-30 01:56 - 00000000 ___DC () C:\Documents and Settings\All Users.WINDOWS\Pulpit
2014-04-05 21:03 - 2014-02-15 01:55 - 00000000 ____D () C:\WINDOWS\Globalization
2014-04-05 21:02 - 2010-01-17 22:37 - 00563788 _____ () C:\WINDOWS\system32\perfh015.dat
2014-04-05 21:02 - 2010-01-17 22:37 - 00107886 _____ () C:\WINDOWS\system32\perfc015.dat
2014-04-05 21:01 - 2012-10-30 01:55 - 00000000 __HDC () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji
2014-04-05 20:57 - 2014-04-05 20:38 - 00000000 ___DC () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\Dieta
2014-04-05 20:56 - 2013-12-25 22:01 - 00005120 ___SH () C:\Documents and Settings\Administrator.120D2964B393428\Pulpit\Thumbs.db
2014-04-05 20:56 - 2011-10-05 10:06 - 00000000 ____D () C:\Documents and Settings\Administrator.120D2964B393428\Pulpit
2014-04-05 20:50 - 2012-10-30 01:40 - 00000000 __HDC () C:\Documents and Settings\oem.415AE251E69D485\Dane aplikacji
2014-04-05 20:49 - 2013-09-28 21:38 - 00000000 ___DC () C:\Documents and Settings\oem.415AE251E69D485\Dane aplikacji\Google
2014-04-05 20:47 - 2012-10-31 05:57 - 00000000 ___DC () C:\Documents and Settings\oem.415AE251E69D485\Ustawienia lokalne\Dane aplikacji\Google
2014-04-05 20:45 - 2012-10-30 01:40 - 00000000 __HDC () C:\Documents and Settings\oem.415AE251E69D485\Ustawienia lokalne\Dane aplikacji
2014-04-05 20:38 - 2013-12-22 16:53 - 00002267 ____C () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Skype.lnk
2014-04-04 12:35 - 2012-10-30 01:57 - 01302246 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-31 20:44 - 2012-10-30 01:40 - 00000000 __RDC () C:\Documents and Settings\oem.415AE251E69D485\Menu Start\Programy
2014-03-30 18:15 - 2012-08-01 08:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 13:47 - 2014-03-30 13:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 21:51 - 2013-01-05 00:56 - 00000000 __HDC () C:\Documents and Settings\oem.415AE251E69D485\Pulpit\.picasaoriginals
2014-03-24 22:29 - 2012-10-30 01:40 - 00000000 __RDC () C:\Documents and Settings\oem.415AE251E69D485\Moje dokumenty\Moje obrazy
2014-03-24 18:45 - 2010-01-17 22:37 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-23 11:27 - 2012-02-26 18:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-22 21:32 - 2012-11-22 22:10 - 00000000 ___DC () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Microsoft Silverlight
2014-03-11 21:58 - 2012-10-30 05:48 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 21:58 - 2012-10-30 05:48 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-09 23:07 - 2014-02-01 16:33 - 00001612 _____ () C:\WINDOWS\wmsetup.log

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temp\mpam-5c4de3e4.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temp\mpam-88d536bd.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temp\mpam-9741f545.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temp\mpam-9d109683.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temp\mpam-c3505dfe.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temp\mpam-e140459c.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temp\mpam-eb9e9aa3.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Temp\mpam-fb0e5c0a.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.001\Ustawienia lokalne\Temp\mpam-b3dc84c0.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.001\Ustawienia lokalne\Temp\mpam-cafa22ed.exe
C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.001\Ustawienia lokalne\Temp\mpam-d70d9dfb.exe
C:\Documents and Settings\oem.415AE251E69D485\Ustawienia lokalne\Temp\NEventMessages.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2010-01-17 22:37] - [2010-01-17 22:37] - 1433600 ___AC (Microsoft Corporation) f3f4ab43668cc50aa8c5595d3e4cbc2b 

C:\WINDOWS\system32\winlogon.exe
[2010-01-17 22:37] - [2010-01-17 22:37] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2010-01-17 22:37] - [2010-01-17 22:37] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2010-01-17 22:37] - [2010-01-17 22:37] - 0111104 ____A (Microsoft Corporation) 8816e60bf654353e8e0d35ed98875445 

C:\WINDOWS\system32\User32.dll
[2010-01-17 22:37] - [2010-01-17 22:37] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2010-01-17 22:37] - [2010-01-17 22:37] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2010-01-17 22:37] - [2010-01-17 22:37] - 0401408 ____A (Microsoft Corporation) c9e5ac78d9a00b1de8ce2ad1bdde7e42 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2010-01-17 22:37] - [2010-01-17 22:37] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================