Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014 03
Ran by apple3 (administrator) on BARANOWS-FFE0B1 on 27-04-2014 03:44:32
Running from C:\Documents and Settings\apple3\Pulpit\INSTALKI\fixit
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\system32\savedump.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
() C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\WINDOWS\system32\AppleOSSMgr.exe
(Apple Inc.) C:\WINDOWS\system32\AppleTimeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
( ) C:\WINDOWS\system32\lxdmcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13750272 2009-04-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2009-04-15] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [431408 2009-07-22] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [lxdmmon.exe] => C:\Program Files\Lexmark 5000 Series\lxdmmon.exe [455336 2010-02-12] ()
HKLM\...\Run: [lxdmamon] => C:\Program Files\Lexmark 5000 Series\lxdmamon.exe [25256 2010-02-12] ()
HKLM\...\Run: [Lexmark 5000 Series Fax Server] => C:\Program Files\Lexmark 5000 Series\fm3032.exe [307880 2010-02-12] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
HKU\.DEFAULT\...\RunOnce: [Del1157218] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\Run: [EPSON PX810FW Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFRE.EXE [199680 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\MountPoints2: {082aad18-1b87-11e1-92b2-002608d91702} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\MountPoints2: {082aad1a-1b87-11e1-92b2-002608d91702} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\MountPoints2: {26caf123-b30b-11e0-91e1-002608d91702} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\MountPoints2: {43461b4e-1c31-11e1-92b4-002608d91702} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\MountPoints2: {94bd326f-bc32-11e0-91e9-002608d91702} - E:\Toshiba\Launcher\start.exe
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\MountPoints2: {af3d6c6a-0329-11e1-926a-002608d91702} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\MountPoints2: {d8e11d54-1d1a-11e1-92b8-002608d91702} - E:\AutoRun.exe
HKU\S-1-5-21-1801674531-1123561945-2147047481-1003\...\MountPoints2: {f81e399a-1b85-11e1-92b1-002608d91702} - E:\AutoRun.exe
Startup: C:\Documents and Settings\apple3\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.pl/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {E0330E2C-F2B2-478F-B629-4EE252F5065A} URL = http://startsear.ch/?aff=1&src=sp&cf=edaa28ae-d9b0-11e1-94db-002608d91702&q={searchTerms}
SearchScopes: HKCU - DefaultScope 6F09D7F7060E4EAAB00D19067F92DCC9 URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=081F00FF8894748A&affID=125032&tsp=5033
SearchScopes: HKCU - 6F09D7F7060E4EAAB00D19067F92DCC9 URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=081F00FF8894748A&affID=125032&tsp=5033
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9F888F05-67DE-416B-8467-C87005C334AB} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {C0FDD538-41A0-44FE-9E0F-8EA45DA09E22} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EPL&gct=sb&itbv=12.10.3.34&apn_uid=DBD0480D-8181-4B71-A2FA-73F313B1D5BC&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EPL&apn_dbr=ie_8.0.6001.18702&doi=2014-03-18&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {E0330E2C-F2B2-478F-B629-4EE252F5065A} URL = http://startsear.ch/?aff=1&src=sp&cf=edaa28ae-d9b0-11e1-94db-002608d91702&q={searchTerms}
BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll No File
Toolbar: HKLM - Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256659542234
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\apple3\Dane aplikacji\Mozilla\Firefox\Profiles\plxov3bu.default-1364137660468
FF DefaultSearchEngine: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: https://www.google.pl/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Bitdefender QuickScan - C:\Documents and Settings\apple3\Dane aplikacji\Mozilla\Firefox\Profiles\plxov3bu.default-1364137660468\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-04-22]
FF Extension: Blokowanie banerów - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-04-01]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-04-01]
FF Extension: z - C:\Program Files\Mozilla Firefox\extensions\{bcece5d6-e6c2-8b6c-b81c-ff26cad01832} [2014-04-01]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-09-16]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-09-16]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-09-16]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-09-16]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-09-16]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-30]

========================== Services (Whitelisted) =================

R2 AppleOSSMgr; C:\WINDOWS\system32\AppleOSSMgr.exe [136496 2009-07-22] ()
R2 AppleTimeSrv; C:\WINDOWS\system32\AppleTimeSrv.exe [99632 2009-07-22] (Apple Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
S2 BootlogService; C:\Program Files\Greatis\BootLog XP\BootLogService.exe [65248 2009-12-04] (Greatis Software (c))
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671368 2012-05-05] (Juniper Networks)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EPSON_EB_RPCV4_01; C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2007-11-08] (The Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [1515599 2007-11-08] (The Firebird Project)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 lxdmCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe [99248 2007-06-07] (Lexmark International, Inc.)
R2 lxdm_device; C:\WINDOWS\system32\lxdmcoms.exe [598960 2007-06-07] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

R0 AppleHFS; C:\WINDOWS\system32\Drivers\AppleHFS.sys [48000 2009-07-22] (Apple Inc.)
R0 AppleMNT; C:\WINDOWS\system32\Drivers\AppleMNT.sys [5120 2009-07-22] (Apple Inc.)
R3 applemtm; C:\WINDOWS\System32\DRIVERS\applemtm.sys [10496 2009-07-22] (Apple Inc.)
R3 applemtp; C:\WINDOWS\System32\DRIVERS\applemtp.sys [29440 2009-07-22] (Apple Inc.)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.)
S3 AVPsys; C:\WINDOWS\system32\drivers\cdaudio.sys [18688 2001-08-17] (Microsoft Corporation)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2009-07-22] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cxbu0wdm; C:\WINDOWS\System32\DRIVERS\cxbu0wdm.sys [119040 2011-09-06] (HID Global Corporation)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2012-05-05] (Juniper Networks)
S3 GTwinUSB; C:\WINDOWS\System32\Drivers\GTwinUSB.sys [61840 2004-06-28] (Gemplus)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\clhdaud.sys [27648 2009-07-22] (Cirrus Logic)
R3 IRRemoteFlt; C:\WINDOWS\System32\DRIVERS\IRFilter.sys [16512 2009-07-22] (Apple Inc.)
R2 KeyAgent; C:\WINDOWS\system32\drivers\KeyAgent.sys [5760 2009-07-22] (Apple Inc.)
R3 KeyMagic; C:\WINDOWS\System32\DRIVERS\KeyMagic.sys [23552 2009-07-22] (Apple Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [593504 2013-10-11] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24160 2013-10-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-10-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
R2 MacHALDriver; C:\WINDOWS\system32\drivers\MacHALDriver.sys [8576 2009-07-22] (Apple Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-27] (Malwarebytes Corporation)
S3 MSIRCOMM; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [22016 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2009-07-22] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2009-07-22] (NVIDIA Corporation)
U3 PROCMON23; C:\WINDOWS\System32\Drivers\PROCMON23.SYS [65048 2013-07-31] (Sysinternals - www.sysinternals.com)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25984 2009-07-16] (The OpenVPN Project)
S3 zte_cdc_acm; C:\WINDOWS\System32\DRIVERS\zte_cdc_acm.sys [67968 2011-08-10] (ZTE)
S3 zte_cpo; C:\WINDOWS\System32\DRIVERS\zte_cpo.sys [9984 2011-08-10] (ZTE)
U2 CertPropSvc; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-04-24] (Kaspersky Lab ZAO)
U1 WS2IFSL; 
S2 zumbus; system32\DRIVERS\zumbus.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-27 03:42 - 2014-04-27 03:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-27 03:42 - 2014-04-27 03:41 - 00131072 _____ () C:\WINDOWS\Minidump\Mini042714-01.dmp
2014-04-27 03:29 - 2014-04-27 03:44 - 00000000 ____D () C:\FRST
2014-04-26 19:30 - 2014-04-26 19:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-26 19:27 - 2014-04-27 02:57 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-04-26 19:24 - 2014-04-26 19:24 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-04-26 11:04 - 2014-04-26 11:06 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\archiwum plikow
2014-04-26 06:58 - 2014-04-26 06:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-26 06:32 - 2014-04-26 06:54 - 00000000 ____D () C:\AdwCleaner
2014-04-26 04:06 - 2014-04-27 03:44 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 04:06 - 2014-04-26 04:06 - 00000785 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-04-26 04:06 - 2014-04-26 04:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-26 04:06 - 2014-04-26 04:06 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2014-04-26 04:06 - 2014-04-26 04:06 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-04-26 04:06 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-26 04:06 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-25 13:51 - 2014-04-25 13:51 - 00000761 _____ () C:\Documents and Settings\apple3\Menu Start\Programy\fillUp Przyjazne formularze, druki, deklaracje, umowy.lnk
2014-04-25 13:51 - 2014-04-25 13:51 - 00000755 _____ () C:\Documents and Settings\apple3\Pulpit\fillUp Przyjazne formularze.lnk
2014-04-25 13:51 - 2014-04-25 13:51 - 00000000 ____D () C:\Documents and Settings\apple3\Dane aplikacji\com.efile.fillup
2014-04-25 13:51 - 2014-04-25 13:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\fillUp Przyjazne formularze
2014-04-25 13:50 - 2014-04-25 13:50 - 17948952 _____ (e-file sp. z o.o. ) C:\Documents and Settings\apple3\Pulpit\setup_fillUp_vat7_formularz_2642279.exe
2014-04-25 13:48 - 2014-04-25 13:48 - 01392100 _____ () C:\Documents and Settings\apple3\Pulpit\421.gofin
2014-04-25 10:30 - 2014-04-25 15:19 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\deklaracje
2014-04-24 10:49 - 2014-04-24 10:49 - 00004276 _____ () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\recently-used.xbel
2014-04-24 10:49 - 2014-04-24 10:49 - 00000000 ____D () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\gtk-2.0
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 ____D () C:\Documents and Settings\apple3\.thumbnails
2014-04-24 10:38 - 2014-04-24 10:50 - 00000000 ____D () C:\Documents and Settings\apple3\.gimp-2.8
2014-04-24 10:38 - 2014-04-24 10:38 - 00000000 ____D () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\gegl-0.2
2014-04-24 10:36 - 2014-04-24 10:36 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\różne
2014-04-24 10:32 - 2014-04-24 10:32 - 00000767 _____ () C:\Documents and Settings\All Users\Pulpit\Picasa 3.lnk
2014-04-24 10:30 - 2014-04-24 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Picasa 3
2014-04-24 10:29 - 2014-04-24 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2014-04-24 10:28 - 2014-04-24 10:32 - 00000000 ____D () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\Google
2014-04-24 10:28 - 2014-04-24 10:30 - 00007956 _____ () C:\WINDOWS\KB952011.log
2014-04-24 10:28 - 2014-04-24 10:28 - 00000000 ____D () C:\Program Files\Google
2014-04-24 10:27 - 2014-04-24 10:27 - 17529160 _____ (Google Inc.) C:\Documents and Settings\apple3\Moje dokumenty\picasa39-setup.exe
2014-04-24 10:19 - 2014-04-24 10:19 - 00000744 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\GIMP 2.lnk
2014-04-24 10:16 - 2014-04-24 10:19 - 00000000 ____D () C:\Program Files\GIMP 2
2014-04-24 10:15 - 2014-04-24 10:15 - 90396104 _____ (The GIMP Team ) C:\Documents and Settings\apple3\Moje dokumenty\gimp-2.8.10-setup(dobreprogramy.pl).exe
2014-04-23 15:20 - 2014-04-23 15:21 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\UB i Kuczma
2014-04-23 12:17 - 2014-04-23 12:21 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\Łukasz
2014-04-23 09:10 - 2014-04-23 09:10 - 00000000 ____D () C:\Program Files\Tracker Software
2014-04-23 09:10 - 2014-04-23 09:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\PDF-XChange
2014-04-23 09:09 - 2014-04-23 09:09 - 27189248 _____ () C:\Documents and Settings\apple3\Moje dokumenty\PXCViewer_x86.msi
2014-04-22 20:47 - 2014-04-27 03:22 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\INSTALKI
2014-04-22 06:06 - 2014-04-26 03:53 - 00000000 ____D () C:\Documents and Settings\apple3\Dane aplikacji\QuickScan
2014-04-21 15:17 - 2014-04-23 07:05 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\do roberta maszyna
2014-04-21 12:56 - 2014-04-23 09:14 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\MARCIN CV
2014-04-17 11:18 - 2014-04-17 12:48 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\muzyka
2014-04-17 08:18 - 2014-04-17 08:18 - 00159232 _____ () C:\Documents and Settings\apple3\Pulpit\Zał  2 Aneksu KR AB POŚRED  -  KOGUT.xls
2014-04-14 14:18 - 2014-04-14 14:18 - 00001806 _____ () C:\Documents and Settings\apple3\edinet.p12
2014-04-14 14:18 - 2014-04-14 14:18 - 00000580 _____ () C:\Documents and Settings\apple3\edinet-edinet-u-90634530 2014-04-14 141812.cer
2014-04-13 19:11 - 2014-04-13 19:11 - 26121050 _____ () C:\Documents and Settings\apple3\Moje dokumenty\img169.bmp
2014-04-13 19:10 - 2014-04-13 19:10 - 00000521 _____ () C:\Documents and Settings\apple3\Moje dokumenty\Skrót do img168.pdf.lnk
2014-04-13 18:40 - 2014-04-13 19:59 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\play dokument
2014-04-10 06:55 - 2014-04-10 06:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 06:47 - 2014-04-10 06:50 - 00011856 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 05:34 - 2014-04-10 06:55 - 00013618 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ___RD () C:\Documents and Settings\apple3\Moje dokumenty\Moje obrazy
2014-04-04 08:22 - 2014-04-04 08:22 - 00000000 ___RD () C:\Program Files\Skype
2014-04-04 08:22 - 2014-04-04 08:22 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-04 08:22 - 2014-04-04 08:22 - 00000000 ____D () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\Skype
2014-04-04 08:22 - 2014-04-04 08:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype
2014-04-04 08:21 - 2014-04-04 08:21 - 01678496 _____ (Skype Technologies S.A.) C:\Documents and Settings\apple3\Pulpit\SkypeSetup.exe
2014-04-01 19:16 - 2014-04-01 19:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-30 18:04 - 2014-04-27 03:42 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
2014-03-30 18:04 - 2014-04-08 16:50 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job
2014-03-30 14:19 - 2014-03-30 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-30 14:16 - 2014-03-30 14:19 - 00004503 _____ () C:\WINDOWS\KB2934207.log
2014-03-29 10:31 - 2014-02-27 01:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-29 10:31 - 2014-02-27 01:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe

==================== One Month Modified Files and Folders =======

2014-04-27 03:45 - 2013-10-12 13:45 - 00000428 _____ () C:\WINDOWS\Tasks\At1.job
2014-04-27 03:44 - 2014-04-27 03:29 - 00000000 ____D () C:\FRST
2014-04-27 03:44 - 2014-04-26 04:06 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 03:44 - 2012-09-16 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2014-04-27 03:44 - 2009-10-27 17:35 - 01371265 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-27 03:43 - 2009-10-27 17:18 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-27 03:43 - 2009-10-27 17:17 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-27 03:43 - 2008-04-15 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-27 03:42 - 2014-04-27 03:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-27 03:42 - 2014-03-30 18:04 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
2014-04-27 03:42 - 2013-01-21 12:00 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2014-04-27 03:42 - 2012-09-13 12:09 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-27 03:42 - 2012-02-24 08:47 - 00000000 __SHD () C:\WINDOWS\CSC
2014-04-27 03:42 - 2009-10-27 17:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-27 03:42 - 2009-04-15 22:10 - 00228847 _____ () C:\WINDOWS\system32\NvApps.xml
2014-04-27 03:41 - 2014-04-27 03:42 - 00131072 _____ () C:\WINDOWS\Minidump\Mini042714-01.dmp
2014-04-27 03:22 - 2014-04-22 20:47 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\INSTALKI
2014-04-27 02:58 - 2009-10-27 17:44 - 00000000 ___RD () C:\Documents and Settings\apple3\Menu Start\Programy
2014-04-27 02:58 - 2009-10-27 17:44 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit
2014-04-27 02:57 - 2014-04-26 19:27 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-04-27 02:55 - 2009-10-27 17:14 - 00990516 _____ () C:\WINDOWS\setupapi.log
2014-04-27 02:52 - 2014-02-11 08:52 - 00000432 _____ () C:\WINDOWS\Tasks\At2.job
2014-04-26 22:58 - 2013-08-01 16:28 - 00000000 ____D () C:\Documents and Settings\apple3\Moje dokumenty\CERTYFIKATY
2014-04-26 20:47 - 2009-10-27 17:36 - 00001607 _____ () C:\Documents and Settings\Default User\Menu Start\Programy\Pomoc zdalna.lnk
2014-04-26 20:11 - 2009-10-27 17:44 - 00001607 _____ () C:\Documents and Settings\apple3\Menu Start\Programy\Pomoc zdalna.lnk
2014-04-26 19:30 - 2014-04-26 19:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-26 19:24 - 2014-04-26 19:24 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-04-26 16:51 - 2014-03-03 11:52 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\mecenas
2014-04-26 16:41 - 2009-10-27 17:44 - 00000188 ___SH () C:\Documents and Settings\apple3\ntuser.ini
2014-04-26 16:41 - 2009-10-27 17:43 - 00032378 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-26 11:06 - 2014-04-26 11:04 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\archiwum plikow
2014-04-26 06:58 - 2014-04-26 06:58 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-26 06:55 - 2014-01-07 11:13 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\WPM
2014-04-26 06:55 - 2010-06-05 10:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2014-04-26 06:54 - 2014-04-26 06:32 - 00000000 ____D () C:\AdwCleaner
2014-04-26 06:54 - 2009-10-27 17:44 - 00000000 ____D () C:\Documents and Settings\apple3
2014-04-26 06:53 - 2012-07-30 08:01 - 00000738 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
2014-04-26 06:53 - 2009-10-27 23:13 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox
2014-04-26 06:53 - 2009-10-27 17:44 - 00000755 _____ () C:\Documents and Settings\apple3\Menu Start\Programy\Internet Explorer.lnk
2014-04-26 06:53 - 2009-10-27 17:44 - 00000000 __RHD () C:\Documents and Settings\apple3\Dane aplikacji
2014-04-26 06:53 - 2009-10-27 17:44 - 00000000 ___HD () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji
2014-04-26 06:53 - 2009-10-27 17:39 - 00000000 ____D () C:\Documents and Settings\NetworkService\Dane aplikacji
2014-04-26 06:53 - 2009-10-27 17:14 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-04-26 06:53 - 2009-10-27 17:14 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-04-26 04:35 - 2014-02-27 10:01 - 00000000 ____D () C:\Documents and Settings\apple3\Dane aplikacji\SupTab
2014-04-26 04:06 - 2014-04-26 04:06 - 00000785 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-04-26 04:06 - 2014-04-26 04:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-26 04:06 - 2014-04-26 04:06 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2014-04-26 04:06 - 2014-04-26 04:06 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-04-26 04:06 - 2009-10-27 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-04-26 03:53 - 2014-04-22 06:06 - 00000000 ____D () C:\Documents and Settings\apple3\Dane aplikacji\QuickScan
2014-04-26 00:45 - 2013-10-14 07:45 - 00000181 _____ () C:\Documents and Settings\NetworkService\Dane aplikacji\WB.CFG
2014-04-25 15:25 - 2013-09-14 16:08 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats
2014-04-25 15:19 - 2014-04-25 10:30 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\deklaracje
2014-04-25 13:51 - 2014-04-25 13:51 - 00000761 _____ () C:\Documents and Settings\apple3\Menu Start\Programy\fillUp Przyjazne formularze, druki, deklaracje, umowy.lnk
2014-04-25 13:51 - 2014-04-25 13:51 - 00000755 _____ () C:\Documents and Settings\apple3\Pulpit\fillUp Przyjazne formularze.lnk
2014-04-25 13:51 - 2014-04-25 13:51 - 00000000 ____D () C:\Documents and Settings\apple3\Dane aplikacji\com.efile.fillup
2014-04-25 13:51 - 2014-04-25 13:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\fillUp Przyjazne formularze
2014-04-25 13:51 - 2014-02-11 20:59 - 00000000 ____D () C:\Program Files\e-file
2014-04-25 13:51 - 2014-02-11 20:59 - 00000000 ____D () C:\Documents and Settings\apple3\Moje dokumenty\efile
2014-04-25 13:50 - 2014-04-25 13:50 - 17948952 _____ (e-file sp. z o.o. ) C:\Documents and Settings\apple3\Pulpit\setup_fillUp_vat7_formularz_2642279.exe
2014-04-25 13:48 - 2014-04-25 13:48 - 01392100 _____ () C:\Documents and Settings\apple3\Pulpit\421.gofin
2014-04-24 14:27 - 2014-03-06 15:08 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\miszkanie sz
2014-04-24 14:17 - 2009-10-27 23:12 - 00000000 ____D () C:\Documents and Settings\apple3\Dane aplikacji\Skype
2014-04-24 10:50 - 2014-04-24 10:38 - 00000000 ____D () C:\Documents and Settings\apple3\.gimp-2.8
2014-04-24 10:49 - 2014-04-24 10:49 - 00004276 _____ () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\recently-used.xbel
2014-04-24 10:49 - 2014-04-24 10:49 - 00000000 ____D () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\gtk-2.0
2014-04-24 10:43 - 2014-04-24 10:43 - 00000000 ____D () C:\Documents and Settings\apple3\.thumbnails
2014-04-24 10:38 - 2014-04-24 10:38 - 00000000 ____D () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\gegl-0.2
2014-04-24 10:36 - 2014-04-24 10:36 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\różne
2014-04-24 10:36 - 2009-10-27 17:44 - 00000000 ___RD () C:\Documents and Settings\apple3\Moje dokumenty
2014-04-24 10:33 - 2009-10-27 17:35 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-04-24 10:32 - 2014-04-24 10:32 - 00000767 _____ () C:\Documents and Settings\All Users\Pulpit\Picasa 3.lnk
2014-04-24 10:32 - 2014-04-24 10:28 - 00000000 ____D () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\Google
2014-04-24 10:30 - 2014-04-24 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Picasa 3
2014-04-24 10:30 - 2014-04-24 10:28 - 00007956 _____ () C:\WINDOWS\KB952011.log
2014-04-24 10:30 - 2009-10-27 17:15 - 01758582 ____C () C:\WINDOWS\FaxSetup.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00868971 ____C () C:\WINDOWS\ocgen.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00814736 ____C () C:\WINDOWS\tsoc.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00600483 ____C () C:\WINDOWS\comsetup.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00568830 ____C () C:\WINDOWS\msmqinst.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00364279 ____C () C:\WINDOWS\ntdtcsetup.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00309269 ____C () C:\WINDOWS\netfxocm.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00122350 ____C () C:\WINDOWS\MedCtrOC.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00110349 ____C () C:\WINDOWS\ocmsn.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00090709 ____C () C:\WINDOWS\tabletoc.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00088366 ____C () C:\WINDOWS\msgsocm.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00006655 _____ () C:\WINDOWS\iis6.log
2014-04-24 10:30 - 2009-10-27 17:15 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-24 10:29 - 2014-04-24 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2014-04-24 10:28 - 2014-04-24 10:28 - 00000000 ____D () C:\Program Files\Google
2014-04-24 10:27 - 2014-04-24 10:27 - 17529160 _____ (Google Inc.) C:\Documents and Settings\apple3\Moje dokumenty\picasa39-setup.exe
2014-04-24 10:19 - 2014-04-24 10:19 - 00000744 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\GIMP 2.lnk
2014-04-24 10:19 - 2014-04-24 10:16 - 00000000 ____D () C:\Program Files\GIMP 2
2014-04-24 10:15 - 2014-04-24 10:15 - 90396104 _____ (The GIMP Team ) C:\Documents and Settings\apple3\Moje dokumenty\gimp-2.8.10-setup(dobreprogramy.pl).exe
2014-04-23 15:21 - 2014-04-23 15:20 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\UB i Kuczma
2014-04-23 12:21 - 2014-04-23 12:17 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\Łukasz
2014-04-23 09:14 - 2014-04-21 12:56 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\MARCIN CV
2014-04-23 09:10 - 2014-04-23 09:10 - 00000000 ____D () C:\Program Files\Tracker Software
2014-04-23 09:10 - 2014-04-23 09:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\PDF-XChange
2014-04-23 09:09 - 2014-04-23 09:09 - 27189248 _____ () C:\Documents and Settings\apple3\Moje dokumenty\PXCViewer_x86.msi
2014-04-23 07:05 - 2014-04-21 15:17 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\do roberta maszyna
2014-04-18 06:36 - 2013-10-02 20:26 - 00002504 _____ () C:\Documents and Settings\All Users\lxdm
2014-04-17 12:48 - 2014-04-17 11:18 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\muzyka
2014-04-17 11:13 - 2013-12-30 23:15 - 00000000 ___RD () C:\Documents and Settings\apple3\Moje dokumenty\Moja muzyka
2014-04-17 08:18 - 2014-04-17 08:18 - 00159232 _____ () C:\Documents and Settings\apple3\Pulpit\Zał  2 Aneksu KR AB POŚRED  -  KOGUT.xls
2014-04-17 07:27 - 2009-10-27 17:32 - 00023691 ____C () C:\WINDOWS\wmsetup.log
2014-04-17 07:21 - 2012-12-24 19:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-14 14:32 - 2009-10-27 17:15 - 01098100 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-14 14:32 - 2008-04-15 14:00 - 00494060 _____ () C:\WINDOWS\system32\perfh015.dat
2014-04-14 14:32 - 2008-04-15 14:00 - 00085344 _____ () C:\WINDOWS\system32\perfc015.dat
2014-04-14 14:18 - 2014-04-14 14:18 - 00001806 _____ () C:\Documents and Settings\apple3\edinet.p12
2014-04-14 14:18 - 2014-04-14 14:18 - 00000580 _____ () C:\Documents and Settings\apple3\edinet-edinet-u-90634530 2014-04-14 141812.cer
2014-04-13 19:59 - 2014-04-13 18:40 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\play dokument
2014-04-13 19:11 - 2014-04-13 19:11 - 26121050 _____ () C:\Documents and Settings\apple3\Moje dokumenty\img169.bmp
2014-04-13 19:10 - 2014-04-13 19:10 - 00000521 _____ () C:\Documents and Settings\apple3\Moje dokumenty\Skrót do img168.pdf.lnk
2014-04-13 15:56 - 2013-11-17 20:24 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\Nowy folder (2)
2014-04-13 15:55 - 2014-02-11 18:39 - 00000000 ____D () C:\Documents and Settings\apple3\Pulpit\straz
2014-04-10 06:56 - 2009-10-27 22:44 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2014-04-10 06:55 - 2014-04-10 06:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 06:55 - 2014-04-09 05:34 - 00013618 _____ () C:\WINDOWS\KB2922229.log
2014-04-10 06:55 - 2009-10-27 17:15 - 02002731 ____C () C:\WINDOWS\iis6.BAK
2014-04-10 06:55 - 2009-10-27 17:15 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-10 06:53 - 2013-07-18 09:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-10 06:50 - 2014-04-10 06:47 - 00011856 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 06:50 - 2013-09-14 12:42 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-10 06:49 - 2009-10-27 18:49 - 00164917 ____C () C:\WINDOWS\updspapi.log
2014-04-08 16:50 - 2014-03-30 18:04 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job
2014-04-08 09:01 - 2014-04-08 09:01 - 00000000 ___RD () C:\Documents and Settings\apple3\Moje dokumenty\Moje obrazy
2014-04-04 08:22 - 2014-04-04 08:22 - 00000000 ___RD () C:\Program Files\Skype
2014-04-04 08:22 - 2014-04-04 08:22 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-04 08:22 - 2014-04-04 08:22 - 00000000 ____D () C:\Documents and Settings\apple3\Ustawienia lokalne\Dane aplikacji\Skype
2014-04-04 08:22 - 2014-04-04 08:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype
2014-04-04 08:22 - 2009-10-27 23:11 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype
2014-04-04 08:21 - 2014-04-04 08:21 - 01678496 _____ (Skype Technologies S.A.) C:\Documents and Settings\apple3\Pulpit\SkypeSetup.exe
2014-04-03 18:09 - 2012-07-30 08:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-03 09:51 - 2014-04-26 04:06 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-26 04:06 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-01 19:16 - 2014-04-01 19:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-30 14:19 - 2014-03-30 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-30 14:19 - 2014-03-30 14:16 - 00004503 _____ () C:\WINDOWS\KB2934207.log

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job


Some content of TEMP:
====================
C:\Documents and Settings\apple3\Ustawienia lokalne\Temp\APNSetup.exe
C:\Documents and Settings\apple3\Ustawienia lokalne\Temp\oi_{6D185CD1-E270-4561-99A9-6FCA1D86D98A}.exe
C:\Documents and Settings\apple3\Ustawienia lokalne\Temp\Quarantine.exe
C:\Documents and Settings\apple3\Ustawienia lokalne\Temp\removedirectory.exe
C:\Documents and Settings\apple3\Ustawienia lokalne\Temp\SHSetup.exe
C:\Documents and Settings\apple3\Ustawienia lokalne\Temp\StopService.exe
C:\Documents and Settings\apple3\Ustawienia lokalne\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2008-04-15 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f 

C:\WINDOWS\system32\User32.dll
[2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2008-04-15 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================