Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-05-2014
Ran by Halina (administrator) on MAMAPC on 04-05-2014 19:17:56
Running from C:\Documents and Settings\Halina\Pulpit\Nowy folder
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
() C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
() C:\Program Files\4G Hostless Modem\PLAY ONLINE\CheckNDISPort_df.exe
(Infineon Technologies AG) C:\WINDOWS\system32\IFXSPMGT.exe
() C:\Program Files\4G Hostless Modem\PLAY ONLINE\CancelAutoPlay_df.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Infineon Technologies AG) C:\WINDOWS\system32\IFXTCS.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Huawei Technologies Co., Ltd.) C:\Documents and Settings\Halina\Dane aplikacji\PLAY ONLINE\ouc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(PasswordBox, Inc.) C:\Program Files\PasswordBox\pbbtnService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Infineon Technologies AG) C:\WINDOWS\system32\IfxPsdSv.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Infineon Technologies AG) C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2007-10-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IFXSPMGT] => C:\WINDOWS\system32\ifxspmgt.exe [677144 2008-01-25] (Infineon Technologies AG)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2557976 2014-05-02] ()
HKLM\...\Run: [CheckNDISPortF0acD2] => C:\Program Files\4G Hostless Modem\PLAY ONLINE\CheckNDISPort_df.exe [459008 2013-07-26] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\4G Hostless Modem\PLAY ONLINE\CancelAutoPlay_df.exe [446208 2013-07-26] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-03] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1960408961-362288127-1417001333-1003\...\Run: [HW_OPENEYE_OUC_PLAY ONLINE] => C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [110592 2009-04-14] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-1960408961-362288127-1417001333-1003\...\Run: [GG] => C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [4023360 2014-04-18] (GG Network S.A.)
HKU\S-1-5-21-1960408961-362288127-1417001333-1003\...\MountPoints2: {3059d8ee-c569-11e2-9609-001b7760f6ae} - F:\AutoRun.exe
HKU\S-1-5-21-1960408961-362288127-1417001333-1003\...\MountPoints2: {4184c57e-bcaa-11e2-9607-001b7760f6ae} - F:\AutoRun.exe
HKU\S-1-5-21-1960408961-362288127-1417001333-1003\...\MountPoints2: {4184c581-bcaa-11e2-9607-001b7760f6ae} - F:\AutoRun.exe
HKU\S-1-5-21-1960408961-362288127-1417001333-1003\...\MountPoints2: {b80ab035-7af5-11e3-9670-364b50b7ef2d} - E:\AutoRun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13930
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=109&itype=n&ver=12283&tm=335&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=109&itype=n&ver=12283&tm=335&src=ds&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=348B001B7760F6AE&affID=119357&tsp=4993
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={132B494E-341E-4E01-A097-94D281F7DE88}&mid=5b189cfecc9247d3b5add15231841f5d-988eb7d3456cffc0241c6d4465c84aea379dff90&lang=en&ds=co011&pr=sa&d=2013-06-21 18:36:56&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=109&itype=n&ver=12283&tm=335&src=ds&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Halina\Dane aplikacji\Mozilla\Firefox\Profiles\tq0b88ze.default
FF user.js: detected! => C:\Documents and Settings\Halina\Dane aplikacji\Mozilla\Firefox\Profiles\tq0b88ze.default\user.js
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://www.google.pl/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Settings Manager - C:\Documents and Settings\Halina\Dane aplikacji\Mozilla\Firefox\Profiles\tq0b88ze.default\Extensions\{3EF01F35-3026-3C46-EC85-35802BA08797} [2014-05-02]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-12-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-05]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Dane aplikacji\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443
FF Extension: AVG SafeGuard toolbar - C:\Documents and Settings\All Users\Dane aplikacji\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443 [2014-05-02]
FF HKLM\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files\PasswordBox\Firefox [2013-11-22]
FF HKCU\...\Firefox\Extensions: [{8E3C10E3-9B89-B515-883F-0A45FF62B29F}] - C:\Program Files\BlockAndSurf-soft\161.xpi

Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (AVG SafeGuard) - C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-03]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Dane aplikacji\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-03] (AVAST Software)
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 IFXSpMgtSrv; C:\WINDOWS\system32\ifxspmgt.exe [677144 2008-01-25] (Infineon Technologies AG)
R2 IFXTCS; C:\WINDOWS\system32\IFXTCS.exe [886040 2008-01-25] (Infineon Technologies AG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-12-05] (Sun Microsystems, Inc.)
R2 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 PersonalSecureDriveService; C:\WINDOWS\system32\IfxPsdSv.exe [140568 2007-07-24] (Infineon Technologies AG)
R2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-05-02] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-03] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-03] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-03] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-05-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-05-03] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-03] ()
R3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-05-02] (AVG Technologies)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [401664 2006-02-27] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30363 2006-02-27] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342602 2006-02-27] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [148168 2006-02-27] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57096 2006-02-27] (Broadcom Corporation.)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [97280 2007-05-09] (Texas Instruments)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2007-07-24] (Infineon Technologies AG)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
R1 PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [38816 2007-07-24] (Infineon Technologies AG)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [36425 2001-10-26] (SMC)
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2005-01-05] (VIA Technologies, Inc.)
S3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2005-06-06] (VIA Technologies, Inc.)
U2 CertPropSvc; 
U1 eabfiltr; 
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-04 19:17 - 2014-05-04 19:17 - 00000000 ____D () C:\FRST
2014-05-04 19:08 - 2014-05-04 19:17 - 00000000 ____D () C:\Documents and Settings\Halina\Pulpit\Nowy folder
2014-05-04 19:06 - 2014-05-04 19:06 - 00000000 _____ () C:\Documents and Settings\Halina\Pulpit\Nowy Dokument tekstowy.txt
2014-05-04 17:29 - 2014-05-04 17:43 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 17:28 - 2014-05-04 17:28 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-05-04 17:27 - 2014-05-04 17:27 - 00702752 _____ () C:\Documents and Settings\Halina\Pulpit\Malwarebytes-AntiMalware(13117).exe
2014-05-04 17:16 - 2014-05-04 17:16 - 05001508 _____ () C:\Documents and Settings\Halina\Pulpit\100_2464.MOV
2014-05-04 13:10 - 2014-05-04 13:10 - 12967167 _____ () C:\Documents and Settings\Halina\Pulpit\101_0260.MOV
2014-05-04 12:59 - 2014-05-04 12:59 - 00000000 ____D () C:\Documents and Settings\Halina\Pulpit\programy
2014-05-03 21:59 - 2014-05-03 22:52 - 00000000 ____D () C:\Program Files\Eassos Recovery
2014-05-03 21:51 - 2014-05-03 21:51 - 00001828 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
2014-05-03 21:50 - 2014-05-04 19:02 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 21:50 - 2014-05-04 18:59 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 21:50 - 2014-05-03 21:51 - 00000000 ____D () C:\Program Files\Google
2014-05-03 21:50 - 2014-05-03 21:51 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\Google
2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Documents and Settings\Halina\Dane aplikacji\AVAST Software
2014-05-03 20:04 - 2014-05-04 12:58 - 00000000 ____D () C:\Documents and Settings\Halina\Pulpit\Patrycja
2014-05-03 16:08 - 2014-05-04 12:56 - 00000000 ___SD () C:\Documents and Settings\Halina\GG dysk
2014-05-03 16:05 - 2014-05-04 19:02 - 00000000 ____D () C:\Documents and Settings\Halina\Dane aplikacji\GG
2014-05-03 16:05 - 2014-05-03 16:06 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\GG
2014-05-03 16:05 - 2014-05-03 16:05 - 00001197 _____ () C:\Documents and Settings\Halina\Menu Start\Programy\OpenFM.lnk
2014-05-03 16:05 - 2014-05-03 16:05 - 00001158 _____ () C:\Documents and Settings\Halina\Menu Start\Programy\GG.lnk
2014-05-03 16:05 - 2014-05-03 16:05 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\OpenFM
2014-05-03 15:55 - 2014-05-03 15:55 - 00000000 ____D () C:\Documents and Settings\Halina\Dane aplikacji\Unity
2014-05-03 14:21 - 2014-05-03 14:21 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\Unity
2014-05-03 14:10 - 2014-05-03 14:09 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-03 14:09 - 2014-05-03 14:09 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-02 23:08 - 2014-05-02 23:08 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search
2014-05-02 17:01 - 2005-06-06 17:51 - 00011264 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\vulfntr.sys
2014-05-02 17:01 - 2005-01-05 18:02 - 00006912 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\vulfnth.sys
2014-05-02 17:01 - 2003-10-03 16:28 - 00045056 _____ () C:\WINDOWS\system32\vusetup.dll
2014-05-02 17:00 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2014-05-02 14:20 - 2014-05-02 14:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-02 13:19 - 2014-05-02 13:19 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-05-02 09:02 - 2014-05-02 17:01 - 00000000 ____D () C:\WINDOWS\_ISTMP1.DIR
2014-05-02 08:58 - 2014-05-03 08:58 - 00000366 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-05-02 08:58 - 2014-05-02 09:18 - 00000368 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-05-02 08:58 - 2014-05-02 08:58 - 00000366 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-05-02 08:57 - 2014-05-02 08:58 - 00000328 _____ () C:\Documents and Settings\Halina\Dane aplikacji\aps.uninstall.scan.results
2014-05-02 08:56 - 2014-05-03 22:53 - 00000000 ____D () C:\Program Files\Linkey
2014-05-02 08:56 - 2014-05-02 08:56 - 00000472 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-05-02 08:55 - 2014-05-04 17:40 - 00000000 ____D () C:\Program Files\Settings Manager
2014-05-02 08:55 - 2014-04-30 12:07 - 01728322 _____ (AnyProtect.com) C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\AnyProtectScannerSetup.exe
2014-05-02 08:43 - 2014-05-02 08:43 - 00301496 _____ (VuuPC Limited) C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\nsq46.tmp
2014-05-02 08:43 - 2014-05-02 08:43 - 00301496 _____ (VuuPC Limited) C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\nsm45.tmp

==================== One Month Modified Files and Folders =======

2014-05-04 19:17 - 2014-05-04 19:17 - 00000000 ____D () C:\FRST
2014-05-04 19:17 - 2014-05-04 19:08 - 00000000 ____D () C:\Documents and Settings\Halina\Pulpit\Nowy folder
2014-05-04 19:08 - 2012-12-05 19:42 - 00000000 ____D () C:\Documents and Settings\Halina\Pulpit
2014-05-04 19:07 - 2013-04-01 18:58 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-04 19:06 - 2014-05-04 19:06 - 00000000 _____ () C:\Documents and Settings\Halina\Pulpit\Nowy Dokument tekstowy.txt
2014-05-04 19:06 - 2012-12-05 19:36 - 00346390 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-04 19:05 - 2012-12-05 21:01 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-04 19:05 - 1980-01-04 02:21 - 00788290 _____ () C:\WINDOWS\setupapi.log
2014-05-04 19:03 - 1980-01-04 02:21 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-05-04 19:03 - 1980-01-04 02:21 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-05-04 19:02 - 2014-05-03 21:50 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-04 19:02 - 2014-05-03 16:05 - 00000000 ____D () C:\Documents and Settings\Halina\Dane aplikacji\GG
2014-05-04 19:00 - 1980-01-04 02:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-04 19:00 - 1980-01-04 02:24 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-05-04 18:59 - 2014-05-03 21:50 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-04 18:59 - 2012-12-05 19:41 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-04 18:22 - 2014-01-08 01:30 - 00000000 ____D () C:\Program Files\Mobogenie
2014-05-04 18:22 - 2012-12-05 19:42 - 00000188 ___SH () C:\Documents and Settings\Halina\ntuser.ini
2014-05-04 18:22 - 2012-12-05 19:41 - 00032510 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-04 18:06 - 2013-08-15 21:33 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-05-04 17:43 - 2014-05-04 17:29 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 17:40 - 2014-05-02 08:55 - 00000000 ____D () C:\Program Files\Settings Manager
2014-05-04 17:39 - 2014-01-08 01:31 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\genienext
2014-05-04 17:39 - 2012-12-05 19:42 - 00000000 __RHD () C:\Documents and Settings\Halina\Dane aplikacji
2014-05-04 17:39 - 1980-01-04 02:21 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-05-04 17:28 - 2014-05-04 17:28 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-05-04 17:27 - 2014-05-04 17:27 - 00702752 _____ () C:\Documents and Settings\Halina\Pulpit\Malwarebytes-AntiMalware(13117).exe
2014-05-04 17:16 - 2014-05-04 17:16 - 05001508 _____ () C:\Documents and Settings\Halina\Pulpit\100_2464.MOV
2014-05-04 13:10 - 2014-05-04 13:10 - 12967167 _____ () C:\Documents and Settings\Halina\Pulpit\101_0260.MOV
2014-05-04 12:59 - 2014-05-04 12:59 - 00000000 ____D () C:\Documents and Settings\Halina\Pulpit\programy
2014-05-04 12:58 - 2014-05-03 20:04 - 00000000 ____D () C:\Documents and Settings\Halina\Pulpit\Patrycja
2014-05-04 12:56 - 2014-05-03 16:08 - 00000000 ___SD () C:\Documents and Settings\Halina\GG dysk
2014-05-03 22:53 - 2014-05-02 08:56 - 00000000 ____D () C:\Program Files\Linkey
2014-05-03 22:52 - 2014-05-03 21:59 - 00000000 ____D () C:\Program Files\Eassos Recovery
2014-05-03 21:55 - 2012-12-05 19:42 - 00000000 ___HD () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji
2014-05-03 21:51 - 2014-05-03 21:51 - 00001828 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
2014-05-03 21:51 - 2014-05-03 21:50 - 00000000 ____D () C:\Program Files\Google
2014-05-03 21:51 - 2014-05-03 21:50 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\Google
2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Documents and Settings\Halina\Dane aplikacji\AVAST Software
2014-05-03 21:46 - 2001-07-22 03:17 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-03 16:08 - 2012-12-05 19:42 - 00000000 ___RD () C:\Documents and Settings\Halina\Ulubione
2014-05-03 16:08 - 2012-12-05 19:42 - 00000000 ____D () C:\Documents and Settings\Halina
2014-05-03 16:06 - 2014-05-03 16:05 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\GG
2014-05-03 16:05 - 2014-05-03 16:05 - 00001197 _____ () C:\Documents and Settings\Halina\Menu Start\Programy\OpenFM.lnk
2014-05-03 16:05 - 2014-05-03 16:05 - 00001158 _____ () C:\Documents and Settings\Halina\Menu Start\Programy\GG.lnk
2014-05-03 16:05 - 2014-05-03 16:05 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\OpenFM
2014-05-03 16:05 - 2012-12-05 19:42 - 00000000 ___RD () C:\Documents and Settings\Halina\Menu Start\Programy
2014-05-03 15:55 - 2014-05-03 15:55 - 00000000 ____D () C:\Documents and Settings\Halina\Dane aplikacji\Unity
2014-05-03 14:21 - 2014-05-03 14:21 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\Unity
2014-05-03 14:09 - 2014-05-03 14:10 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-03 14:09 - 2014-05-03 14:09 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-03 14:09 - 2013-03-25 11:50 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-03 14:09 - 2013-03-25 11:50 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-05-03 14:09 - 2013-03-25 11:50 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-03 14:09 - 2012-12-05 21:01 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-05-03 14:09 - 2012-12-05 21:01 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-05-03 14:09 - 2012-12-05 21:01 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-05-03 14:09 - 2012-12-05 21:01 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-05-03 14:09 - 2012-12-05 21:00 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-03 13:57 - 2012-12-05 21:00 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
2014-05-03 13:56 - 2012-12-05 19:37 - 00002596 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-05-03 13:52 - 2012-12-05 19:42 - 00000000 ___RD () C:\Documents and Settings\Halina\Menu Start\Programy\Autostart
2014-05-03 08:58 - 2014-05-02 08:58 - 00000366 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-05-03 08:13 - 2012-12-05 20:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-02 23:08 - 2014-05-02 23:08 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search
2014-05-02 23:08 - 2013-11-22 04:35 - 00000000 ____D () C:\Program Files\PasswordBox
2014-05-02 23:08 - 2013-06-27 07:29 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-05-02 23:08 - 2013-06-21 18:36 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-05-02 23:08 - 2013-06-21 18:36 - 00003738 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-02 23:08 - 2013-06-21 18:36 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-05-02 17:01 - 2014-05-02 09:02 - 00000000 ____D () C:\WINDOWS\_ISTMP1.DIR
2014-05-02 14:21 - 2014-05-02 14:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-02 13:27 - 1980-01-04 02:21 - 00185049 _____ () C:\WINDOWS\setupact.log
2014-05-02 13:19 - 2014-05-02 13:19 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-05-02 09:18 - 2014-05-02 08:58 - 00000368 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-05-02 09:07 - 2013-04-01 18:58 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-02 09:07 - 2013-04-01 18:58 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-02 08:58 - 2014-05-02 08:58 - 00000366 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-05-02 08:58 - 2014-05-02 08:57 - 00000328 _____ () C:\Documents and Settings\Halina\Dane aplikacji\aps.uninstall.scan.results
2014-05-02 08:56 - 2014-05-02 08:56 - 00000472 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-05-02 08:43 - 2014-05-02 08:43 - 00301496 _____ (VuuPC Limited) C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\nsq46.tmp
2014-05-02 08:43 - 2014-05-02 08:43 - 00301496 _____ (VuuPC Limited) C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\nsm45.tmp
2014-05-01 15:49 - 2013-07-05 20:44 - 00000000 ____D () C:\Documents and Settings\Halina\Dane aplikacji\Skype
2014-04-30 18:46 - 2014-01-08 01:31 - 00000000 ____D () C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\cache
2014-04-30 12:07 - 2014-05-02 08:55 - 01728322 _____ (AnyProtect.com) C:\Documents and Settings\Halina\Ustawienia lokalne\Dane aplikacji\AnyProtectScannerSetup.exe

Some content of TEMP:
====================
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\BackupSetup.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\Foxit Updater.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\oi_{94A16E67-D2AC-49B8-9989-7EC6E64B40D7}.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\SkypeSetup.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\Softonic_PL_1-5-4_PL-Production_10_CleanRelease.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\Unable to open VuuPC.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\uninst1.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\vcredist_x86.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\VuuPC.exe
C:\Documents and Settings\Halina\Ustawienia lokalne\Temp\VuuPCSetup_full.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-04-15 00:51] - [2008-04-15 00:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2008-04-15 00:51] - [2008-04-15 00:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2008-04-15 00:51] - [2008-04-15 00:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2008-04-15 00:51] - [2008-04-15 00:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea 

C:\WINDOWS\system32\User32.dll
[2008-04-15 00:50] - [2008-04-15 00:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2008-04-15 00:51] - [2008-04-15 00:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2008-04-15 00:50] - [2008-04-15 00:50] - 0399360 ____A (Microsoft Corporation) 02396dab9dd407b06539981f477f3fec 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 23:31] - [2008-04-14 23:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================