Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-05-2014
Ran by Admin (administrator) on K-9DD81CB22E2C4 on 11-05-2014 04:01:47
Running from E:\
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(OptionNV) C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Option) C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [774233 2006-05-19] (Synaptics, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [53248 2007-08-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16062464 2006-12-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [89542 2006-08-30] (Agere Systems)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ROC_ROC_NT] => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-796845957-602162358-725345543-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-796845957-602162358-725345543-1003\...\Run: [GG] => C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [3377288 2012-10-31] (GG Network S.A.)
HKU\S-1-5-21-796845957-602162358-725345543-1003\...\MountPoints2: {8c8076e9-d112-11df-bd8d-0016cf9d2810} - E:\DTLplus_Launcher.exe
HKU\S-1-5-21-796845957-602162358-725345543-1003\...\MountPoints2: {a717cd03-4b7f-11e1-bf84-00f1d000f1d0} - E:\LaunchU3.exe -a
HKU\S-1-5-21-796845957-602162358-725345543-1003\...\MountPoints2: {b9c7dab8-50c2-11e0-be42-00f1d000f1d0} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\odkgiodod.lnk
ShortcutTarget: odkgiodod.lnk -> C:\DOCUME~1\ALLUSE~1\DANEAP~1\DODOIG~1.CPP\dodoigkdo.cpp (No File)
Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GlobeTrotter Connect.lnk
ShortcutTarget: GlobeTrotter Connect.lnk -> C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/0,0.html?sc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gazeta.pl/0,0.html?sc=1
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_nocpc_3812_1&babsrc=SP_ss&mntrId=306bb7cd00000000000000f1d000f1d0
SearchScopes: HKCU - {F57510B7-3674-4404-8170-4EC3BA1C583B} URL = http://szukaj.gazeta.pl/portalSearch.do?s.si(navigation).navigationEnabled=true&s.sm.query={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\615jdn6v.default
FF user.js: detected! => C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\615jdn6v.default\user.js
FF NewTab: hxxp://search.babylon.com/?affID=110823&tt=120912_nocpc_3812_1&babsrc=NT_ss&mntrId=306bb7cd00000000000000f1d000f1d0
FF SearchEngineOrder.1: Search the web (Babylon)
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Babylon - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\615jdn6v.default\Extensions\ffxtlbr@babylon.com [2012-09-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-10-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 GtFlashSwitch; C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [176128 2007-02-09] (OptionNV)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-10-12] (Sun Microsystems, Inc.)
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-02] (Intel Corporation )

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-10-06] (Meetinghouse Data Communications)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1286144 2008-02-20] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 GTMNDISIRPXP; C:\WINDOWS\System32\DRIVERS\Gtm51Irp.sys [122496 2007-04-14] (Option N.V.)
R3 GTPTSER; C:\WINDOWS\System32\DRIVERS\gtptser.sys [8064 2007-04-14] (Option N.V.)
R3 GTUQBUS; C:\WINDOWS\System32\DRIVERS\gtuqbus.sys [37120 2007-04-14] (Option N.V.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 08:11 - 2014-05-11 04:01 - 00000000 ____D () C:\FRST
2014-05-11 06:50 - 2014-05-11 06:52 - 00034150 _____ () C:\OTL.Txt
2014-05-10 01:52 - 2014-05-10 01:52 - 00000000 ____D () C:\WINDOWS\CSC
2014-05-09 13:25 - 2014-05-10 23:37 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-05-09 11:20 - 2014-05-09 11:20 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-05-09 09:44 - 2014-05-10 20:54 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 09:42 - 2014-05-09 09:42 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-05-09 09:16 - 2014-05-10 22:27 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-09 09:16 - 2014-05-09 11:20 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-09 09:16 - 2014-05-09 11:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione
2014-05-09 09:16 - 2010-10-26 20:50 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
2014-05-09 09:16 - 2010-10-26 20:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2014-05-09 09:16 - 2010-10-20 22:16 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty
2014-05-09 09:16 - 2010-10-05 15:09 - 00001599 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk
2014-05-09 09:16 - 2010-10-05 15:09 - 00000792 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk
2014-05-09 09:16 - 2010-10-05 15:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria
2014-05-09 09:16 - 2010-10-05 15:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy
2014-05-09 09:16 - 2010-10-05 15:04 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony
2014-05-06 16:01 - 2014-05-06 16:03 - 00005811 _____ () C:\WINDOWS\KB2964358-IE8.log

==================== One Month Modified Files and Folders =======

2014-05-11 06:52 - 2014-05-11 06:50 - 00034150 _____ () C:\OTL.Txt
2014-05-11 04:01 - 2014-05-11 08:11 - 00000000 ____D () C:\FRST
2014-05-11 04:00 - 2012-11-24 21:40 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\GG
2014-05-11 04:00 - 2010-10-05 16:39 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-05-11 04:00 - 2010-10-05 16:39 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-05-11 03:59 - 2010-10-05 15:07 - 01830402 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-11 03:57 - 2013-10-12 17:51 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-11 03:57 - 2010-10-06 08:38 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 03:57 - 2010-10-05 16:42 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-11 03:57 - 2010-10-05 16:42 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-05-11 03:57 - 2010-10-05 15:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-11 03:56 - 2013-10-12 17:48 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
2014-05-11 03:55 - 2010-10-05 15:13 - 00032572 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-10 23:37 - 2014-05-09 13:25 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-05-10 23:30 - 2010-10-05 15:15 - 00000188 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2014-05-10 23:11 - 2010-10-06 08:38 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 23:06 - 2004-08-04 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-10 22:27 - 2014-05-09 09:16 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-10 20:54 - 2014-05-09 09:44 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 02:57 - 2010-10-05 16:38 - 00743307 _____ () C:\WINDOWS\setupapi.log
2014-05-10 01:52 - 2014-05-10 01:52 - 00000000 ____D () C:\WINDOWS\CSC
2014-05-09 11:20 - 2014-05-09 11:20 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-05-09 11:20 - 2014-05-09 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-09 11:19 - 2014-05-09 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione
2014-05-09 10:23 - 2010-10-05 16:38 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-05-09 10:23 - 2010-10-05 15:15 - 00000000 __RHD () C:\Documents and Settings\Admin\Dane aplikacji
2014-05-09 09:42 - 2014-05-09 09:42 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-05-08 16:06 - 2010-10-05 15:15 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy\Autostart
2014-05-06 16:03 - 2014-05-06 16:01 - 00005811 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-06 16:03 - 2010-10-06 21:49 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-06 16:03 - 2010-10-06 08:26 - 00282095 _____ () C:\WINDOWS\updspapi.log
2014-05-06 16:03 - 2010-10-05 16:40 - 01915772 _____ () C:\WINDOWS\iis6.log
2014-05-06 16:03 - 2010-10-05 16:40 - 01736527 _____ () C:\WINDOWS\FaxSetup.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00840552 _____ () C:\WINDOWS\ocgen.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00798540 _____ () C:\WINDOWS\tsoc.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00589669 _____ () C:\WINDOWS\comsetup.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00551392 _____ () C:\WINDOWS\msmqinst.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00355180 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00304621 _____ () C:\WINDOWS\netfxocm.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00121860 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00108398 _____ () C:\WINDOWS\ocmsn.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00090459 _____ () C:\WINDOWS\tabletoc.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00086926 _____ () C:\WINDOWS\msgsocm.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-02 15:34 - 2010-10-05 15:15 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit
2014-05-01 19:06 - 2010-10-28 21:50 - 00031744 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-01 19:06 - 2010-10-28 21:27 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Irek
2014-05-01 17:15 - 2010-10-05 15:15 - 00000000 ___HD () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji
2014-04-30 10:12 - 2004-08-04 13:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 10:12 - 2004-08-04 13:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-28 21:04 - 2010-10-05 16:40 - 00004854 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-28 21:04 - 2004-08-04 13:00 - 00765830 _____ () C:\WINDOWS\system32\perfh015.dat
2014-04-28 21:04 - 2004-08-04 13:00 - 00221528 _____ () C:\WINDOWS\system32\perfc015.dat
2014-04-25 23:06 - 2010-10-05 15:15 - 00000000 ___RD () C:\Documents and Settings\Admin\Ulubione
2014-04-25 15:29 - 2011-03-29 20:12 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Pisma Irek
2014-04-23 19:52 - 2010-10-05 15:15 - 00000000 ____D () C:\Documents and Settings\Admin

Some content of TEMP:
====================
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\avguidx.dll
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\CommonInstaller.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\DTLocker+-E-ParaDelay.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\gtb.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\H0J2.dll
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\MachineIdCreator.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\oi_{3949C32A-15E4-4796-A9E9-BE6AD6C73F8B}.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ose00000.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\pity2011ngsetup_aktual.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\setup_wm.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\SkypeSetup.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ToolbarInstaller.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\UNINSTALL.EXE
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{44DC27FD-8B07-4DD7-89E4-10F56FB16CC9}-GoogleUpdateSetup.exe
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{B778B998-74EC-4BB3-93F2-5710A850CF58}-GoogleUpdateSetup.exe
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\mpam-4424b7b.exe
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\mpam-98afb5d3.exe
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\mpam-a27f937a.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-04 13:00] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2004-08-04 13:00] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2004-08-04 13:00] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2004-08-04 13:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f 

C:\WINDOWS\system32\User32.dll
[2004-08-04 13:00] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2004-08-04 13:00] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 13:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-04 13:00] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================