Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014
Ran by Admin (administrator) on K-9DD81CB22E2C4 on 11-05-2014 03:10:01
Running from E:\
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(OptionNV) C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Option) C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [774233 2006-05-19] (Synaptics, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [53248 2007-08-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16062464 2006-12-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [89542 2006-08-30] (Agere Systems)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-796845957-602162358-725345543-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-796845957-602162358-725345543-1003\...\Run: [GG] => C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [3377288 2012-10-31] (GG Network S.A.)
Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GlobeTrotter Connect.lnk
ShortcutTarget: GlobeTrotter Connect.lnk -> C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/0,0.html?sc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gazeta.pl/0,0.html?sc=1
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.13 10.0.0.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\l0cujm57.default-1399775915984
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

========================== Services (Whitelisted) =================

R2 GtFlashSwitch; C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [176128 2007-02-09] (OptionNV)
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-02] (Intel Corporation )

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-10-06] (Meetinghouse Data Communications)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1286144 2008-02-20] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 GTMNDISIRPXP; C:\WINDOWS\System32\DRIVERS\Gtm51Irp.sys [122496 2007-04-14] (Option N.V.)
R3 GTPTSER; C:\WINDOWS\System32\DRIVERS\gtptser.sys [8064 2007-04-14] (Option N.V.)
R3 GTUQBUS; C:\WINDOWS\System32\DRIVERS\gtuqbus.sys [37120 2007-04-14] (Option N.V.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 08:11 - 2014-05-11 03:09 - 00000000 ____D () C:\FRST
2014-05-11 06:50 - 2014-05-11 06:52 - 00034150 _____ () C:\OTL.Txt
2014-05-11 04:38 - 2014-05-11 04:38 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Stare dane programu Firefox
2014-05-11 03:08 - 2014-05-11 03:08 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-05-11 03:02 - 2014-05-11 03:04 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Nowy folder
2014-05-11 02:54 - 2014-05-11 02:54 - 00000000 ____D () C:\MATS
2014-05-11 02:49 - 2014-05-11 02:49 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Windows PowerShell 1.0
2014-05-11 02:48 - 2014-05-11 03:07 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-05-11 02:48 - 2014-05-11 02:49 - 00033218 _____ () C:\WINDOWS\KB926139-v2.log
2014-05-11 02:48 - 2014-05-11 02:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$
2014-05-11 02:48 - 2014-05-11 02:48 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell
2014-05-10 01:52 - 2014-05-10 01:52 - 00000000 ____D () C:\WINDOWS\CSC
2014-05-09 13:25 - 2014-05-10 23:37 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-05-09 11:20 - 2014-05-09 11:20 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-05-09 09:44 - 2014-05-10 20:54 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 09:42 - 2014-05-09 09:42 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-05-09 09:16 - 2014-05-10 22:27 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-09 09:16 - 2014-05-09 11:20 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-09 09:16 - 2014-05-09 11:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione
2014-05-09 09:16 - 2010-10-26 20:50 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
2014-05-09 09:16 - 2010-10-26 20:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2014-05-09 09:16 - 2010-10-20 22:16 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit
2014-05-09 09:16 - 2010-10-05 16:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty
2014-05-09 09:16 - 2010-10-05 15:09 - 00001599 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk
2014-05-09 09:16 - 2010-10-05 15:09 - 00000792 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk
2014-05-09 09:16 - 2010-10-05 15:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria
2014-05-09 09:16 - 2010-10-05 15:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy
2014-05-09 09:16 - 2010-10-05 15:04 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony
2014-05-06 16:01 - 2014-05-06 16:03 - 00005811 _____ () C:\WINDOWS\KB2964358-IE8.log

==================== One Month Modified Files and Folders =======

2014-05-11 06:52 - 2014-05-11 06:50 - 00034150 _____ () C:\OTL.Txt
2014-05-11 04:41 - 2014-02-16 02:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 04:41 - 2010-10-07 18:37 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Adobe
2014-05-11 04:41 - 2010-10-06 08:28 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2014-05-11 04:38 - 2014-05-11 04:38 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Stare dane programu Firefox
2014-05-11 04:34 - 2010-10-05 16:38 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-05-11 04:34 - 2010-10-05 15:15 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy\Autostart
2014-05-11 04:19 - 2010-10-20 18:09 - 00002513 _____ () C:\Documents and Settings\Admin\Pulpit\Microsoft Office Word 2007.lnk
2014-05-11 04:11 - 2010-10-06 08:38 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 04:00 - 2010-10-05 16:39 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-05-11 03:10 - 2010-10-05 15:07 - 01852683 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-11 03:09 - 2014-05-11 08:11 - 00000000 ____D () C:\FRST
2014-05-11 03:09 - 2012-11-24 21:40 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\GG
2014-05-11 03:08 - 2014-05-11 03:08 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-05-11 03:08 - 2010-10-06 08:38 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 03:08 - 2010-10-06 08:27 - 00082518 _____ () C:\WINDOWS\spupdsvc.log
2014-05-11 03:08 - 2010-10-05 16:42 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-05-11 03:08 - 2010-10-05 16:42 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-05-11 03:08 - 2010-10-05 15:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-11 03:08 - 2004-08-04 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-11 03:07 - 2014-05-11 02:48 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-05-11 03:07 - 2010-10-05 15:13 - 00032572 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-11 03:06 - 2010-10-05 15:15 - 00000188 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2014-05-11 03:04 - 2014-05-11 03:02 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Nowy folder
2014-05-11 03:02 - 2010-10-05 15:15 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit
2014-05-11 03:00 - 2014-05-11 02:54 - 00000000 ____D () C:\MATS
2014-05-11 02:56 - 2010-10-05 15:15 - 00000000 __RHD () C:\Documents and Settings\Admin\Dane aplikacji
2014-05-11 02:49 - 2014-05-11 02:49 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Windows PowerShell 1.0
2014-05-11 02:49 - 2014-05-11 02:48 - 00033218 _____ () C:\WINDOWS\KB926139-v2.log
2014-05-11 02:49 - 2010-10-05 16:40 - 01922388 _____ () C:\WINDOWS\iis6.log
2014-05-11 02:49 - 2010-10-05 16:40 - 01742710 _____ () C:\WINDOWS\FaxSetup.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00843508 _____ () C:\WINDOWS\ocgen.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00801369 _____ () C:\WINDOWS\tsoc.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00591728 _____ () C:\WINDOWS\comsetup.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00553310 _____ () C:\WINDOWS\msmqinst.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00356427 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00305704 _____ () C:\WINDOWS\netfxocm.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00122285 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00108784 _____ () C:\WINDOWS\ocmsn.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00090778 _____ () C:\WINDOWS\tabletoc.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00087235 _____ () C:\WINDOWS\msgsocm.log
2014-05-11 02:49 - 2010-10-05 16:40 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-05-11 02:49 - 2010-10-05 16:39 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-05-11 02:48 - 2014-05-11 02:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$
2014-05-11 02:48 - 2014-05-11 02:48 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell
2014-05-10 23:37 - 2014-05-09 13:25 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-05-10 22:27 - 2014-05-09 09:16 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-10 20:54 - 2014-05-09 09:44 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 02:57 - 2010-10-05 16:38 - 00743307 _____ () C:\WINDOWS\setupapi.log
2014-05-10 01:52 - 2014-05-10 01:52 - 00000000 ____D () C:\WINDOWS\CSC
2014-05-09 11:20 - 2014-05-09 11:20 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-05-09 11:20 - 2014-05-09 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-09 11:19 - 2014-05-09 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione
2014-05-09 09:42 - 2014-05-09 09:42 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-05-06 16:03 - 2014-05-06 16:01 - 00005811 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-06 16:03 - 2010-10-06 21:49 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-06 16:03 - 2010-10-06 08:26 - 00282095 _____ () C:\WINDOWS\updspapi.log
2014-05-06 16:03 - 2010-10-05 16:40 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-05-01 19:06 - 2010-10-28 21:50 - 00031744 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-01 19:06 - 2010-10-28 21:27 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Irek
2014-05-01 17:15 - 2010-10-05 15:15 - 00000000 ___HD () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji
2014-04-30 10:12 - 2004-08-04 13:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 10:12 - 2004-08-04 13:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-28 21:04 - 2010-10-05 16:40 - 00004854 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-28 21:04 - 2004-08-04 13:00 - 00765830 _____ () C:\WINDOWS\system32\perfh015.dat
2014-04-28 21:04 - 2004-08-04 13:00 - 00221528 _____ () C:\WINDOWS\system32\perfc015.dat
2014-04-25 23:06 - 2010-10-05 15:15 - 00000000 ___RD () C:\Documents and Settings\Admin\Ulubione
2014-04-25 15:29 - 2011-03-29 20:12 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Pisma Irek
2014-04-23 19:52 - 2010-10-05 15:15 - 00000000 ____D () C:\Documents and Settings\Admin

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-04 13:00] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2004-08-04 13:00] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2004-08-04 13:00] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2004-08-04 13:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f 

C:\WINDOWS\system32\User32.dll
[2004-08-04 13:00] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2004-08-04 13:00] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 13:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-04 13:00] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================