Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014 Ran by user (administrator) on OPTI on 06-02-2014 07:56:45 Running from C:\Documents and Settings\user\Pulpit Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (CANON INC.) C:\WINDOWS\system32\CAPRPCSK.EXE () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fst_pl_41\upfst_pl_41.exe (Akamai Technologies, Inc.) C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CAPON] - C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE [22528 2000-04-19] (CANON INC.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [Regedit32] - C:\WINDOWS\system32\regedit.exe HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [] - [X] HKLM\...\Run: [fst_pl_41] - [X] HKLM\...\Run: [upfst_pl_41.exe] - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fst_pl_41\upfst_pl_41.exe [3154416 2014-01-27] () HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\RunOnce: [Discount Dragon-repairJob] - wscript.exe "C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Discount Dragon\repair.js" "Discount Dragon-repairJob" [1846 2013-12-18] () HKU\S-1-5-21-1659004503-1417001333-1801674531-1004\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-1659004503-1417001333-1801674531-1004\...\Run: [Tiny download manager] - "C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DM\TinyDM.exe" /M HKU\S-1-5-21-1659004503-1417001333-1801674531-1004\...\Run: [NextLive] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\user\Dane aplikacji\newnext.me\nengine.dll",EntryPoint -m l Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Canon LBP-800 Status Window.LNK ShortcutTarget: Canon LBP-800 Status Window.LNK -> C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1391433867&from=slbnew&uid=HitachiXHDS721616PLA380_PVG904Z23NZS0V3NZS0VX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1391433867&from=slbnew&uid=HitachiXHDS721616PLA380_PVG904Z23NZS0V3NZS0VX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1391433867&from=slbnew&uid=HitachiXHDS721616PLA380_PVG904Z23NZS0V3NZS0VX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1391433867&from=slbnew&uid=HitachiXHDS721616PLA380_PVG904Z23NZS0V3NZS0VX&q={searchTerms} SearchScopes: HKCU - {28E271C9-9EE6-463F-8204-872054D9D679} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: Discount Dragon BHO - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} - C:\Program Files\Discount Dragon\FrameworkBHO.dll () DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Chrome: ======= CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E02F001D7D3B6905&affID=120695&tsp=4967 CHR Plugin: (Shockwave Flash) - c:\program files\google\chrome\application\32.0.1700.107\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - c:\program files\google\chrome\application\32.0.1700.107\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - c:\program files\google\chrome\application\32.0.1700.107\pdf.dll () CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Autodesk Design Review Browser Add-on v1.2) - C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Extension: (Dokumenty Google) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-10] CHR Extension: (Dysk Google) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-10] CHR Extension: (YouTube) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-10] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-10] CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10] CHR Extension: (Gmail) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-10] ========================== Services (Whitelisted) ================= R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.) S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-06-05] (Sun Microsystems, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R2 Kmm4xNT; C:\WINDOWS\system32\Drivers\Kmm4xNT.sys [95484 2000-11-25] (DATOM Dariusz Cielebąk) R3 KMM4xUSB; C:\WINDOWS\System32\Drivers\KMM4xUSB.sys [101884 2003-06-02] (DATOM Dariusz Cielebąk) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) S3 msloop; C:\WINDOWS\System32\DRIVERS\loop.sys [4992 2001-08-17] (Microsoft Corporation) R2 port_nt; c:\windows\system32\drivers\port_nt.sys [2816 2004-10-12] () R2 RapidPort; C:\WINDOWS\system32\Drivers\CAPLPTN.SYS [23008 2000-04-19] (CANON INC.) S3 RTLTEAMING; C:\WINDOWS\System32\DRIVERS\RTLTEAMING.SYS [29440 2009-10-12] (Realtek Semiconductor Corporation) S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17536 2009-02-16] (Realtek Semiconductor Corporation ) R2 RtNdPt5x; C:\WINDOWS\System32\DRIVERS\RtNdPt5x.sys [22016 2008-07-09] (Realtek Semiconductor Corporation ) S0 b9b0c9bf14119a19; \SystemRoot\System32\Drivers\b9b0c9bf14119a19.sys [X] S3 catchme; \??\C:\DOCUME~1\user\USTAWI~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U3 TlntSvr; U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-06 07:56 - 2014-02-06 07:56 - 00012119 _____ () C:\Documents and Settings\user\Pulpit\FRST.txt 2014-02-06 07:55 - 2014-02-06 07:56 - 00000000 ____D () C:\FRST 2014-02-06 07:55 - 2014-02-06 07:55 - 01139200 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2014-02-06 07:46 - 2014-02-06 07:46 - 00071024 _____ () C:\Documents and Settings\user\Pulpit\OTL.Txt 2014-02-06 07:46 - 2014-02-06 07:46 - 00031948 _____ () C:\Documents and Settings\user\Pulpit\Extras.Txt 2014-02-06 07:35 - 2014-02-06 07:35 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\user\Pulpit\OTL.exe 2014-02-05 09:58 - 2014-02-05 09:58 - 09216904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2014-02-04 09:21 - 2014-02-04 12:16 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Fix 2014-02-03 14:37 - 2014-02-06 07:17 - 00000330 _____ () C:\WINDOWS\Tasks\bench-sys.job 2014-02-03 14:37 - 2014-02-05 14:06 - 00000330 _____ () C:\WINDOWS\Tasks\bench-S-1-5-21-1659004503-1417001333-1801674531-1004.job 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Program Files\predm 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Program Files\Discount Dragon 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Program Files\Bench 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Discount Dragon 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\BenchUpdater 2014-02-03 14:28 - 2014-02-03 14:31 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\cache 2014-02-03 14:28 - 2014-02-03 14:28 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\iSafe 2014-02-03 14:28 - 2014-02-03 14:28 - 00000000 ____D () C:\Documents and Settings\user\.android 2014-02-03 14:27 - 2014-02-06 07:15 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\newnext.me 2014-02-03 14:27 - 2014-02-03 14:32 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Mobogenie 2014-02-03 14:27 - 2014-02-03 14:32 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\SwvUpdater 2014-02-03 14:27 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\genienext 2014-02-03 14:27 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\freeSOFTtoday 2014-02-03 14:27 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Moje dokumenty\Mobogenie 2014-02-03 14:27 - 2014-02-03 14:27 - 00000000 _____ () C:\Documents and Settings\user\daemonprocess.txt 2014-02-03 14:24 - 2014-02-03 14:32 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\nationzoom 2014-02-03 14:03 - 2014-02-03 14:20 - 00000000 ____D () C:\Program Files\MyPC Backup 2014-02-03 14:02 - 2014-02-03 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\WPM 2014-02-03 14:02 - 2014-02-03 14:32 - 00000000 ____D () C:\Program Files\SupTab 2014-02-03 14:02 - 2014-02-03 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\IePluginService 2014-02-03 14:01 - 2012-01-20 14:14 - 00017280 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot.exe 2014-02-03 13:53 - 2014-02-03 13:53 - 00000001 _____ () C:\WINDOWS\system32\epe2000.dll 2014-02-03 13:50 - 2014-02-06 07:49 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fst_pl_41 2014-02-03 13:50 - 2014-02-03 14:35 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Lollipop 2014-01-20 08:33 - 2014-01-20 08:33 - 00010240 _____ () C:\Documents and Settings\user\Pulpit\GERPOL-SPYTEK Dorota - zestawienie faktur.xls 2014-01-20 08:31 - 2014-01-20 08:31 - 00011635 _____ () C:\Documents and Settings\user\Pulpit\GERPOL-SPYTEK Dorota - zestawienie faktur.xlsx 2014-01-15 15:02 - 2014-01-15 15:02 - 00004347 _____ () C:\WINDOWS\KB2914368.log 2014-01-15 15:02 - 2014-01-15 15:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-07 14:09 - 2014-02-05 14:03 - 00016360 _____ () C:\Documents and Settings\user\Pulpit\lista obecności_z_godzinami 31 dni.ods ==================== One Month Modified Files and Folders ======= 2014-02-06 07:56 - 2014-02-06 07:56 - 00012119 _____ () C:\Documents and Settings\user\Pulpit\FRST.txt 2014-02-06 07:56 - 2014-02-06 07:55 - 00000000 ____D () C:\FRST 2014-02-06 07:56 - 2011-06-05 22:01 - 00000000 ____D () C:\Documents and Settings\user\Pulpit 2014-02-06 07:55 - 2014-02-06 07:55 - 01139200 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2014-02-06 07:53 - 2008-04-15 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-02-06 07:49 - 2014-02-03 13:50 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fst_pl_41 2014-02-06 07:49 - 2011-06-05 21:53 - 02092511 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-06 07:48 - 2011-06-05 22:29 - 00000460 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{7D5E0294-4846-4F5D-BD75-CA25A7719D6C}.job 2014-02-06 07:46 - 2014-02-06 07:46 - 00071024 _____ () C:\Documents and Settings\user\Pulpit\OTL.Txt 2014-02-06 07:46 - 2014-02-06 07:46 - 00031948 _____ () C:\Documents and Settings\user\Pulpit\Extras.Txt 2014-02-06 07:35 - 2014-02-06 07:35 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\user\Pulpit\OTL.exe 2014-02-06 07:25 - 2013-11-19 12:46 - 00000406 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2014-02-06 07:17 - 2014-02-03 14:37 - 00000330 _____ () C:\WINDOWS\Tasks\bench-sys.job 2014-02-06 07:15 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\newnext.me 2014-02-06 07:15 - 2013-09-10 11:49 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-06 07:15 - 2012-07-04 12:48 - 00000000 ____D () C:\Program Files\Common Files\Akamai 2014-02-06 07:15 - 2011-06-05 23:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-02-06 07:15 - 2011-06-05 23:46 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-02-06 07:15 - 2011-06-05 21:59 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-02-05 15:02 - 2011-06-05 22:01 - 00000292 ___SH () C:\Documents and Settings\user\ntuser.ini 2014-02-05 15:02 - 2011-06-05 21:59 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt 2014-02-05 14:58 - 2012-09-03 06:56 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-02-05 14:07 - 2013-09-10 11:50 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-05 14:06 - 2014-02-03 14:37 - 00000330 _____ () C:\WINDOWS\Tasks\bench-S-1-5-21-1659004503-1417001333-1801674531-1004.job 2014-02-05 14:03 - 2014-01-07 14:09 - 00016360 _____ () C:\Documents and Settings\user\Pulpit\lista obecności_z_godzinami 31 dni.ods 2014-02-05 13:57 - 2011-06-06 11:55 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\Canon 2014-02-05 09:58 - 2014-02-05 09:58 - 09216904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2014-02-05 09:58 - 2012-09-03 06:56 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-02-05 09:58 - 2011-06-05 22:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-02-05 09:09 - 2013-02-15 08:42 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Pojedyncze oferty 2014-02-04 12:16 - 2014-02-04 09:21 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Fix 2014-02-04 10:21 - 2012-11-16 10:46 - 00048128 _____ () C:\Documents and Settings\user\Pulpit\PROTOKOLY ODBIORU ROBÓT - ul. Sułowska 16.11.2012.xls 2014-02-04 09:05 - 2011-06-06 11:07 - 00000000 ____D () C:\Documents and Settings\user\Moje dokumenty\1_BUDOWY 2014-02-04 07:22 - 2013-08-07 11:49 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\systweak 2014-02-04 07:22 - 2011-06-05 23:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-02-04 07:22 - 2011-06-05 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-02-04 07:18 - 2011-06-05 22:01 - 00000000 ___RD () C:\Documents and Settings\user\Menu Start\Programy 2014-02-04 07:11 - 2011-06-05 23:43 - 00168304 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-02-03 15:05 - 2011-06-05 23:36 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Program Files\predm 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Program Files\Discount Dragon 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Program Files\Bench 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Discount Dragon 2014-02-03 14:37 - 2014-02-03 14:37 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\BenchUpdater 2014-02-03 14:37 - 2011-06-05 22:01 - 00000000 ___HD () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji 2014-02-03 14:35 - 2014-02-03 13:50 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Lollipop 2014-02-03 14:34 - 2014-02-03 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\WPM 2014-02-03 14:33 - 2011-06-05 23:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start 2014-02-03 14:33 - 2011-06-05 23:43 - 00000000 __RHD () C:\Documents and Settings\Default User\Dane aplikacji 2014-02-03 14:32 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Mobogenie 2014-02-03 14:32 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\SwvUpdater 2014-02-03 14:32 - 2014-02-03 14:24 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\nationzoom 2014-02-03 14:32 - 2014-02-03 14:02 - 00000000 ____D () C:\Program Files\SupTab 2014-02-03 14:32 - 2011-06-05 22:01 - 00000803 _____ () C:\Documents and Settings\user\Menu Start\Programy\Internet Explorer.lnk 2014-02-03 14:31 - 2014-02-03 14:28 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\cache 2014-02-03 14:28 - 2014-02-03 14:28 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\iSafe 2014-02-03 14:28 - 2014-02-03 14:28 - 00000000 ____D () C:\Documents and Settings\user\.android 2014-02-03 14:28 - 2011-06-05 22:55 - 00030328 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-02-03 14:28 - 2011-06-05 22:01 - 00000000 __RHD () C:\Documents and Settings\user\Dane aplikacji 2014-02-03 14:27 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\genienext 2014-02-03 14:27 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\freeSOFTtoday 2014-02-03 14:27 - 2014-02-03 14:27 - 00000000 ____D () C:\Documents and Settings\user\Moje dokumenty\Mobogenie 2014-02-03 14:27 - 2014-02-03 14:27 - 00000000 _____ () C:\Documents and Settings\user\daemonprocess.txt 2014-02-03 14:27 - 2011-06-05 22:01 - 00000000 ___RD () C:\Documents and Settings\user\Moje dokumenty 2014-02-03 14:20 - 2014-02-03 14:03 - 00000000 ____D () C:\Program Files\MyPC Backup 2014-02-03 14:20 - 2011-06-05 22:01 - 00000000 ___RD () C:\Documents and Settings\user\Menu Start\Programy\Autostart 2014-02-03 14:02 - 2014-02-03 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\IePluginService 2014-02-03 14:02 - 2011-06-05 23:43 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-02-03 13:53 - 2014-02-03 13:53 - 00000001 _____ () C:\WINDOWS\system32\epe2000.dll 2014-01-20 08:33 - 2014-01-20 08:33 - 00010240 _____ () C:\Documents and Settings\user\Pulpit\GERPOL-SPYTEK Dorota - zestawienie faktur.xls 2014-01-20 08:31 - 2014-01-20 08:31 - 00011635 _____ () C:\Documents and Settings\user\Pulpit\GERPOL-SPYTEK Dorota - zestawienie faktur.xlsx 2014-01-19 08:32 - 2011-06-05 23:00 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-01-16 13:53 - 2012-08-27 11:17 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Nowy folder 2014-01-15 15:05 - 2013-08-19 10:04 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-01-15 15:02 - 2014-01-15 15:02 - 00004347 _____ () C:\WINDOWS\KB2914368.log 2014-01-15 15:02 - 2014-01-15 15:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-15 15:02 - 2011-10-12 14:11 - 00418770 _____ () C:\WINDOWS\setupapi.log 2014-01-15 15:02 - 2011-06-05 23:44 - 01568338 _____ () C:\WINDOWS\FaxSetup.log 2014-01-15 15:02 - 2011-06-05 23:44 - 00768056 _____ () C:\WINDOWS\ocgen.log 2014-01-15 15:02 - 2011-06-05 23:44 - 00607023 _____ () C:\WINDOWS\tsoc.log 2014-01-15 15:02 - 2011-06-05 23:44 - 00535019 _____ () C:\WINDOWS\comsetup.log 2014-01-15 15:02 - 2011-06-05 23:44 - 00323291 _____ () C:\WINDOWS\ntdtcsetup.log 2014-01-15 15:02 - 2011-06-05 23:44 - 00247207 _____ () C:\WINDOWS\iis6.log 2014-01-15 15:02 - 2011-06-05 23:44 - 00098270 _____ () C:\WINDOWS\ocmsn.log 2014-01-15 15:02 - 2011-06-05 23:44 - 00077504 _____ () C:\WINDOWS\msgsocm.log 2014-01-15 15:02 - 2011-06-05 23:44 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-01-15 15:02 - 2011-06-05 22:59 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-15 08:31 - 2013-02-04 07:44 - 00002315 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-01-14 11:12 - 2011-06-05 23:44 - 01320280 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-14 11:12 - 2008-04-15 13:00 - 00591598 _____ () C:\WINDOWS\system32\perfh015.dat 2014-01-14 11:12 - 2008-04-15 13:00 - 00120672 _____ () C:\WINDOWS\system32\perfc015.dat Some content of TEMP: ==================== C:\Documents and Settings\user\Ustawienia lokalne\temp\AskSLib.dll C:\Documents and Settings\user\Ustawienia lokalne\temp\BackupSetup.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\fp_pl_pfs_installer.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\ICReinstall_nsq6EB.tmp.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\ICReinstall_Setup.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\install_reader11_uk_gtbd_chrd_dn_aih[1].exe C:\Documents and Settings\user\Ustawienia lokalne\temp\mgsqlite3.dll C:\Documents and Settings\user\Ustawienia lokalne\temp\nsq6EB.tmp.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\nsy6F9.tmp.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\nsy703.tmp.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\Setup.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\setup_somoto_fst_pl_41.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\Shortcut_bundlesweetimsetup.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\Shortcut_SweetImSetup.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\Shortcut_SweetImSetup[1].exe C:\Documents and Settings\user\Ustawienia lokalne\temp\SIMEEIInstaller.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\uninst1.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\Updater.exe C:\Documents and Settings\user\Ustawienia lokalne\temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================