Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014
Ran by Dorota (administrator) on USER-F60D4AAB13 on 07-02-2014 09:18:27
Running from C:\Documents and Settings\Dorota\Pulpit\md
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(GG Network S.A.) C:\Program Files\Gadu-Gadu 10\gg.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20053096 2011-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-842925246-1417001333-1606980848-1004\...\Run: [Gadu-Gadu 10] - C:\Program Files\Gadu-Gadu 10\gg.exe [13374048 2011-07-04] (GG Network S.A.)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 10.10.0.1:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 10.10.0.10 212.182.63.66

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dorota\Dane aplikacji\Mozilla\Firefox\Profiles\v9xzz59b.default-1391760900984
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-06] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-06-27] (AVG Technologies)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
U3 TrueSight; C:\WINDOWS\system32\TrueSight.sys [26624 2014-02-03] ()
S4 IntelIde; No ImagePath
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 09:15 - 2014-02-07 09:15 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\Stare dane programu Firefox
2014-02-06 09:17 - 2014-02-07 09:18 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\md
2014-02-06 09:08 - 2014-02-06 09:08 - 00001804 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk
2014-02-06 09:08 - 2014-02-06 09:08 - 00001734 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk
2014-02-06 09:08 - 2014-02-06 09:08 - 00000000 ____D () C:\Program Files\Adobe
2014-02-06 09:06 - 2014-02-06 09:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-06 09:06 - 2014-02-06 09:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-06 09:05 - 2014-02-06 09:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-06 09:05 - 2014-02-06 09:05 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-06 09:05 - 2014-02-06 09:05 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-06 09:05 - 2014-02-06 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java
2014-02-06 08:55 - 2014-02-06 08:55 - 00000784 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-02-06 08:55 - 2014-02-06 08:55 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-06 08:55 - 2014-02-06 08:55 - 00000000 ____D () C:\Documents and Settings\Dorota\Dane aplikacji\Malwarebytes
2014-02-06 08:55 - 2014-02-06 08:55 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
2014-02-06 08:55 - 2014-02-06 08:55 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-02-06 08:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-04 14:29 - 2014-02-04 14:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini020414-01.dmp
2014-02-04 14:29 - 2014-02-04 14:29 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-04 14:07 - 2014-02-07 09:18 - 00000000 ____D () C:\FRST
2014-02-03 09:19 - 2014-02-03 09:19 - 00000000 ____D () C:\Documents and Settings\Dorota\Dane aplikacji\Avira
2014-02-03 09:18 - 2014-02-03 09:18 - 00000000 ___SD () C:\Documents and Settings\LocalService\UserData
2014-02-03 09:18 - 2014-02-03 09:18 - 00000000 ___RD () C:\Documents and Settings\LocalService\Ulubione
2014-02-03 09:18 - 2014-02-03 09:18 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\Avira
2014-02-03 09:16 - 2014-02-03 09:16 - 00000000 ____D () C:\Program Files\Avira
2014-02-03 09:16 - 2014-02-03 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Avira
2014-02-03 09:16 - 2014-02-03 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Avira
2014-02-03 09:16 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-02-03 09:16 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-02-03 09:16 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-02-03 09:16 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-02-03 09:05 - 2014-02-03 09:05 - 00026624 _____ () C:\WINDOWS\system32\TrueSight.sys
2014-02-03 09:04 - 2014-02-03 09:10 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\RK_Quarantine
2014-02-03 09:04 - 2014-02-03 09:04 - 03792384 _____ () C:\Documents and Settings\Dorota\Moje dokumenty\RogueKiller.exe
2014-02-03 08:48 - 2014-02-03 08:51 - 00000000 ____D () C:\AdwCleaner
2014-01-28 13:49 - 2014-01-28 14:00 - 00000000 ____D () C:\Documents and Settings\Dorota\Dane aplikacji\Irp
2014-01-13 13:38 - 2014-01-14 09:59 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\rotacje-listy studentow 2013-2014

==================== One Month Modified Files and Folders =======

2014-02-07 09:18 - 2014-02-06 09:17 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\md
2014-02-07 09:18 - 2014-02-04 14:07 - 00000000 ____D () C:\FRST
2014-02-07 09:15 - 2014-02-07 09:15 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\Stare dane programu Firefox
2014-02-07 09:15 - 2011-08-05 08:33 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit
2014-02-07 09:13 - 2011-08-05 08:33 - 00000000 ___HD () C:\Documents and Settings\Dorota\Ustawienia lokalne\Dane aplikacji
2014-02-07 09:13 - 2011-05-05 16:06 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-02-07 09:13 - 2011-05-05 14:29 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
2014-02-07 08:32 - 2012-06-11 11:41 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-07 07:45 - 2008-04-15 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-07 07:44 - 2011-05-05 16:09 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-02-07 07:44 - 2011-05-05 16:09 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-02-07 07:43 - 2011-05-05 14:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-06 15:20 - 2011-08-05 08:33 - 00000188 ___SH () C:\Documents and Settings\Dorota\ntuser.ini
2014-02-06 15:20 - 2011-08-05 08:33 - 00000000 ____D () C:\Documents and Settings\Dorota
2014-02-06 15:20 - 2011-05-05 15:31 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-06 15:20 - 2011-05-05 14:23 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-06 15:20 - 2011-05-05 14:16 - 01650827 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-06 12:21 - 2013-11-14 08:39 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\protokoly 2013-2014
2014-02-06 09:24 - 2011-09-07 14:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2607712$
2014-02-06 09:24 - 2011-08-05 08:33 - 00000000 ___RD () C:\Documents and Settings\Dorota\Moje dokumenty
2014-02-06 09:20 - 2011-08-10 10:41 - 00000000 ____D () C:\Documents and Settings\Dorota\Moje dokumenty\Pobieranie
2014-02-06 09:11 - 2012-04-17 10:58 - 00000000 ____D () C:\Program Files\Java
2014-02-06 09:10 - 2012-06-11 11:41 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-06 09:10 - 2011-07-29 14:02 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-06 09:09 - 2011-08-10 13:06 - 00000000 ____D () C:\Documents and Settings\Dorota\Ustawienia lokalne\Dane aplikacji\Adobe
2014-02-06 09:08 - 2014-02-06 09:08 - 00001804 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk
2014-02-06 09:08 - 2014-02-06 09:08 - 00001734 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk
2014-02-06 09:08 - 2014-02-06 09:08 - 00000000 ____D () C:\Program Files\Adobe
2014-02-06 09:08 - 2011-05-12 11:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-06 09:08 - 2011-05-12 11:08 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2014-02-06 09:08 - 2011-05-05 16:06 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-02-06 09:08 - 2011-05-05 16:06 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-02-06 09:06 - 2014-02-06 09:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-06 09:05 - 2014-02-06 09:06 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-06 09:05 - 2014-02-06 09:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-06 09:05 - 2014-02-06 09:05 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-06 09:05 - 2014-02-06 09:05 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-06 09:05 - 2014-02-06 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java
2014-02-06 09:05 - 2012-04-17 10:58 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-02-06 09:05 - 2011-05-05 16:06 - 00005620 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-06 09:05 - 2008-04-15 13:00 - 00998596 _____ () C:\WINDOWS\system32\perfh015.dat
2014-02-06 09:05 - 2008-04-15 13:00 - 00339264 _____ () C:\WINDOWS\system32\perfc015.dat
2014-02-06 08:55 - 2014-02-06 08:55 - 00000784 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-02-06 08:55 - 2014-02-06 08:55 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-06 08:55 - 2014-02-06 08:55 - 00000000 ____D () C:\Documents and Settings\Dorota\Dane aplikacji\Malwarebytes
2014-02-06 08:55 - 2014-02-06 08:55 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
2014-02-06 08:55 - 2014-02-06 08:55 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-02-06 08:55 - 2011-08-05 08:33 - 00000000 __RHD () C:\Documents and Settings\Dorota\Dane aplikacji
2014-02-05 10:56 - 2013-11-05 08:15 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\formularze dla stud ang
2014-02-04 14:29 - 2014-02-04 14:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini020414-01.dmp
2014-02-04 14:29 - 2014-02-04 14:29 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-04 12:40 - 2011-08-10 10:30 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\Umowy zlecenia staże przeddyplomowe
2014-02-03 10:06 - 2011-06-28 09:17 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-02-03 09:40 - 2012-11-30 09:11 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\karta czasu pracy
2014-02-03 09:20 - 2011-05-05 16:06 - 00574900 _____ () C:\WINDOWS\setupapi.log
2014-02-03 09:20 - 2011-05-05 15:59 - 00000000 ____D () C:\WINDOWS\repair
2014-02-03 09:20 - 2011-05-05 14:14 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-03 09:19 - 2014-02-03 09:19 - 00000000 ____D () C:\Documents and Settings\Dorota\Dane aplikacji\Avira
2014-02-03 09:18 - 2014-02-03 09:18 - 00000000 ___SD () C:\Documents and Settings\LocalService\UserData
2014-02-03 09:18 - 2014-02-03 09:18 - 00000000 ___RD () C:\Documents and Settings\LocalService\Ulubione
2014-02-03 09:18 - 2014-02-03 09:18 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\Avira
2014-02-03 09:18 - 2011-05-05 14:23 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-02-03 09:18 - 2011-05-05 14:23 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji
2014-02-03 09:16 - 2014-02-03 09:16 - 00000000 ____D () C:\Program Files\Avira
2014-02-03 09:16 - 2014-02-03 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Avira
2014-02-03 09:16 - 2014-02-03 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Avira
2014-02-03 09:11 - 2013-04-08 13:42 - 00000000 ____D () C:\Documents and Settings\Dorota\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
2014-02-03 09:11 - 2011-05-05 14:29 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji
2014-02-03 09:10 - 2014-02-03 09:04 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\RK_Quarantine
2014-02-03 09:05 - 2014-02-03 09:05 - 00026624 _____ () C:\WINDOWS\system32\TrueSight.sys
2014-02-03 09:04 - 2014-02-03 09:04 - 03792384 _____ () C:\Documents and Settings\Dorota\Moje dokumenty\RogueKiller.exe
2014-02-03 08:51 - 2014-02-03 08:48 - 00000000 ____D () C:\AdwCleaner
2014-02-03 08:44 - 2011-08-05 08:33 - 00000000 ___RD () C:\Documents and Settings\Dorota\Menu Start\Programy
2014-01-28 14:00 - 2014-01-28 13:49 - 00000000 ____D () C:\Documents and Settings\Dorota\Dane aplikacji\Irp
2014-01-28 13:30 - 2013-05-28 09:36 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\dokumenty w wordzie
2014-01-14 09:59 - 2014-01-13 13:38 - 00000000 ____D () C:\Documents and Settings\Dorota\Pulpit\rotacje-listy studentow 2013-2014
2014-01-08 07:39 - 2011-11-03 10:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

Some content of TEMP:
====================
C:\Documents and Settings\Dorota\Ustawienia lokalne\Temp\avgnt.exe
C:\Documents and Settings\Dorota\Ustawienia lokalne\Temp\gg10.upgr.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2008-04-15 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f 

C:\WINDOWS\system32\User32.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2008-04-15 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================