Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014 Ran by Pawel (administrator) on PKNOZOWSKI on 08-02-2014 17:52:30 Running from C:\Documents and Settings\Pawel\Moje dokumenty\Pobieranie Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe (Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (DAEMON'S HOME) C:\Program Files\D-Tools\daemon.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe () C:\WINDOWS\system32\kooquocoukoom.exe () C:\WINDOWS\system32\toocece.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [VMonitorVMUVC] - C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation) HKLM\...\Run: [DAEMON Tools-1033] - C:\Program Files\D-Tools\daemon.exe [81920 2004-08-22] (DAEMON'S HOME) HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-02-16] (CyberLink Corp.) HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2008-10-13] (CyberLink Corp.) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [hasab] - C:\WINDOWS\system32\toocece.exe [224768 2014-01-08] () HKLM\...\Run: [wakoul] - C:\WINDOWS\system32\toocece.exe [224768 2014-01-08] () HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-19] (AVAST Software) HKU\S-1-5-21-1644491937-688789844-1957994488-1003\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17148552 2012-02-29] (Skype Technologies S.A.) HKU\S-1-5-21-1644491937-688789844-1957994488-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1667584 2004-08-04] (Microsoft Corporation) HKU\S-1-5-21-1644491937-688789844-1957994488-1003\...\Run: [ChomikBox] - C:\Program Files\ChomikBox\ChomikBox.exe HKU\S-1-5-21-1644491937-688789844-1957994488-1003\...\Run: [NextLive] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Pawel\Dane aplikacji\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-1644491937-688789844-1957994488-1003\...\MountPoints2: {43167320-2076-11e2-8a0b-001f1f147d80} - H:\zarila//samzar.exe HKU\S-1-5-21-1644491937-688789844-1957994488-1003\...\MountPoints2: {ca8083ee-808b-11e1-88d5-001f1f147d80} - G:\Setup.exe HKU\S-1-5-21-1644491937-688789844-1957994488-1003\...\Winlogon: [Shell] C:\Documents and Settings\Pawel\ydwzro.exe,explorer.exe,C:\Documents and Settings\Pawel\xcqzq.exe [120832 2014-01-08] (Under Oert) <==== ATTENTION Lsa: [Notification Packages] scecli ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Pawel\Dane aplikacji\Mozilla\Firefox\Profiles\a4ua2j6a.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= S2 uploadmgr; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation) R0 d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( ) R0 d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [5248 2004-08-22] ( ) R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation) R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation) S4 oypbdcba; C:\WINDOWS\system32\Drivers\oypbdcba.sys [410528 2014-02-08] (AVAST Software) R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [252416 2009-05-25] (Vimicro Corporation) S3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-08 17:52 - 2014-02-08 17:52 - 00000000 ____D () C:\FRST 2014-02-08 17:49 - 2014-02-08 17:49 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\oypbdcba.sys 2014-02-08 17:48 - 2014-02-08 17:48 - 00000000 ____D () C:\Documents and Settings\Pawel\Menu Start\Programy\CyberLink PowerDVD 9 2014-02-08 17:43 - 2014-02-08 17:46 - 00000000 ____D () C:\AdwCleaner 2014-02-08 17:42 - 2014-02-08 17:42 - 01166132 _____ () C:\Documents and Settings\Pawel\Pulpit\AdwCleaner.exe 2014-02-08 17:38 - 2014-02-08 17:48 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-08 17:38 - 2014-02-08 17:43 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-08 17:37 - 2014-02-08 17:37 - 00000000 ____D () C:\Program Files\Google 2014-02-08 17:37 - 2014-02-08 17:37 - 00000000 ____D () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\Google 2014-02-08 17:36 - 2014-02-08 17:46 - 49940480 _____ () C:\Program Files\GUT18.tmp 2014-02-08 17:36 - 2014-02-08 17:37 - 00000000 ____D () C:\Program Files\GUM17.tmp 2014-02-08 17:36 - 2014-02-08 17:36 - 00847336 _____ (Google Inc.) C:\Documents and Settings\Pawel\Pulpit\ChromeSetup.exe 2014-01-25 13:57 - 2014-01-25 13:58 - 00739934 _____ () C:\Documents and Settings\Pawel\Pulpit\tarczyca.bmp 2014-01-25 12:19 - 2014-01-25 12:19 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit\fizjo zwierząt pytania 2014-01-25 10:05 - 2014-01-25 10:05 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit\pytania anatomia 2014-01-19 13:11 - 2014-01-19 13:11 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\kbjltkbi.sys 2014-01-19 13:09 - 2014-01-19 13:09 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\xxdbjslf.sys 2014-01-19 13:02 - 2014-01-19 13:02 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\tmadtwjl.sys 2014-01-19 12:54 - 2014-01-19 12:54 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\olnfnuhv.sys 2014-01-19 12:21 - 2014-01-19 13:53 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit\Ania Marcin PŁYTA 2014-01-19 11:54 - 2014-02-08 17:49 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-19 11:54 - 2014-01-28 21:20 - 00001733 _____ () C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk 2014-01-19 11:54 - 2014-01-19 11:54 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-01-19 11:54 - 2014-01-19 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Avast 2014-01-19 11:51 - 2014-01-19 12:18 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit\Ania Marcin DOM 2014-01-19 11:49 - 2014-01-19 11:45 - 91412976 _____ (AVAST Software) C:\Documents and Settings\Pawel\Pulpit\avast_free_antivirus_setup.exe 2014-01-19 11:37 - 2014-01-19 11:37 - 00001919 _____ () C:\WINDOWS\epplauncher.mif 2014-01-19 11:37 - 2014-01-19 11:37 - 00001570 _____ () C:\WINDOWS\KB914882.log 2014-01-19 11:23 - 2014-02-08 17:48 - 00000000 ____D () C:\Documents and Settings\Pawel\Dane aplikacji\newnext.me 2014-01-19 11:23 - 2014-01-19 11:27 - 00000000 ____D () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\Mobogenie 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\genienext 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\cache 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\Moje dokumenty\Mobogenie 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\.android 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 _____ () C:\Documents and Settings\Pawel\daemonprocess.txt 2014-01-19 11:22 - 2014-01-19 11:27 - 00000000 ____D () C:\Program Files\Mobogenie ==================== One Month Modified Files and Folders ======= 2014-02-08 17:52 - 2014-02-08 17:52 - 00000000 ____D () C:\FRST 2014-02-08 17:52 - 2012-04-06 23:10 - 00000000 ____D () C:\Documents and Settings\Pawel\Moje dokumenty\Pobieranie 2014-02-08 17:49 - 2014-02-08 17:49 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\oypbdcba.sys 2014-02-08 17:49 - 2014-01-19 11:54 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-02-08 17:49 - 2012-03-31 14:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-08 17:49 - 2012-02-07 12:23 - 01632306 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-08 17:48 - 2014-02-08 17:48 - 00000000 ____D () C:\Documents and Settings\Pawel\Menu Start\Programy\CyberLink PowerDVD 9 2014-02-08 17:48 - 2014-02-08 17:38 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-08 17:48 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\Dane aplikacji\newnext.me 2014-02-08 17:48 - 2012-03-30 21:00 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job 2014-02-08 17:48 - 2012-02-07 13:11 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-02-08 17:48 - 2012-02-07 13:11 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-02-08 17:48 - 2012-02-07 12:33 - 00000000 ___RD () C:\Documents and Settings\Pawel\Menu Start\Programy 2014-02-08 17:47 - 2012-02-07 12:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-02-08 17:46 - 2014-02-08 17:43 - 00000000 ____D () C:\AdwCleaner 2014-02-08 17:46 - 2014-02-08 17:36 - 49940480 _____ () C:\Program Files\GUT18.tmp 2014-02-08 17:46 - 2012-02-07 13:08 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-02-08 17:46 - 2012-02-07 12:33 - 00000188 ___SH () C:\Documents and Settings\Pawel\ntuser.ini 2014-02-08 17:43 - 2014-02-08 17:38 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-08 17:43 - 2012-02-07 12:33 - 00000000 ___HD () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji 2014-02-08 17:42 - 2014-02-08 17:42 - 01166132 _____ () C:\Documents and Settings\Pawel\Pulpit\AdwCleaner.exe 2014-02-08 17:42 - 2012-02-07 12:33 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit 2014-02-08 17:37 - 2014-02-08 17:37 - 00000000 ____D () C:\Program Files\Google 2014-02-08 17:37 - 2014-02-08 17:37 - 00000000 ____D () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\Google 2014-02-08 17:37 - 2014-02-08 17:36 - 00000000 ____D () C:\Program Files\GUM17.tmp 2014-02-08 17:36 - 2014-02-08 17:36 - 00847336 _____ (Google Inc.) C:\Documents and Settings\Pawel\Pulpit\ChromeSetup.exe 2014-02-08 17:34 - 2013-11-26 20:07 - 00224768 _____ () C:\WINDOWS\system32\kooquocoukoom.exe 2014-02-08 17:33 - 2012-03-30 20:30 - 00665172 _____ () C:\WINDOWS\system32\TZLog.log 2014-02-08 17:33 - 2012-03-30 20:30 - 00389385 _____ () C:\WINDOWS\KB981793.log 2014-02-08 17:31 - 2001-07-22 01:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-02-06 11:29 - 2012-02-07 12:30 - 00032044 _____ () C:\WINDOWS\SchedLgU.Txt 2014-01-28 21:20 - 2014-01-19 11:54 - 00001733 _____ () C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk 2014-01-28 19:35 - 2012-02-07 12:51 - 00000000 ____D () C:\Documents and Settings\Pawel\Dane aplikacji\Skype 2014-01-25 13:59 - 2012-02-07 12:33 - 00000000 ___RD () C:\Documents and Settings\Pawel\Moje dokumenty\Moje obrazy 2014-01-25 13:58 - 2014-01-25 13:57 - 00739934 _____ () C:\Documents and Settings\Pawel\Pulpit\tarczyca.bmp 2014-01-25 12:19 - 2014-01-25 12:19 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit\fizjo zwierząt pytania 2014-01-25 10:05 - 2014-01-25 10:05 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit\pytania anatomia 2014-01-21 19:04 - 2001-07-22 01:16 - 00000611 _____ () C:\WINDOWS\win.ini 2014-01-21 18:55 - 2012-02-07 12:20 - 00015187 _____ () C:\WINDOWS\wmsetup.log 2014-01-19 13:53 - 2014-01-19 12:21 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit\Ania Marcin PŁYTA 2014-01-19 13:11 - 2014-01-19 13:11 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\kbjltkbi.sys 2014-01-19 13:09 - 2014-01-19 13:09 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\xxdbjslf.sys 2014-01-19 13:02 - 2014-01-19 13:02 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\tmadtwjl.sys 2014-01-19 12:54 - 2014-01-19 12:54 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\olnfnuhv.sys 2014-01-19 12:49 - 2012-07-01 10:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-01-19 12:18 - 2014-01-19 11:51 - 00000000 ____D () C:\Documents and Settings\Pawel\Pulpit\Ania Marcin DOM 2014-01-19 11:54 - 2014-01-19 11:54 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-01-19 11:54 - 2014-01-19 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Avast 2014-01-19 11:54 - 2012-02-07 13:08 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-01-19 11:54 - 2012-02-07 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-01-19 11:50 - 2012-02-07 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2014-01-19 11:45 - 2014-01-19 11:49 - 91412976 _____ (AVAST Software) C:\Documents and Settings\Pawel\Pulpit\avast_free_antivirus_setup.exe 2014-01-19 11:37 - 2014-01-19 11:37 - 00001919 _____ () C:\WINDOWS\epplauncher.mif 2014-01-19 11:37 - 2014-01-19 11:37 - 00001570 _____ () C:\WINDOWS\KB914882.log 2014-01-19 11:27 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\Mobogenie 2014-01-19 11:27 - 2014-01-19 11:22 - 00000000 ____D () C:\Program Files\Mobogenie 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\genienext 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\Ustawienia lokalne\Dane aplikacji\cache 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\Moje dokumenty\Mobogenie 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 ____D () C:\Documents and Settings\Pawel\.android 2014-01-19 11:23 - 2014-01-19 11:23 - 00000000 _____ () C:\Documents and Settings\Pawel\daemonprocess.txt 2014-01-19 11:23 - 2012-02-07 12:33 - 00000000 __RHD () C:\Documents and Settings\Pawel\Dane aplikacji 2014-01-19 11:23 - 2012-02-07 12:33 - 00000000 ___RD () C:\Documents and Settings\Pawel\Moje dokumenty 2014-01-19 11:23 - 2012-02-07 12:33 - 00000000 ____D () C:\Documents and Settings\Pawel Files to move or delete: ==================== C:\Documents and Settings\Pawel\xcqzq.exe C:\Documents and Settings\Pawel\ydwzro.exe Some content of TEMP: ==================== C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\0156.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\0383733.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\056281.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\070.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\1378126.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\1599679.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\197537.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\2224251.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\273492.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\2853070.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\389.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\4006.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\4067.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\4633529.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\5171.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\521950.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\580489.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\595.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\642952.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\710507.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\760498.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\799.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\84437.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\858612.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\899106.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\910883.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\929.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\96677.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\9810247.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\993.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\AskSLib.dll C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\AutoRun.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\AutoRunGUI.dll C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\drm_dialogs.dll C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\drm_dyndata_7400009.dll C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\EReg2HWDetect.dll C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\htmlayout.dll C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\ICReinstall_NeroLite_Downloader.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\mgsqlite3.dll C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\nero6009.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\Shortcut_bundlesweetimsetup.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\SIMEEI2Installer.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\SIMEEIInstaller.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\wordview_pl-pl.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\_isB1.exe C:\Documents and Settings\Pawel\Ustawienia lokalne\Temp\_isB2.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2004-08-03 23:44] - [2004-08-03 23:44] - 1033728 ____A (Microsoft Corporation) 379098a96e6c165b659de7e4328010ea C:\WINDOWS\system32\winlogon.exe [2004-08-03 23:44] - [2004-08-03 23:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\svchost.exe [2004-08-03 23:44] - [2004-08-03 23:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\services.exe [2012-03-24 13:38] - [2009-02-09 11:10] - 0111104 ____A (Microsoft Corporation) ed4e5391100287b9eabf8f2cf4b42235 C:\WINDOWS\system32\User32.dll [2004-08-03 23:44] - [2004-08-03 23:44] - 0578560 ____A (Microsoft Corporation) 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS\system32\userinit.exe [2012-03-24 13:38] - [2004-08-03 23:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396 C:\WINDOWS\system32\rpcss.dll [2004-08-03 23:44] - [2009-02-09 11:22] - 0399360 ____A (Microsoft Corporation) b5d78596effbeb82f3b86d9a002538e1 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2012-03-24 13:37] - [2004-08-03 23:36] - 0052864 ____A (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36 ==================== End Of Log ============================