Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Administrator (administrator) on NIGTELLIOS on 15-02-2014 17:37:01
Running from C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\PirritSuggestor\PirritService.exe
() C:\Program Files\Pirrit\AutoUpdater.exe
() C:\WINDOWS\system32\PnkBstrA.exe
() C:\WINDOWS\System32\PAStiSvc.exe
() C:\Program Files\WLAN_Software\ZD1211B\ZDWLan.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Valve Corporation) D:\Program Files\Steam\Steam.exe
() C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\PirritSuggestor\PirritDesktop.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ZDWLan_Utility] - C:\Program Files\WLAN_Software\ZD1211B\ZDWLan.EXE [487424 2008-08-21] ()
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [18063872 2008-12-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GEST] - =
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [92168 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [BambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [327680 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [122880 2013-04-16] (Saitek)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15708448 2013-12-19] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [376096 2013-12-19] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-12-19] ()
HKLM\...\Run: [NvBackend] - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKU\S-1-5-21-839522115-2052111302-2146896963-500\...\Run: [Core Temp] - C:\Program Files\Core Temp\Core Temp.exe [763856 2012-10-14] ()
HKU\S-1-5-21-839522115-2052111302-2146896963-500\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-839522115-2052111302-2146896963-500\...\MountPoints2: H - H:\Setup.exe
HKU\S-1-5-21-839522115-2052111302-2146896963-500\...\MountPoints2: {833cb9f2-56c1-11e3-bbbe-0024d25e855c} - H:\Startme.exe
HKU\S-1-5-21-839522115-2052111302-2146896963-500\...\MountPoints2: {96069824-687e-11e2-8860-a09a1dd1ef12} - H:\Setup.exe
AppInit_DLLs: c:\progra~1\movies~1\safety~1\safety~2.dll => File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9881
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=SAMSUNG_HD502HJ_S20BJ90B725788&ts=1359298928
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default
FF Homepage: https://www.google.com/webhp?hl=pl&tab=cw
FF Keyword.URL: https://www.google.com/webhp?hl=pl&tab=cw
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\RobloxVersions\version-8031f568a8214a5f\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\searchplugins\dodatki-dla-firefox.xml
FF Extension: Battlefield Play4Free - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\Extensions\battlefieldplay4free@ea.com [2013-08-07]
FF Extension: SaveSense - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} [2014-01-11]
FF Extension: anonymoX - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\Extensions\client@anonymox.net.xpi [2013-11-17]
FF Extension: Add Google Search To New Tab Page - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2013-06-02]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\Extensions\suggestor@pirrit.com.xpi [2013-11-16]
FF Extension: Pirrit Suggestor - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\Extensions\suggestor@suggestor.pirrit.com.xpi [2013-12-03]
FF Extension: Stylish - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-11-15]
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\k6lxwlrt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013-10-25]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013-10-25]

Chrome: 
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-104&v=n9602-169&t=4
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-104&v=n9602-169&t=4"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Roblox Launcher Plugin) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\RobloxVersions\version-bac2ef28b67142d0\\NPRobloxProxy.dll No File
CHR Plugin: (Unity Player) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Pirrit Suggestor) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc [2013-11-16]
CHR Extension: (Anonymous Web Surfing) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dngfidjcppkndibjldacllohbaegmbpo [2013-11-24]
CHR Extension: (Ghostery) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-11-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM\...\Chrome\Extension: [khcceooakamlehbimaepcldnnlnkcmfk] - C:\Program Files\SaveSense\SaveSense.crx [2013-09-06]

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 PirritDesktop; C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\PirritSuggestor\PirritService.exe [52568 2014-02-14] ()
R2 PirritUpdater; C:\Program Files\Pirrit\AutoUpdater.exe [55296 2014-01-10] ()
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2013-11-25] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [53248 2005-01-14] ()
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [526208 2012-11-14] (Wacom Technology, Corp.)
S3 DAUpdaterSvc; D:\Program Files\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-27] (DT Soft Ltd)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\DRIVERS\evolve.sys [18584 2013-06-01] (Echobit, LLC)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2013-02-14] (Windows (R) 2000 DDK provider)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidkmdf; C:\WINDOWS\System32\DRIVERS\hidkmdf.sys [11680 2012-10-12] (Windows (R) Win 7 DDK provider)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-30] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-30] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-30] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [129312 2013-11-28] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation)
S3 PAC207; C:\WINDOWS\System32\DRIVERS\pfc027.sys [162176 2005-04-08] ()
R3 SaiK1708; C:\WINDOWS\System32\DRIVERS\SaiK1708.sys [145216 2012-09-20] (Saitek)
R3 SaiMini; C:\WINDOWS\System32\DRIVERS\SaiMini.sys [23200 2013-04-30] (Saitek)
R3 SaiNtBus; C:\WINDOWS\System32\drivers\SaiBus.sys [46624 2013-04-30] (Saitek)
R3 SaiU1708; C:\WINDOWS\System32\DRIVERS\SaiU1708.sys [41280 2012-09-20] (Saitek)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-03-29] (AnchorFree Inc)
S3 WacHidRouter; C:\WINDOWS\System32\DRIVERS\wachidrouter.sys [69024 2012-10-12] (Wacom Technology)
S3 wacomrouterfilter; C:\WINDOWS\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-10-12] (Wacom Technology)
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22792 2009-09-11] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31752 2009-09-11] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [14984 2009-09-11] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66056 2009-09-11] (Logitech Inc.)
R3 ZD1211BU(Atheros); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [735232 2008-09-23] (Atheros Communications, Inc.)
R3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2013-01-27] (Printing Communications Assoc., Inc. (PCAUSA))
R3 ALSysIO; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\ALSysIO.sys [X]
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; 
S3 XDva401; \??\C:\WINDOWS\system32\XDva401.sys [X]
U3 uwtiqfow; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\uwtiqfow.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 17:37 - 2014-02-15 17:37 - 00064626 _____ () C:\Documents and Settings\Administrator\Pulpit\Extras.Txt
2014-02-15 17:36 - 2014-02-15 17:36 - 00085650 _____ () C:\Documents and Settings\Administrator\Pulpit\OTL.Txt
2014-02-15 17:32 - 2014-02-15 17:37 - 00000000 ____D () C:\FRST
2014-02-15 15:06 - 2014-02-15 15:06 - 00000544 _____ () C:\Documents and Settings\All Users\Pulpit\Steam.lnk
2014-02-15 15:06 - 2014-02-15 15:06 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Steam
2014-02-15 12:23 - 2014-02-15 12:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 20:39 - 2014-02-15 14:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\PirritSuggestor
2014-02-05 15:52 - 2014-02-05 15:52 - 03544968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-01-29 23:51 - 2013-12-19 21:17 - 00018657 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-01-29 23:40 - 2013-12-19 21:17 - 01049888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3233221.dll
2014-01-29 23:40 - 2013-12-19 21:17 - 00893728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3233221.dll
2014-01-27 13:23 - 2014-01-27 13:23 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-27 13:23 - 2014-01-27 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java
2014-01-27 13:23 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-27 13:23 - 2013-12-18 20:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-24 02:46 - 2014-01-24 02:46 - 00153775 _____ () C:\Documents and Settings\Administrator\Moje dokumenty\ts3_clientui-win32-1382530211-2014-01-24 02_46_46..dmp
2014-01-21 18:04 - 2014-01-21 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Bohemia Interactive Studio
2014-01-21 17:58 - 2014-01-21 18:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ArmA 2
2014-01-18 21:30 - 2013-11-19 21:30 - 00000032 ____R () C:\Documents and Settings\All Users\hash.dat
2014-01-18 13:44 - 2014-01-18 13:44 - 00000000 ____D () C:\Program Files\Dotjosh Studios
2014-01-18 13:44 - 2014-01-18 13:44 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Dotjosh Studios
2014-01-18 13:44 - 2014-01-18 13:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DayZCommander
2014-01-18 13:04 - 2014-01-21 17:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Menu Start\Programy\Bohemia Interactive
2014-01-18 13:02 - 2014-01-21 18:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ArmA 2 OA
2014-01-18 13:02 - 2014-01-21 17:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\ArmA 2

==================== One Month Modified Files and Folders =======

2014-02-15 17:37 - 2014-02-15 17:37 - 00064626 _____ () C:\Documents and Settings\Administrator\Pulpit\Extras.Txt
2014-02-15 17:37 - 2014-02-15 17:32 - 00000000 ____D () C:\FRST
2014-02-15 17:37 - 2013-01-27 15:03 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
2014-02-15 17:37 - 2013-01-27 13:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit
2014-02-15 17:36 - 2014-02-15 17:36 - 00085650 _____ () C:\Documents and Settings\Administrator\Pulpit\OTL.Txt
2014-02-15 17:28 - 2013-03-18 14:41 - 00038864 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-02-15 17:19 - 2013-01-27 14:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Pulpit\Pliki
2014-02-15 17:19 - 2013-01-27 14:56 - 00000000 ___RD () C:\Documents and Settings\Administrator\Pulpit\Obrazy
2014-02-15 17:15 - 2014-01-11 20:15 - 00000432 _____ () C:\WINDOWS\Tasks\At1.job
2014-02-15 17:15 - 2013-06-25 20:49 - 00001050 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-15 16:52 - 2013-01-29 22:39 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-15 16:49 - 2013-09-22 18:44 - 00001034 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-839522115-2052111302-2146896963-500UA.job
2014-02-15 16:29 - 2013-01-27 14:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Pulpit\Programy
2014-02-15 15:39 - 2013-03-16 10:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\TS3Client
2014-02-15 15:38 - 2013-01-27 14:24 - 01086192 _____ () C:\WINDOWS\setupapi.log
2014-02-15 15:06 - 2014-02-15 15:06 - 00000544 _____ () C:\Documents and Settings\All Users\Pulpit\Steam.lnk
2014-02-15 15:06 - 2014-02-15 15:06 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Steam
2014-02-15 15:06 - 2013-01-27 14:26 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-02-15 15:06 - 2013-01-27 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-02-15 14:31 - 2013-11-16 21:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Pirrit
2014-02-15 14:18 - 2013-01-27 13:39 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji
2014-02-15 14:15 - 2014-02-14 20:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\PirritSuggestor
2014-02-15 14:06 - 2013-01-27 13:33 - 00405284 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-15 14:00 - 2013-06-25 20:49 - 00001046 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 14:00 - 2013-06-02 13:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 14:00 - 2013-01-27 14:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-15 14:00 - 2013-01-27 14:29 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-02-15 14:00 - 2013-01-27 13:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-15 13:40 - 2013-01-27 15:03 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\AIMP3
2014-02-15 12:23 - 2014-02-15 12:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 02:26 - 2013-01-27 13:39 - 00032424 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-15 02:26 - 2013-01-27 13:39 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-14 20:39 - 2013-01-27 13:39 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
2014-02-14 19:49 - 2013-09-22 18:44 - 00001012 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-839522115-2052111302-2146896963-500Core.job
2014-02-13 16:16 - 2013-06-09 09:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\GG
2014-02-10 16:12 - 2001-07-22 01:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-09 23:49 - 2013-01-27 16:34 - 00764240 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2014-02-09 23:49 - 2013-01-27 13:39 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji
2014-02-08 10:28 - 2013-01-27 14:55 - 00000000 ___RD () C:\Documents and Settings\Administrator\Pulpit\Muzyka
2014-02-05 15:52 - 2014-02-05 15:52 - 03544968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-05 15:52 - 2013-01-29 22:39 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 15:52 - 2013-01-29 22:39 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-03 23:06 - 2013-01-27 15:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2014-02-02 21:10 - 2013-07-19 23:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\vlc
2014-01-30 00:02 - 2013-01-27 14:21 - 01135076 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-01-30 00:02 - 2013-01-27 14:21 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-01-30 00:01 - 2013-01-27 14:21 - 01135076 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-01-29 23:56 - 2013-01-27 13:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-01-29 16:20 - 2013-05-01 17:17 - 00281768 _____ () C:\WINDOWS\system32\PnkBstrB.xtr
2014-01-29 16:20 - 2013-05-01 13:00 - 00281768 _____ () C:\WINDOWS\system32\PnkBstrB.exe
2014-01-29 16:20 - 2013-05-01 13:00 - 00139832 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2014-01-29 15:37 - 2013-05-01 13:00 - 00282296 _____ () C:\WINDOWS\system32\PnkBstrB.ex0
2014-01-29 15:37 - 2013-01-27 15:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Euro Truck Simulator 2
2014-01-27 13:23 - 2014-01-27 13:23 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-27 13:23 - 2014-01-27 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java
2014-01-27 13:23 - 2013-06-26 11:18 - 00000000 ____D () C:\Program Files\Java
2014-01-27 13:23 - 2013-01-27 14:26 - 00006790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-27 13:23 - 2001-10-26 19:15 - 00612458 _____ () C:\WINDOWS\system32\perfh015.dat
2014-01-27 13:23 - 2001-10-26 19:15 - 00132596 _____ () C:\WINDOWS\system32\perfc015.dat
2014-01-25 18:52 - 2013-08-25 20:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Origin
2014-01-25 18:52 - 2013-08-25 20:42 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Origin
2014-01-25 18:51 - 2013-08-25 20:42 - 00000000 ____D () C:\Program Files\Origin
2014-01-24 02:46 - 2014-01-24 02:46 - 00153775 _____ () C:\Documents and Settings\Administrator\Moje dokumenty\ts3_clientui-win32-1382530211-2014-01-24 02_46_46..dmp
2014-01-22 12:10 - 2013-01-27 23:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe
2014-01-22 03:29 - 2013-02-12 01:04 - 01770674 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-839522115-2052111302-2146896963-500-0.dat
2014-01-22 03:29 - 2013-02-12 01:04 - 00399450 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
2014-01-21 18:05 - 2014-01-18 13:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ArmA 2 OA
2014-01-21 18:04 - 2014-01-21 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Bohemia Interactive Studio
2014-01-21 18:04 - 2013-01-27 14:24 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-01-21 18:00 - 2014-01-21 17:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ArmA 2
2014-01-21 17:58 - 2014-01-18 13:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Menu Start\Programy\Bohemia Interactive
2014-01-21 17:58 - 2014-01-18 13:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\ArmA 2
2014-01-21 17:57 - 2013-01-27 13:33 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-01-20 16:07 - 2013-01-27 13:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy
2014-01-18 13:44 - 2014-01-18 13:44 - 00000000 ____D () C:\Program Files\Dotjosh Studios
2014-01-18 13:44 - 2014-01-18 13:44 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Dotjosh Studios
2014-01-18 13:44 - 2014-01-18 13:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DayZCommander
2014-01-18 13:27 - 2013-01-27 13:39 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty

Files to move or delete:
====================
C:\Documents and Settings\All Users\hash.dat
C:\Windows\Tasks\At1.job


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-03 23:44] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2004-08-03 23:44] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2004-08-03 23:44] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2004-08-03 23:44] - [2008-04-14 22:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea 

C:\WINDOWS\system32\User32.dll
[2004-08-03 23:44] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2004-08-03 23:44] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2004-08-03 23:44] - [2008-04-14 22:50] - 0399360 ____A (Microsoft Corporation) 02396dab9dd407b06539981f477f3fec 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-03 23:36] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================