Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 ([color=red]ATTENTION: ====> FRST version is 28 days old and could be outdated[/color]) Ran by Admin (administrator) on MICHALAK on 10-04-2014 09:06:23 Running from C:\Documents and Settings\Admin\Pulpit Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe (ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Zenographics) C:\WINDOWS\system32\zstatus.exe (Software 2000 Limited) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Hewlett-Packard Company) C:\Program Files\HP\HP UT\bin\hppusg.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe () C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe (Nero AG) C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16126464 2007-03-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-02-09] (Sun Microsystems, Inc.) HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [HPUsageTracking] - C:\Program Files\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company) HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1721480 2013-04-30] (Ask) HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-11-06] (Kaspersky Lab ZAO) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [CryptoCard Suite Cert Monitor] - C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe [524800 2012-05-08] () HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u HKLM\...\RunOnce: [XP_EOS] - C:\WINDOWS\system32\xp_eos.exe /r [13312 2014-02-27] (Microsoft Corporation) Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-2052111302-602609370-839522115-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [94208 2005-10-28] (Nero AG) HKU\S-1-5-21-2052111302-602609370-839522115-1004\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-29] (Google Inc.) Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\HP Print View Resource Center.lnk ShortcutTarget: HP Print View Resource Center.lnk -> C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ARS&o=15084&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=AG&apn_dtid=YYYYYYYYPL&apn_uid=B1EA3BD0-8823-457F-82F2-5BE0A9B382AA&apn_sauid=21BA694E-1EDE-442B-8DD6-E64E7B9E5EBE SearchScopes: HKCU - {41241E42-4CCD-47DF-A6D7-59481704A1AF} URL = http://www.nasza-klasa.pl/szukaj/profile?q={searchTerms} SearchScopes: HKCU - {58F02159-811E-489B-BEBD-24CDC81782EA} URL = http://www.facebook.com/search/?q={searchTerms} SearchScopes: HKCU - {7F8EF4BE-8809-438C-BEAF-E4E7788DFE18} URL = http://www.allegro.pl/search.php?sg=0&string={searchTerms} SearchScopes: HKCU - {B1DEE03C-FFF7-46D4-9A8D-1033E720FACF} URL = http://pl.wikipedia.org/w/index.php?title=Specjalna:Szukaj&search={searchTerms} SearchScopes: HKCU - {F6DDF9F3-D308-4AA6-B38C-CEC65BD372EB} URL = http://www.idg.pl/szukaj/default.asp?cx=005416299804844657847%3A24ty2mhze6s&cof=FORID%3A11&ie=UTF-8&q={searchTerms}&sa=Szukaj BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Krajowa Izba Rozliczeniowa S.A\SZAFIR 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Plk/InstFred.ocx DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Plk/AcDcToday.ocx DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Plk/AcPreview.ocx Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 217.172.224.160 89.231.1.206 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\5j7alf8e.default-1396599383921 FF SelectedSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF DefaultSearchEngine: Ask.com FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2061 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1059 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-02-09] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-08-10] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-08-10] FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-08-10] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO) CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO) CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-08-31] CHR Extension: (Klawiatura wirtualna) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-08-31] CHR Extension: (Blokowanie banerów) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-08-31] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-09-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-09-28] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-09-28] ========================== Services (Whitelisted) ================= R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [241664 2006-09-04] (ASUSTeK COMPUTER INC.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-11-06] (Kaspersky Lab ZAO) S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-02-09] (Sun Microsystems, Inc.) ==================== Drivers (Whitelisted) ==================== R1 asuskbnt; C:\WINDOWS\System32\drivers\atkkbnt.sys [11008 2005-10-18] (ASUSTeK COMPUTER INC.) R3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [38656 2007-03-15] (Attansic Technology corporation.) S3 cxbu0wdm; C:\WINDOWS\System32\DRIVERS\cxbu0wdm.sys [119040 2011-09-06] (HID Global Corporation) R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2006-06-14] (ASUSTeK Computer Inc.) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [20400 1999-10-21] (EnTech Taiwan) R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\WINDOWS\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [565552 2012-08-10] (Kaspersky Lab) R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [34608 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [19472 2009-11-02] (Kaspersky Lab) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 catchme; \??\C:\DOCUME~1\Admin\USTAWI~1\Temp\catchme.sys [X] U2 CertPropSvc; S4 InCDFs; system32\drivers\InCDFs.sys [X] S1 InCDPass; system32\drivers\InCDPass.sys [X] S1 InCDRm; system32\drivers\InCDRm.sys [X] S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-10 09:06 - 2014-04-10 09:06 - 00017312 _____ () C:\Documents and Settings\Admin\Pulpit\FRST.txt 2014-04-10 08:57 - 2014-04-10 08:57 - 00006183 _____ () C:\WINDOWS\FaxSetup.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00002367 _____ () C:\WINDOWS\tsoc.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00002026 _____ () C:\WINDOWS\comsetup.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00001586 _____ () C:\WINDOWS\setupapi.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00001232 _____ () C:\WINDOWS\ntdtcsetup.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000970 _____ () C:\WINDOWS\iis6.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000386 _____ () C:\WINDOWS\ocmsn.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-04-04 11:14 - 2014-04-04 11:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-04 10:16 - 2014-04-04 10:16 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Stare dane programu Firefox 2014-04-03 12:10 - 2014-04-02 06:53 - 00380416 _____ () C:\Documents and Settings\Admin\Pulpit\GMER.exe 2014-04-01 14:53 - 2014-04-10 09:06 - 00000000 ____D () C:\FRST 2014-04-01 14:42 - 2014-04-01 14:41 - 01145856 _____ (Farbar) C:\Documents and Settings\Admin\Pulpit\FRST.exe 2014-04-01 14:42 - 2014-04-01 14:41 - 00987448 _____ () C:\Documents and Settings\Admin\Pulpit\SecurityCheck.exe 2014-04-01 14:42 - 2014-04-01 14:41 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Admin\Pulpit\OTL.exe 2014-04-01 14:00 - 2014-04-01 14:00 - 00009998 _____ () C:\ComboFix.txt 2014-04-01 13:53 - 2014-04-01 13:53 - 00000000 _RSHD () C:\cmdcons 2014-04-01 13:53 - 2007-11-16 12:55 - 00000211 _____ () C:\Boot.bak 2014-04-01 13:53 - 2004-08-03 23:00 - 00262400 __RSH () C:\cmldr 2014-04-01 13:52 - 2014-04-01 14:00 - 00000000 ____D () C:\Qoobox 2014-04-01 13:52 - 2014-04-01 14:00 - 00000000 ____D () C:\ComboFix 2014-04-01 13:52 - 2014-04-01 13:59 - 00000000 ____D () C:\WINDOWS\erdnt 2014-04-01 13:52 - 2014-04-01 13:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty\Moje wideo 2014-04-01 13:52 - 2014-04-01 13:52 - 00000000 ___RD () C:\Documents and Settings\Admin\Moje dokumenty\Moje wideo 2014-04-01 13:52 - 2014-04-01 13:52 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy\Narzędzia administracyjne 2014-04-01 13:52 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-04-01 13:52 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-04-01 13:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-04-01 13:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-04-01 13:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-04-01 13:52 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-04-01 13:52 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-04-01 13:52 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-04-01 13:52 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-04-01 13:51 - 2014-04-01 13:50 - 05192353 ____R (Swearware) C:\Documents and Settings\Admin\Pulpit\ComboFix.exe 2014-04-01 13:22 - 2014-04-01 13:22 - 00000682 _____ () C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk 2014-04-01 13:22 - 2014-04-01 13:22 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-01 13:22 - 2014-04-01 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-04-01 13:21 - 2014-04-01 13:16 - 04787368 _____ (Piriform Ltd) C:\Documents and Settings\Admin\Pulpit\ccsetup412.exe 2014-04-01 13:05 - 2014-04-01 13:05 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\TeamViewer 2014-04-01 13:05 - 2014-04-01 13:03 - 06129496 _____ (TeamViewer GmbH) C:\Documents and Settings\Admin\Pulpit\TeamViewer_Setup_pl.exe 2014-04-01 11:28 - 2014-04-01 11:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-04-01 11:18 - 2014-04-01 14:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-04-01 11:18 - 2014-04-01 11:19 - 00000000 ___SD () C:\Documents and Settings\Administrator 2014-04-01 11:18 - 2014-04-01 11:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-04-01 11:18 - 2014-04-01 11:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-04-01 11:18 - 2014-04-01 11:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Szablony 2014-04-01 11:18 - 2014-04-01 11:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji 2014-04-01 11:18 - 2014-04-01 11:18 - 00000000 ____D () C:\Documents and Settings\Administrator\IETldCache 2014-04-01 10:36 - 2014-04-10 08:57 - 00019614 _____ () C:\WINDOWS\KB2934207.log 2014-03-24 16:06 - 2014-02-27 01:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-24 16:06 - 2014-02-27 01:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-14 09:45 - 2014-03-14 09:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-14 09:45 - 2014-03-14 09:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ ==================== One Month Modified Files and Folders ======= 2014-04-10 09:07 - 2011-06-07 12:11 - 00000234 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job 2014-04-10 09:06 - 2014-04-10 09:06 - 00017312 _____ () C:\Documents and Settings\Admin\Pulpit\FRST.txt 2014-04-10 09:06 - 2014-04-01 14:53 - 00000000 ____D () C:\FRST 2014-04-10 09:06 - 2012-08-10 08:14 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2014-04-10 09:06 - 2010-11-17 10:28 - 00000488 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A2526DD2-C0FE-487D-B781-32C673AA0A0E}.job 2014-04-10 09:06 - 2007-11-16 13:05 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit 2014-04-10 09:03 - 2012-04-10 09:46 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-10 08:57 - 2014-04-10 08:57 - 00006183 _____ () C:\WINDOWS\FaxSetup.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00002367 _____ () C:\WINDOWS\tsoc.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00002026 _____ () C:\WINDOWS\comsetup.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00001586 _____ () C:\WINDOWS\setupapi.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00001232 _____ () C:\WINDOWS\ntdtcsetup.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000970 _____ () C:\WINDOWS\iis6.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000386 _____ () C:\WINDOWS\ocmsn.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-04-10 08:57 - 2014-04-10 08:57 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-04-10 08:57 - 2014-04-01 10:36 - 00019614 _____ () C:\WINDOWS\KB2934207.log 2014-04-10 08:57 - 2007-11-16 12:59 - 02004418 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-10 08:54 - 2010-11-16 17:30 - 00000462 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A28CD6FB-1E9A-47C1-9191-E62F0A51B2C6}.job 2014-04-10 08:52 - 2011-09-29 11:20 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-10 08:52 - 2007-11-16 13:53 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-04-10 08:52 - 2007-11-16 13:53 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-04-10 08:51 - 2007-11-16 13:03 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-10 08:51 - 2006-03-02 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-04 12:31 - 2011-09-29 11:20 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-04 12:11 - 2012-05-18 09:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-04 12:01 - 2007-11-16 13:03 - 00032382 _____ () C:\WINDOWS\SchedLgU.Txt 2014-04-04 11:28 - 2013-08-20 11:05 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-04 11:23 - 2007-11-22 14:20 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-04 11:15 - 2014-04-04 11:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-04 10:36 - 2011-03-01 12:33 - 00000000 ____D () C:\Program Files\Belimo SelectPro 2014-04-04 10:30 - 2012-11-26 10:09 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-04-04 10:29 - 2011-12-16 16:28 - 00000000 ____D () C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie 2014-04-04 10:16 - 2014-04-04 10:16 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\Stare dane programu Firefox 2014-04-04 10:00 - 2011-09-29 11:20 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google 2014-04-03 16:57 - 2007-11-16 13:05 - 00000292 ___SH () C:\Documents and Settings\Admin\ntuser.ini 2014-04-02 16:17 - 2013-11-15 12:35 - 00601432 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2014-04-02 16:17 - 2007-11-16 13:03 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2014-04-02 06:53 - 2014-04-03 12:10 - 00380416 _____ () C:\Documents and Settings\Admin\Pulpit\GMER.exe 2014-04-01 14:41 - 2014-04-01 14:42 - 01145856 _____ (Farbar) C:\Documents and Settings\Admin\Pulpit\FRST.exe 2014-04-01 14:41 - 2014-04-01 14:42 - 00987448 _____ () C:\Documents and Settings\Admin\Pulpit\SecurityCheck.exe 2014-04-01 14:41 - 2014-04-01 14:42 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Admin\Pulpit\OTL.exe 2014-04-01 14:00 - 2014-04-01 14:00 - 00009998 _____ () C:\ComboFix.txt 2014-04-01 14:00 - 2014-04-01 13:52 - 00000000 ____D () C:\Qoobox 2014-04-01 14:00 - 2014-04-01 13:52 - 00000000 ____D () C:\ComboFix 2014-04-01 14:00 - 2014-04-01 11:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-04-01 14:00 - 2007-11-16 13:50 - 00000000 __RHD () C:\Documents and Settings\Default User\Ustawienia lokalne 2014-04-01 14:00 - 2007-11-16 13:05 - 00000000 ___HD () C:\Documents and Settings\Admin\Ustawienia lokalne 2014-04-01 14:00 - 2007-11-16 13:03 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne 2014-04-01 14:00 - 2007-11-16 13:03 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne 2014-04-01 13:59 - 2014-04-01 13:52 - 00000000 ____D () C:\WINDOWS\erdnt 2014-04-01 13:59 - 2006-03-02 14:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-04-01 13:58 - 2007-11-16 13:05 - 00000000 ____D () C:\Documents and Settings\Admin 2014-04-01 13:54 - 2007-11-16 13:05 - 00000000 __RHD () C:\Documents and Settings\Admin\Dane aplikacji 2014-04-01 13:53 - 2014-04-01 13:53 - 00000000 _RSHD () C:\cmdcons 2014-04-01 13:53 - 2007-11-16 13:49 - 00000327 __RSH () C:\boot.ini 2014-04-01 13:52 - 2014-04-01 13:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty\Moje wideo 2014-04-01 13:52 - 2014-04-01 13:52 - 00000000 ___RD () C:\Documents and Settings\Admin\Moje dokumenty\Moje wideo 2014-04-01 13:52 - 2014-04-01 13:52 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy\Narzędzia administracyjne 2014-04-01 13:52 - 2007-11-16 13:50 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2014-04-01 13:52 - 2007-11-16 13:05 - 00000000 ___RD () C:\Documents and Settings\Admin\Moje dokumenty 2014-04-01 13:52 - 2007-11-16 13:05 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy 2014-04-01 13:50 - 2014-04-01 13:51 - 05192353 ____R (Swearware) C:\Documents and Settings\Admin\Pulpit\ComboFix.exe 2014-04-01 13:24 - 2010-04-26 08:48 - 00000000 ____D () C:\WINDOWS\Minidump 2014-04-01 13:24 - 2009-03-16 12:47 - 00000000 ____D () C:\Program Files\PDFCreator 2014-04-01 13:22 - 2014-04-01 13:22 - 00000682 _____ () C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk 2014-04-01 13:22 - 2014-04-01 13:22 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-01 13:22 - 2014-04-01 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-04-01 13:22 - 2007-11-16 13:50 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-04-01 13:22 - 2007-11-16 13:50 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-04-01 13:21 - 2013-10-11 09:33 - 00002401 _____ () C:\Documents and Settings\Admin\Pulpit\Menedżer komponentu technicznego.lnk 2014-04-01 13:20 - 2011-06-07 12:11 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\AskToolbar 2014-04-01 13:19 - 2014-02-04 09:37 - 00002449 _____ () C:\Documents and Settings\All Users\Pulpit\Opłaty Środowiskowe.lnk 2014-04-01 13:19 - 2007-11-16 13:57 - 00000334 _____ () C:\WINDOWS\wincmd.ini 2014-04-01 13:16 - 2014-04-01 13:21 - 04787368 _____ (Piriform Ltd) C:\Documents and Settings\Admin\Pulpit\ccsetup412.exe 2014-04-01 13:05 - 2014-04-01 13:05 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\TeamViewer 2014-04-01 13:03 - 2014-04-01 13:05 - 06129496 _____ (TeamViewer GmbH) C:\Documents and Settings\Admin\Pulpit\TeamViewer_Setup_pl.exe 2014-04-01 13:00 - 2007-11-16 13:51 - 01126018 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-01 13:00 - 2006-03-02 14:00 - 00503992 _____ () C:\WINDOWS\system32\perfh015.dat 2014-04-01 13:00 - 2006-03-02 14:00 - 00090568 _____ () C:\WINDOWS\system32\perfc015.dat 2014-04-01 11:28 - 2014-04-01 11:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-04-01 11:23 - 2007-11-16 13:03 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-04-01 11:23 - 2007-11-16 13:03 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-04-01 11:23 - 2007-11-16 12:57 - 00000000 ____D () C:\WINDOWS\Registration 2014-04-01 11:19 - 2014-04-01 11:18 - 00000000 ___SD () C:\Documents and Settings\Administrator 2014-04-01 11:19 - 2014-04-01 11:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-04-01 11:19 - 2014-04-01 11:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-04-01 11:19 - 2014-04-01 11:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Szablony 2014-04-01 11:19 - 2014-04-01 11:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji 2014-04-01 11:18 - 2014-04-01 11:18 - 00000000 ____D () C:\Documents and Settings\Administrator\IETldCache 2014-03-17 10:32 - 2014-02-27 17:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-17 10:31 - 2011-10-05 12:34 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-03-14 10:01 - 2007-11-16 13:49 - 00217656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-14 10:00 - 2011-06-10 15:39 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-03-14 09:45 - 2014-03-14 09:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-14 09:45 - 2014-03-14 09:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-14 09:45 - 2010-11-16 17:27 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-13 12:03 - 2012-04-10 09:46 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-13 12:03 - 2011-09-22 11:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2006-03-02 14:00] - [2008-04-14 19:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2006-03-02 14:00] - [2008-04-14 19:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00] - [2008-04-14 19:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2006-03-02 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2006-03-02 14:00] - [2008-04-14 19:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2006-03-02 14:00] - [2008-04-14 19:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2006-03-02 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2006-03-02 14:00] - [2008-04-14 18:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================