OTL logfile created on: 2012-08-06 08:41:57 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Krzysiek\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 76,34% Memory free 4,84 Gb Paging File | 4,28 Gb Available in Paging File | 88,46% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 42,01 Gb Total Space | 5,28 Gb Free Space | 12,58% Space Free | Partition Type: NTFS Drive D: | 34,18 Gb Total Space | 2,16 Gb Free Space | 6,33% Space Free | Partition Type: NTFS Drive E: | 34,18 Gb Total Space | 10,84 Gb Free Space | 31,72% Space Free | Partition Type: NTFS Drive F: | 38,67 Gb Total Space | 17,99 Gb Free Space | 46,52% Space Free | Partition Type: NTFS Drive J: | 465,73 Gb Total Space | 313,19 Gb Free Space | 67,25% Space Free | Partition Type: NTFS Computer Name: KRZYSIEK-970C77 | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-05 23:17:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Desktop\OTL.exe PRC - [2012-07-18 13:45:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2012-03-07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2011-12-28 00:21:18 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011-12-28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2010-09-08 11:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe PRC - [2010-09-08 11:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe PRC - [2010-09-08 11:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe PRC - [2008-11-04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008-04-14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-12-13 20:10:56 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007-04-22 16:32:42 | 000,221,184 | ---- | M] (SafeBoot International) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2007-02-15 14:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe PRC - [2007-01-09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-08-06 07:50:49 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Local Settings\temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll MOD - [2012-07-18 13:45:29 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-06-14 08:48:44 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MOD - [2012-06-14 08:48:43 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll MOD - [2012-06-14 08:47:02 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012-06-14 08:46:51 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012-06-14 08:46:26 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll MOD - [2012-06-14 08:45:59 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll MOD - [2012-06-14 08:44:57 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012-06-14 08:44:53 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll MOD - [2012-06-14 08:44:47 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012-06-14 08:44:44 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012-05-13 17:34:14 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll MOD - [2012-05-13 17:34:06 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll MOD - [2012-05-13 17:34:02 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll MOD - [2012-05-13 17:33:01 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012-05-13 17:32:46 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll MOD - [2012-05-13 17:31:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012-05-13 17:30:29 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll MOD - [2012-05-13 17:30:23 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll MOD - [2012-05-13 17:30:13 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll MOD - [2012-05-13 17:29:24 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012-05-13 17:29:15 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012-05-13 17:28:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012-01-11 11:30:55 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011-12-28 00:21:18 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011-12-23 21:59:22 | 000,625,576 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll MOD - [2011-12-23 21:59:22 | 000,493,992 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll MOD - [2011-12-23 21:59:22 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll MOD - [2011-12-23 21:59:22 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll MOD - [2010-09-08 11:53:16 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll MOD - [2010-09-08 11:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe MOD - [2010-09-08 11:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe MOD - [2009-11-03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL MOD - [2006-12-03 14:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll -- (LiveUpdate Notice Service) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\driver\i386\services.exe -- (General-Services) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012-07-18 13:45:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-05-03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2010-09-08 11:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010-09-08 11:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010-09-08 11:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2008-11-04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2007-04-22 16:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007-02-15 14:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2007-02-07 03:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2006-09-13 15:54:02 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate) SRV - [2006-09-13 15:54:02 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Harmonogram automatycznej uslugi LiveUpdate) SRV - [2006-06-22 07:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012-08-05 22:26:24 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-03-14 08:40:04 | 000,104,160 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2012-03-14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2012-03-14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2011-12-08 06:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011-12-08 06:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011-12-08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011-12-08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011-12-08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2009-03-19 11:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2009-02-13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008-03-17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007-06-18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007-04-22 16:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007-04-22 16:24:58 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007-04-10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007-03-29 16:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007-03-01 13:00:50 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2007-02-27 10:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007-02-14 16:21:00 | 000,067,960 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007-01-23 22:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive) DRV - [2007-01-23 21:13:26 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007-01-02 15:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-10-19 01:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X) DRV - [2006-10-09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2006-07-24 00:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006-07-24 00:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1343024091-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-1343024091-789336058-839522115-1003\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1343024091-789336058-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1343024091-789336058-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NCLR_enPL485 IE - HKU\S-1-5-21-1343024091-789336058-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-1343024091-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1343024091-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.2 FF - prefs.js..extensions.enabledItems: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}:3.2.5.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..network.proxy.http: "174.142.24.201" FF - prefs.js..network.proxy.http_port: 3128 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-18 13:45:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-23 20:41:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-08-02 10:09:09 | 000,000,000 | ---D | M] [2008-08-27 02:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Application Data\Mozilla\Extensions [2012-08-06 08:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Application Data\Mozilla\Firefox\Profiles\6c866ajz.default\extensions [2011-02-12 21:58:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Krzysiek\Application Data\Mozilla\Firefox\Profiles\6c866ajz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-02-21 07:25:26 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Krzysiek\Application Data\Mozilla\Firefox\Profiles\6c866ajz.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2012-07-03 15:36:28 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Documents and Settings\Krzysiek\Application Data\Mozilla\Firefox\Profiles\6c866ajz.default\extensions\4ff2f44f709c3@4ff2f44f709fe.info [2012-06-02 16:55:34 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Documents and Settings\Krzysiek\Application Data\Mozilla\Firefox\Profiles\6c866ajz.default\extensions\fastdial@telega.phpnet.us [2012-08-05 20:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-05-25 21:26:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-07-18 13:45:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-03-09 16:59:15 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-09 16:59:15 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-03-09 16:59:15 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-03-09 16:59:15 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-03-09 16:59:15 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-03-09 16:59:15 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-08-06 07:43:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DownloadnSave Class) - {9AD41410-E097-56AA-1A6E-9084802A0187} - Reg Error: Value error. File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Krzysiek\Application Data\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found. O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKU\S-1-5-21-1343024091-789336058-839522115-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-1343024091-789336058-839522115-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-1343024091-789336058-839522115-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1343024091-789336058-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1343024091-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1343024091-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1343024091-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm () O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B99852-1220-4B3E-97F4-F14EF93339F5}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Krzysiek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krzysiek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-08-26 00:05:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-06 08:10:35 | 000,000,000 | ---D | C] -- C:\UsbFix [2012-08-06 08:10:20 | 001,269,804 | ---- | C] (El Desaparecido) -- C:\Documents and Settings\Krzysiek\Desktop\UsbFix.exe [2012-08-06 07:47:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012-08-06 07:25:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012-08-05 23:17:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Desktop\OTL.exe [2012-08-05 21:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Application Data\Malwarebytes [2012-08-05 21:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-08-05 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012-08-05 21:09:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012-08-05 21:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012-08-05 21:06:52 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Krzysiek\Desktop\mbam-setup-1.62.0.1300.exe [2012-08-02 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-08-02 10:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2012-08-02 09:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\036DFF61E54634B43AB6F1327B07D287 [2012-07-30 20:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Desktop\sesja brzuszkowa 2.07.2012 [2012-07-24 20:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Desktop\moje [2012-07-14 15:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Desktop\citeam [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-06 08:36:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-08-06 08:35:27 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-789336058-839522115-1003.job [2012-08-06 08:35:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-08-06 08:14:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-789336058-839522115-1003.job [2012-08-06 08:10:27 | 001,269,804 | ---- | M] (El Desaparecido) -- C:\Documents and Settings\Krzysiek\Desktop\UsbFix.exe [2012-08-06 07:50:34 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-08-06 07:43:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012-08-05 23:17:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Krzysiek\Desktop\OTL.exe [2012-08-05 23:12:36 | 000,614,903 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\adwcleaner.exe [2012-08-05 21:09:41 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012-08-05 21:08:50 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Krzysiek\Desktop\mbam-setup-1.62.0.1300.exe [2012-08-05 20:37:04 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-08-02 10:06:05 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hîsts [2012-08-01 22:08:30 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\Microsoft Office Word 2007.lnk [2012-07-30 20:37:52 | 000,092,423 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\552606_448681601829991_1737224052_n.jpg [2012-07-30 20:37:46 | 000,063,777 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\418654_448681341830017_1536069276_n.jpg [2012-07-30 20:37:33 | 000,075,167 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\299067_247182845313202_6042854_n.jpg [2012-07-30 20:37:23 | 000,098,685 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\268261_448685128496305_1994285657_n.jpg [2012-07-30 20:37:12 | 000,069,816 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\527256_448682151829936_655546051_n.jpg [2012-07-30 20:37:02 | 000,117,506 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\599803_448681878496630_910050445_n.jpg [2012-07-30 20:34:12 | 075,549,504 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\grupa 2.rar [2012-07-24 17:55:20 | 002,685,387 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\program cede2012 www.pdf [2012-07-23 17:11:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-07-23 17:11:31 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\Krzysiek\default.pls [2012-07-23 08:02:19 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk [2012-07-23 08:02:19 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\PhotoScape.lnk [2012-07-16 00:22:56 | 000,868,535 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Desktop\fizjoterapia_po_endoprotezoplastyce_stawu_biodrowego.pdf [2012-07-14 22:03:06 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk [2012-07-12 07:34:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-07-11 11:17:10 | 000,210,899 | ---- | M] () -- C:\Documents and Settings\Krzysiek\My Documents\CV- Krzysztof Piotrowski- fizjoterapia wyk.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-05 23:12:23 | 000,614,903 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\adwcleaner.exe [2012-08-05 21:09:41 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012-08-02 09:02:20 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{3644cdc6-4a1d-18b4-a15a-1cce3f077559}\U\00000001.@ [2012-07-30 20:37:52 | 000,092,423 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\552606_448681601829991_1737224052_n.jpg [2012-07-30 20:37:46 | 000,063,777 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\418654_448681341830017_1536069276_n.jpg [2012-07-30 20:37:33 | 000,075,167 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\299067_247182845313202_6042854_n.jpg [2012-07-30 20:37:22 | 000,098,685 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\268261_448685128496305_1994285657_n.jpg [2012-07-30 20:37:12 | 000,069,816 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\527256_448682151829936_655546051_n.jpg [2012-07-30 20:37:02 | 000,117,506 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\599803_448681878496630_910050445_n.jpg [2012-07-30 20:18:43 | 075,549,504 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\grupa 2.rar [2012-07-24 17:55:20 | 002,685,387 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\program cede2012 www.pdf [2012-07-23 07:28:25 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\PhotoScape.lnk [2012-07-16 22:47:30 | 000,113,972 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\team.jpg [2012-07-16 00:22:50 | 000,868,535 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Desktop\fizjoterapia_po_endoprotezoplastyce_stawu_biodrowego.pdf [2012-07-14 22:03:06 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk [2012-07-11 11:17:09 | 000,210,899 | ---- | C] () -- C:\Documents and Settings\Krzysiek\My Documents\CV- Krzysztof Piotrowski- fizjoterapia wyk.pdf [2012-05-13 17:45:22 | 000,456,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012-02-21 07:48:54 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-02-15 12:22:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-01-29 05:06:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-12-23 21:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011-12-23 21:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011-12-23 21:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011-12-23 21:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011-12-23 21:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011-08-04 14:06:29 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Krzysiek\default.pls [2011-06-27 12:27:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\BSL.INI [2011-03-11 01:46:44 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Krzysiek\.rnd [2011-02-28 23:17:00 | 000,053,796 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008-12-08 17:21:36 | 000,137,196 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2008-08-27 02:30:54 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-08-20 15:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml [2006-02-28 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{3644cdc6-4a1d-18b4-a15a-1cce3f077559}\@ [2006-02-28 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Krzysiek\Local Settings\Application Data\{3644cdc6-4a1d-18b4-a15a-1cce3f077559}\@ [color=#E56717]========== LOP Check ==========[/color] [2012-08-03 21:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF61E54634B43AB6F1327B07D287 [2012-08-02 10:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2008-08-26 00:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon [2011-12-24 10:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2012-07-03 15:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium [2008-11-18 15:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI [2012-01-24 05:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2009-01-28 18:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010-10-02 01:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2011-01-08 15:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital [2010-06-05 14:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009-11-28 14:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009-05-19 23:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2012-06-24 14:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\BESTplayer [2008-08-27 02:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\BitSpirit [2009-11-30 22:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Command & Conquer 3 Kane's Wrath [2009-12-27 16:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\CoSoSys [2012-08-05 20:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Cream Software [2008-09-17 12:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\DAEMON Tools [2012-04-12 09:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\eLDEPuj [2009-12-18 00:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\ESET [2008-08-27 01:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Gadu-Gadu [2009-12-25 15:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Gadu-Gadu 10 [2012-05-21 11:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\GHISLER [2010-11-22 22:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Groove Games [2008-08-26 00:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Infineon [2012-05-23 13:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\PhotoScape [2010-11-22 08:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\RayV [2012-01-29 04:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Samsung [2012-07-03 15:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\SendSpace [2009-12-15 01:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Sports Interactive [2011-08-22 09:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\uTorrent [2010-10-02 01:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Application Data\Vodafone [2010-10-02 01:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone [color=#E56717]========== Purity Check ==========[/color] < End of report >