OTL logfile created on: 2011-09-11 21:46:04 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Borysław\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,24% Memory free 4,23 Gb Paging File | 3,04 Gb Available in Paging File | 71,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 318,92 Gb Free Space | 68,47% Space Free | Partition Type: NTFS Computer Name: POWER | User Name: Borysław | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-09-11 21:27:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Borysław\Desktop\OTL.exe PRC - [2011-09-07 20:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-02-23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-09-07 20:02:00 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-08-23 09:32:46 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (npggsvc) SRV - File not found [On_Demand | Stopped] -- -- (NBService) SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- -- (ircengnt) SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2011-09-11 20:37:51 | 000,592,768 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\BORYSA~1\AppData\Local\Temp\ZHSPAHMVADJQI.exe -- (ZHSPAHMVADJQI) SRV - [2011-09-11 20:37:44 | 000,387,968 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\BORYSA~1\AppData\Local\Temp\JLFUMZTWH.exe -- (JLFUMZTWH) SRV - [2011-08-03 20:24:02 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai) SRV - [2011-02-23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011-02-10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2009-02-21 14:49:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-12-02 14:35:43 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files\Thomson\ST330\service\st330service.exe -- (st330service) SRV - [2008-01-29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-09-26 17:23:26 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007-09-26 17:23:26 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Harmonogram automatycznej usługi LiveUpdate) SRV - [2007-09-12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2007-09-07 11:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2007-05-31 15:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService) SRV - [2005-01-31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-02-23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-02-23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-02-23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-02-23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-02-23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011-02-23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-03-15 12:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2010-03-15 12:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV - [2010-03-15 12:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV - [2010-03-15 12:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2010-03-15 12:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV - [2010-03-15 12:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV - [2010-03-15 12:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2009-12-23 13:54:37 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\rakion.sys -- (rak) DRV - [2009-12-23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd) DRV - [2009-04-23 11:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009-01-29 16:21:57 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-12-02 14:35:34 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stppp.sys -- (stppp) DRV - [2008-09-08 15:10:23 | 000,014,848 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid) DRV - [2008-05-02 22:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007-11-16 14:06:56 | 000,102,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007-06-07 18:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus) DRV - [2007-04-23 16:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k) DRV - [2007-04-23 16:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid) DRV - [2007-03-19 19:58:00 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\st330.sys -- (ST330) DRV - [2007-03-19 19:58:00 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stbus.sys -- (STBUS) DRV - [2007-02-16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007-02-16 10:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2007-02-15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2005-02-11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2003-04-21 09:19:00 | 000,186,551 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0010bVd.sys -- (V0010bVd) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.imageshack.us/index4.php IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3475731570-3686470524-1019051330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.imageshack.us/index4.php IE - HKU\S-1-5-21-3475731570-3686470524-1019051330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=V4hpxIdCvQVesgi2NVtIHw IE - HKU\S-1-5-21-3475731570-3686470524-1019051330-1007\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found IE - HKU\S-1-5-21-3475731570-3686470524-1019051330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/pages/AJKS/123681341043655" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Borysław\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Borysław\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-07 20:02:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-01 00:34:17 | 000,000,000 | ---D | M] [2011-05-26 14:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borysław\AppData\Roaming\mozilla\Extensions [2011-07-03 01:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borysław\AppData\Roaming\mozilla\Firefox\Profiles\li68amuj.default\extensions [2011-05-26 14:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-02-06 16:23:28 | 000,000,000 | ---D | M] (Zwunzi) -- C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} File not found (No name found) -- C:\USERS\BORYSĹ‚AW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LI68AMUJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011-09-07 20:02:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009-10-14 19:36:14 | 000,027,648 | ---- | M] (Ivo Software Sp. z o.o.) -- C:\Program Files\mozilla firefox\components\IvonaFirefoxToolbar.dll [2011-07-11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-04-25 15:31:06 | 000,000,096 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 212.77.100.101 www.redtube.com O1 - Hosts: 212.77.100.101 www.pornhub.com O1 - Hosts: 212.77.100.101 www.youporn.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found O2 - BHO: (no name) - {8664889D-ED18-4713-918F-E2BB69D8452B} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {8664889D-ED18-4713-918F-E2BB69D8452B} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3475731570-3686470524-1019051330-1007\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - File not found O3 - HKU\S-1-5-21-3475731570-3686470524-1019051330-1007\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [scvhost.exe] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3475731570-3686470524-1019051330-1007..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunServices: [scvhost.exe] File not found O4 - Startup: C:\Users\Borysław\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-3475731570-3686470524-1019051330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Borysław\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F19A5B-5A3E-42DF-ACC3-0BB634E713D4}: NameServer = 195.177.64.66,195.177.64.69 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Borysław\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Borysław\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1feeae5d-2d4a-11e0-b551-a564fada5e93}\Shell - "" = Autorun O33 - MountPoints2\{1feeae5d-2d4a-11e0-b551-a564fada5e93}\Shell\AutoRun\command - "" = E:\Install_Nokia_Ovi_Suite.exe O33 - MountPoints2\{38fa4423-0e12-11e0-b663-e9f5b8f57499}\Shell - "" = AutoRun O33 - MountPoints2\{38fa4423-0e12-11e0-b663-e9f5b8f57499}\Shell\AutoRun\command - "" = K:\Startme.exe O33 - MountPoints2\{62707533-2349-11dd-98b6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{62707533-2349-11dd-98b6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\_AUTORUN\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-09-11 21:27:35 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Borysław\Desktop\OTL.exe [2011-09-11 20:37:10 | 000,000,000 | ---D | C] -- C:\Users\Borysław\Desktop\RootkitRevealer [2011-09-09 01:12:06 | 000,000,000 | ---D | C] -- C:\Users\Borysław\Desktop\outro_data [2011-09-08 23:00:39 | 000,000,000 | ---D | C] -- C:\Users\Borysław\Desktop\mnie_data [2011-09-07 14:52:55 | 000,000,000 | ---D | C] -- C:\Users\Borysław\Desktop\Beaty [2011-08-31 20:00:54 | 000,000,000 | ---D | C] -- C:\Users\Borysław\Desktop\d2011 Krvavy- Otchłań [2011-08-24 12:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO [2011-08-24 11:37:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011-08-17 22:23:37 | 000,000,000 | ---D | C] -- C:\Users\Borysław\Contacts\Documents\Moje zeskanowane obrazy [2011-08-17 20:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2011-08-17 20:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011-08-17 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2011-08-17 19:29:54 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2011-08-15 18:25:55 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Borysław\Contacts\Documents\*.tmp files -> C:\Users\Borysław\Contacts\Documents\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-09-11 21:41:00 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-09-11 21:38:59 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3475731570-3686470524-1019051330-1002UA.job [2011-09-11 21:27:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Borysław\Desktop\OTL.exe [2011-09-11 21:05:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3475731570-3686470524-1019051330-1007UA.job [2011-09-11 20:46:13 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011-09-11 20:46:12 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-09-11 20:46:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-09-11 20:46:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-09-11 20:46:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-09-11 20:44:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\IIRVFWTRMP [2011-09-11 12:04:28 | 000,302,592 | ---- | M] () -- C:\Users\Borysław\Desktop\ymisiqls.exe [2011-09-11 07:39:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3475731570-3686470524-1019051330-1002Core.job [2011-09-10 21:33:24 | 006,450,506 | ---- | M] () -- C:\Users\Borysław\Desktop\acapellamnie.mp3 [2011-09-10 17:54:19 | 004,439,189 | ---- | M] () -- C:\Users\Borysław\Contacts\Documents\Ryba - Maszyny Do Zabijania.mp3 [2011-09-10 17:53:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Ryba - Maszyny Do Zabijania.mp3 [2011-09-10 15:48:37 | 008,364,685 | ---- | M] () -- C:\Users\Borysław\Desktop\Bucio - Beat 76.mp3 [2011-09-09 23:47:49 | 004,406,925 | ---- | M] () -- C:\Users\Borysław\Desktop\Bucio - Krvavy 1.mp3 [2011-09-09 19:17:17 | 000,706,549 | ---- | M] () -- C:\Users\Borysław\Desktop\Anatomy_of_a_Fetus_by_Ballistyc2.jpg [2011-09-09 18:22:03 | 000,747,900 | ---- | M] () -- C:\Users\Borysław\Desktop\Anatomy_of_a_Fetus_by_Ballistyc.jpg [2011-09-09 01:12:09 | 000,029,928 | ---- | M] () -- C:\Users\Borysław\Desktop\outro.aup [2011-09-08 23:00:43 | 000,052,548 | ---- | M] () -- C:\Users\Borysław\Desktop\mnie.aup [2011-09-08 11:05:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3475731570-3686470524-1019051330-1007Core.job [2011-09-08 10:58:20 | 000,092,672 | ---- | M] () -- C:\Users\Borysław\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-09-07 15:59:48 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Borysław.job [2011-08-31 23:05:11 | 001,122,079 | ---- | M] () -- C:\Users\Borysław\Contacts\Documents\demo NNOG.mp3 [2011-08-31 23:04:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\demo NNOG.mp3 [2011-08-30 17:11:12 | 000,142,100 | ---- | M] () -- C:\Users\Borysław\Desktop\Tentacle_by_MarkKane.jpg [2011-08-30 00:22:50 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011-08-27 15:04:43 | 009,109,943 | ---- | M] () -- C:\Users\Borysław\Desktop\MowiaMifeatKBZ.mp3 [2011-08-24 22:54:26 | 000,176,915 | ---- | M] () -- C:\Users\Borysław\Desktop\darkness_by_NegativeFeedback.jpg [2011-08-24 20:06:33 | 000,094,099 | ---- | M] () -- C:\Users\Borysław\Desktop\gesture_practice_by_bittersweetdisease-d47kw1o.jpg [2011-08-23 09:32:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011-08-17 22:13:29 | 000,118,066 | ---- | M] () -- C:\Windows\hpqins00.dat [2011-08-17 22:12:24 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-08-17 21:59:14 | 000,000,002 | ---- | M] () -- C:\Windows\Twain001.Mtx [2011-08-17 21:59:11 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX [2011-08-17 20:07:16 | 000,158,885 | ---- | M] () -- C:\Windows\hpoins19.dat [2011-08-17 20:04:05 | 000,714,186 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-08-17 20:04:05 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-08-17 20:04:05 | 000,152,262 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-08-17 20:04:05 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-08-17 19:44:10 | 001,854,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-08-15 23:41:37 | 013,277,316 | ---- | M] () -- C:\Users\Borysław\Desktop\guacha feat. natalia clavier - son of kick.mp3 [2011-08-14 13:47:17 | 000,730,031 | ---- | M] () -- C:\Users\Borysław\Desktop\Alexander.jpg [2011-08-12 21:53:51 | 001,598,332 | ---- | M] () -- C:\Users\Borysław\Desktop\Portrait_alexander_insane.jpg [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Borysław\Contacts\Documents\*.tmp files -> C:\Users\Borysław\Contacts\Documents\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-09-11 20:44:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IIRVFWTRMP [2011-09-11 12:04:27 | 000,302,592 | ---- | C] () -- C:\Users\Borysław\Desktop\ymisiqls.exe [2011-09-10 21:32:40 | 006,450,506 | ---- | C] () -- C:\Users\Borysław\Desktop\acapellamnie.mp3 [2011-09-10 17:53:10 | 004,439,189 | ---- | C] () -- C:\Users\Borysław\Contacts\Documents\Ryba - Maszyny Do Zabijania.mp3 [2011-09-10 17:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Ryba - Maszyny Do Zabijania.mp3 [2011-09-10 15:48:18 | 008,364,685 | ---- | C] () -- C:\Users\Borysław\Desktop\Bucio - Beat 76.mp3 [2011-09-09 23:47:42 | 004,406,925 | ---- | C] () -- C:\Users\Borysław\Desktop\Bucio - Krvavy 1.mp3 [2011-09-09 19:17:16 | 000,706,549 | ---- | C] () -- C:\Users\Borysław\Desktop\Anatomy_of_a_Fetus_by_Ballistyc2.jpg [2011-09-09 18:21:58 | 000,747,900 | ---- | C] () -- C:\Users\Borysław\Desktop\Anatomy_of_a_Fetus_by_Ballistyc.jpg [2011-09-09 01:12:09 | 000,029,928 | ---- | C] () -- C:\Users\Borysław\Desktop\outro.aup [2011-09-08 23:00:43 | 000,052,548 | ---- | C] () -- C:\Users\Borysław\Desktop\mnie.aup [2011-08-31 23:05:06 | 001,122,079 | ---- | C] () -- C:\Users\Borysław\Contacts\Documents\demo NNOG.mp3 [2011-08-31 23:04:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\demo NNOG.mp3 [2011-08-30 16:35:52 | 000,142,100 | ---- | C] () -- C:\Users\Borysław\Desktop\Tentacle_by_MarkKane.jpg [2011-08-27 15:04:03 | 009,109,943 | ---- | C] () -- C:\Users\Borysław\Desktop\MowiaMifeatKBZ.mp3 [2011-08-24 22:54:25 | 000,176,915 | ---- | C] () -- C:\Users\Borysław\Desktop\darkness_by_NegativeFeedback.jpg [2011-08-24 20:06:32 | 000,094,099 | ---- | C] () -- C:\Users\Borysław\Desktop\gesture_practice_by_bittersweetdisease-d47kw1o.jpg [2011-08-17 22:11:58 | 000,118,066 | ---- | C] () -- C:\Windows\hpqins00.dat.temp [2011-08-17 21:59:11 | 000,000,002 | ---- | C] () -- C:\Windows\Twain001.Mtx [2011-08-17 20:05:46 | 000,000,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rejestracja programu I.R.I.S. OCR.lnk [2011-08-17 20:02:46 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-08-17 19:58:24 | 000,158,885 | ---- | C] () -- C:\Windows\hpoins19.dat [2011-08-17 19:58:16 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011-08-14 13:47:17 | 000,730,031 | ---- | C] () -- C:\Users\Borysław\Desktop\Alexander.jpg [2011-08-12 21:53:47 | 001,598,332 | ---- | C] () -- C:\Users\Borysław\Desktop\Portrait_alexander_insane.jpg [2011-06-16 19:46:02 | 000,004,582 | ---- | C] () -- C:\Windows\wininit.ini [2011-03-19 17:18:50 | 000,028,915 | ---- | C] () -- C:\Users\Borysław\AppData\Roaming\UserTile.png [2011-03-19 01:57:14 | 000,000,029 | ---- | C] () -- C:\Windows\wordpad.ini [2011-02-08 00:18:29 | 000,000,327 | ---- | C] () -- C:\Windows\Ulead32.ini [2010-12-06 18:06:20 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010-11-01 13:22:08 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010-08-01 20:56:55 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI [2010-05-02 23:36:37 | 001,415,907 | ---- | C] () -- C:\Windows\System32\Wb025.dat [2010-05-02 23:36:37 | 001,321,472 | ---- | C] () -- C:\Windows\System32\SYSWB6.exe [2010-05-02 23:36:37 | 001,252,635 | ---- | C] () -- C:\Windows\System32\Wb015.dat [2010-05-02 23:36:37 | 000,640,000 | ---- | C] () -- C:\Windows\System32\WeUninstall.exe [2010-05-02 23:36:37 | 000,097,481 | ---- | C] () -- C:\Windows\System32\Wb035.dat [2010-05-02 23:36:37 | 000,064,890 | ---- | C] () -- C:\Windows\System32\Wb100.dat [2010-05-02 23:36:37 | 000,012,583 | ---- | C] () -- C:\Windows\System32\WbWords.dat [2010-05-02 23:36:37 | 000,001,426 | ---- | C] () -- C:\Windows\System32\Wbconf.dat [2010-05-02 23:36:37 | 000,001,023 | ---- | C] () -- C:\Windows\System32\WBUS.dat [2010-05-02 23:36:37 | 000,000,267 | ---- | C] () -- C:\Windows\System32\wbUsUBlk.Dat [2010-05-02 23:36:37 | 000,000,227 | ---- | C] () -- C:\Windows\System32\WBLog.dat [2010-05-02 23:36:37 | 000,000,098 | ---- | C] () -- C:\Windows\System32\wbUsBlk.Dat [2010-05-02 23:36:37 | 000,000,052 | ---- | C] () -- C:\Windows\System32\nwt.sys [2010-03-30 20:34:27 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib.dll [2010-02-27 22:01:46 | 000,149,232 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010-02-12 18:25:06 | 000,000,192 | ---- | C] () -- C:\Windows\dvdtoaviconverter.ini [2010-02-12 18:23:58 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SysDVDtoavi.dat [2009-12-24 15:01:20 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe [2009-11-21 22:03:07 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009-11-11 12:13:34 | 000,060,928 | ---- | C] () -- C:\Windows\System32\rakion.sys [2009-09-24 10:45:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-09-24 10:45:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009-08-14 14:59:44 | 000,000,096 | ---- | C] () -- C:\Users\Borysław\AppData\Local\fusioncache.dat [2009-07-28 23:18:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009-07-26 21:02:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009-07-26 20:36:05 | 000,092,672 | ---- | C] () -- C:\Users\Borysław\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-30 20:54:54 | 000,118,066 | ---- | C] () -- C:\Windows\hpqins00.dat [2009-05-29 18:45:40 | 000,162,616 | ---- | C] () -- C:\Windows\Animated GIF Converter and Booster Pack Uninstaller.exe [2009-05-29 10:36:50 | 000,078,085 | ---- | C] () -- C:\Windows\System32\pattern.dat [2009-05-29 10:36:46 | 000,307,200 | ---- | C] () -- C:\Windows\System32\fxstudio.dll [2009-05-29 10:36:46 | 000,282,624 | ---- | C] () -- C:\Windows\System32\animation2.dll [2009-05-20 21:04:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009-05-20 21:03:32 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009-05-20 21:03:17 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009-05-17 19:26:27 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-05-17 19:26:25 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009-05-17 19:26:25 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-05-17 19:26:24 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-05-17 19:00:21 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-05-17 19:00:21 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll [2009-03-15 01:04:56 | 000,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009-03-12 20:04:25 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009-03-12 20:04:25 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7EC0E47C8E.sys [2009-02-07 21:34:23 | 000,323,584 | -HS- | C] () -- C:\Windows\ircrem.exe [2009-01-11 20:28:16 | 000,105,984 | ---- | C] () -- C:\Windows\System32\c_dll.dll [2009-01-11 20:25:02 | 000,008,827 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008-12-21 21:35:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msexcr.ini [2008-11-29 18:03:15 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini [2008-08-08 12:04:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007-09-13 16:57:44 | 000,212,992 | ---- | C] () -- C:\Windows\System32\HCCall.exe [2007-04-24 21:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll [2007-03-26 10:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2007-02-20 14:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007-02-20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007-02-20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007-02-20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007-02-20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007-02-20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007-02-20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007-02-20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007-02-20 14:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007-01-26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll [2007-01-26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll [2007-01-10 07:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\System32\SSCProt.dll [2006-12-05 07:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:22:06 | 000,714,186 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:22:06 | 000,152,262 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 001,854,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004-05-10 17:33:46 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lhtool.exe [2002-09-18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe [2002-03-17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000035.DLL [2001-06-28 12:37:26 | 000,307,200 | ---- | C] () -- C:\Windows\System32\drumpad.dll [2001-04-01 18:16:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\fader.dll [2000-03-29 01:58:40 | 000,280,576 | ---- | C] () -- C:\Windows\System32\pxd_kom.dll [2000-03-28 15:27:42 | 000,075,976 | ---- | C] () -- C:\Windows\System32\BASSDEC.dll [color=#E56717]========== LOP Check ==========[/color] [2009-07-26 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Acoustica [2011-03-20 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Aegisub [2009-09-04 21:25:59 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Ambient Design [2010-03-30 17:21:01 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\ArcaVirMicroScan [2010-06-04 13:07:23 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Azureus [2011-03-22 03:26:39 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Beat Hazard [2010-04-23 18:04:16 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Cool Record Edit Pro [2011-03-26 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Cyberduck [2010-12-30 13:48:44 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Cycle of 5th [2009-12-23 17:06:52 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\DAEMON Tools [2009-12-23 17:06:52 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\DAEMON Tools Lite [2009-12-23 17:06:52 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\DAEMON Tools Pro [2010-07-28 17:51:46 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\DVDVideoSoftIEHelpers [2011-03-19 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\FMZilla [2010-02-06 16:23:48 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Free Sound Recorder [2010-12-06 18:06:22 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\FreeAudioPack [2010-07-25 13:54:22 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\FUJIFILM [2011-06-07 00:51:06 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Gadu-Gadu 10 [2010-09-03 20:55:40 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\GetRightToGo [2011-09-10 19:14:32 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\gtk-2.0 [2011-01-30 12:23:59 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\HDRsoft [2011-09-09 23:42:19 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Image Zone Express [2010-02-21 17:15:51 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Inkscape [2011-03-19 15:35:17 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\ipla [2011-04-06 15:56:53 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\IVONA ControlCenter [2011-04-17 18:34:55 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\IVONA Reader [2010-10-12 20:07:42 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\MAGIX [2010-11-01 18:40:19 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\NCH Swift Sound [2010-04-15 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\NetMedia Providers [2011-04-02 20:34:05 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Nvu [2009-07-26 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\OpenOffice.org [2011-03-19 17:18:49 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\PeerNetworking [2011-06-02 15:02:11 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\PhotoScape [2009-08-30 15:50:03 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Power Sound Editor Free [2009-08-16 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Printer Info Cache [2010-04-15 21:12:36 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Publish Providers [2011-03-19 15:22:28 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\RDRM [2010-11-01 13:25:45 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Sierra [2010-12-11 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Sierra Entertainment [2011-01-20 04:05:50 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Sony [2010-10-19 20:53:49 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\The Creative Assembly [2011-02-05 01:13:30 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\Tlen.pl [2010-02-21 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\Borysław\AppData\Roaming\WinAVI [2011-03-26 00:13:52 | 000,000,000 | -HSD | M] -- C:\Users\Borysław\AppData\Roaming\wyUpdate AU [2010-11-19 13:19:05 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Acoustica [2009-07-26 13:28:54 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\gtk-2.0 [2009-05-31 19:44:16 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Image Zone Express [2009-07-23 14:38:55 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\LEGO Company [2009-05-20 21:06:19 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\MAGIX [2009-06-24 19:44:20 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\OpenOffice.org [2011-02-23 10:40:12 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\PhotoScape [2009-07-24 08:22:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Power Sound Editor Free [2009-05-31 19:44:15 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Printer Info Cache [2009-05-29 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\River Past G5 [2009-04-29 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Sierra Entertainment [2009-07-24 10:14:21 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Tlen.pl [2011-09-11 20:02:23 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008-05-16 16:17:25 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011-07-16 13:47:59 | 003,452,419 | ---- | M] ()(C:\Users\Borysław\Desktop\?????? ????? - ????????? ?????.mp3) -- C:\Users\Borysław\Desktop\?????? ????? - ????????? ?????.mp3 [2011-03-12 14:42:32 | 003,452,419 | ---- | C] ()(C:\Users\Borysław\Desktop\?????? ????? - ????????? ?????.mp3) -- C:\Users\Borysław\Desktop\?????? ????? - ????????? ?????.mp3 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 1280 bytes -> C:\ProgramData\Microsoft:UjoY31FZaw1WbMQbXbZ @Alternate Data Stream - 1276 bytes -> C:\Users\Borysław\AppData\Local\Temp:c5VWC58yGBDGx8kEWI8B @Alternate Data Stream - 1238 bytes -> C:\ProgramData\Microsoft:QZXlT34LnsQItesRmOo6DjERJKT @Alternate Data Stream - 1079 bytes -> C:\Program Files\Common Files\System:mfZ3X1KDLyNXQCFM1uarsiFs < End of report >