OTL logfile created on: 2012-05-25 20:29:48 - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Iwona\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,49 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 60,74% Memory free 6,98 Gb Paging File | 5,50 Gb Available in Paging File | 78,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 39,57 Gb Free Space | 27,03% Space Free | Partition Type: NTFS Drive E: | 314,39 Gb Total Space | 230,35 Gb Free Space | 73,27% Space Free | Partition Type: NTFS Computer Name: IWONA-KOMPUTER | User Name: Iwona | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-05-25 20:22:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Downloads\OTL.exe PRC - [2012-05-25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012-05-25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2012-04-25 21:34:50 | 003,065,120 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2012-03-20 01:11:52 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-02-09 15:20:36 | 001,340,264 | ---- | M] (IVONA Software Sp. z o.o.) -- C:\Program Files\IVONA\IVONA Reader\IVONA Reader.exe PRC - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2011-09-22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2011-07-02 20:49:33 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\Windows\System32\drivers\CDAC11BA.EXE PRC - [2011-05-21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-05-21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011-05-21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-12-03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-10-17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) -- c:\xampp\FileZillaFTP\FileZillaServer.exe PRC - [2010-07-04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010-03-10 03:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe PRC - [2009-09-30 14:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009-09-30 14:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009-09-08 19:13:48 | 000,806,664 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe PRC - [2009-05-14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-03-20 01:11:52 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-02-09 15:20:42 | 000,029,032 | ---- | M] () -- C:\Program Files\IVONA\IVONA Reader\IvonaIntegration.dll MOD - [2012-02-07 14:26:40 | 030,696,304 | ---- | M] () -- C:\Program Files\IVONA\IVONA 2 Voice\voices\voice_pl_agnieszka.dll MOD - [2011-10-07 08:04:24 | 000,024,576 | ---- | M] () -- C:\Program Files\IVONA\IVONA 2 Voice\Qt_4_6_3_1\x86\QtSolutions_MFCMigrationFramework-2.8_IVONA.dll MOD - [2011-10-06 15:26:36 | 008,179,712 | ---- | M] () -- C:\Program Files\IVONA\IVONA 2 Voice\Qt_4_6_3_1\x86\QtGuiIVONA4.dll MOD - [2011-10-06 15:15:50 | 002,203,648 | ---- | M] () -- C:\Program Files\IVONA\IVONA 2 Voice\Qt_4_6_3_1\x86\QtCoreIVONA4.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\xampp\service.exe -- (XAMPP) SRV - [2012-05-25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012-05-24 20:36:40 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012-05-21 19:50:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-04-25 21:34:50 | 003,065,120 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012-02-15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2011-07-02 20:49:33 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2011-05-21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-03-14 15:35:37 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011-01-29 13:04:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-12-03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Start_Pending] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2010-10-18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2010-10-17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Auto | Running] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2010-07-04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010-03-10 03:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32) SRV - [2009-09-30 14:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009-09-30 14:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009-09-08 19:13:48 | 000,806,664 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-06-19 16:42:40 | 000,167,936 | ---- | M] (OLYMPUS IMAGING CORP.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe -- (Olympus DVR Service) SRV - [2009-05-14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.ScreenshotReader.9.0) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\pfc.sys -- (pfc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\dolboot.sys -- (DolBoot) DRV - [2012-02-09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-11-02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2011-09-22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011-08-09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2011-08-04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2011-08-04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2011-07-02 20:49:19 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2011-05-19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2011-02-17 19:06:10 | 000,160,560 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2011-02-17 19:06:10 | 000,122,032 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2011-02-17 19:06:10 | 000,111,152 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2011-02-17 19:06:10 | 000,044,784 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010-12-02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-12 01:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010-06-14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010-05-27 09:40:24 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010-04-27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010-04-27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2010-04-27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-09-17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008-01-19 05:49:30 | 000,030,208 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irstusb.sys -- (STIrUsb) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alawar.pl IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120216130334134&tb_oid=16-02-2012&tb_mrud=16-02-2012 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = my.daemon-search.comhttp://alawar.pl [binary data] IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alawar.pl IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes,DefaultScope = {446A123E-21D9-4233-8889-1D3B8455E49A} IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18571 IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{446A123E-21D9-4233-8889-1D3B8455E49A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{57B35CDC-7F23-4F24-A980-FE8B872CDF61}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/hypercam/{FA5EC1D2-D2CD-4CAE-BD9F-A843FECD766C}?q={searchTerms} IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120216130334134&tb_oid=16-02-2012&tb_mrud=16-02-2012 IE - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "https://www.google.pl/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-20 01:11:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-20 19:43:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-11-02 01:43:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-04-26 02:48:07 | 000,000,000 | ---D | M] [2011-01-31 13:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions [2012-05-25 20:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\cjzfu5jw.default\extensions [2012-05-17 20:28:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\cjzfu5jw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012-04-20 19:53:34 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\cjzfu5jw.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2012-04-27 22:48:16 | 000,000,000 | ---D | M] ("Ivona Firefox Toolbar") -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\cjzfu5jw.default\extensions\IvonaFirefoxToolbar@ivona.com [2011-06-20 14:07:12 | 000,000,923 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\cjzfu5jw.default\searchplugins\conduit.xml [2011-02-14 11:42:03 | 000,002,374 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\cjzfu5jw.default\searchplugins\search.xml [2011-12-29 14:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-02-22 21:17:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-05-25 20:11:21 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF [2012-01-06 22:37:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJZFU5JW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012-05-10 20:47:46 | 000,185,022 | ---- | M] () (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJZFU5JW.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI [2012-03-20 01:11:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-12-09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-02-16 01:18:41 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-09-08 22:03:45 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-02-16 01:18:41 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-16 01:18:41 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-16 01:18:41 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-16 01:18:41 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-16 01:18:41 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Iwona\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.67\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Speakable Textareas = C:\Users\Iwona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aocpbpfpjeonoijgbboppomelkmniaed\1.0_1\ CHR - Extension: Skype Click to Call = C:\Users\Iwona\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.8\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [RiccoVPN] File not found O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000..\Run: [ABBYY Screenshot Reader Retail] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3757937154-3462029877-3313739134-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3757937154-3462029877-3313739134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9C370B1-7388-45F3-B2CB-56F6F84231E8}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-03-14 15:23:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{571ac5cf-5bb2-11e1-bbdc-1c6f658dc3af}\Shell - "" = AutoRun O33 - MountPoints2\{571ac5cf-5bb2-11e1-bbdc-1c6f658dc3af}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-05-25 19:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar [2012-05-25 19:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012-05-24 21:46:28 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{C4574386-711B-44C1-BF96-A3D5F64AAFD4} [2012-05-24 21:46:04 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{57B6FA3C-6A7A-4795-A56E-3FF6C8457543} [2012-05-24 21:26:20 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{6FCE5C04-6716-428D-B03B-3B37F0362A4B} [2012-05-24 21:25:56 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{F37F1B59-5C63-4F27-A368-DDB500242448} [2012-05-24 21:12:01 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{018ACBF9-2301-4600-B6FD-4097E093E5DA} [2012-05-24 21:11:37 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{4C38B312-9197-4527-91D3-4971CDE377E5} [2012-05-24 20:49:29 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{9DCE78B6-271D-48D3-8C15-DAB0AD564742} [2012-05-24 20:49:06 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{16F25CF8-C35E-47D2-8525-1F681501D96F} [2012-05-22 12:41:50 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{80471F77-BE18-472B-9D2B-1DB5221ED34F} [2012-05-22 12:41:27 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{E7754496-4005-487B-827C-BC766A3B0909} [2012-05-22 12:27:13 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{6A4B25AE-2E3E-41DD-9A12-7162B3D9D916} [2012-05-22 12:26:49 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{2D57DAF2-43A1-4B01-AA76-C01C9CF7FE43} [2012-05-21 21:36:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2012-05-21 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{EC81F73A-3BF7-4E3D-ACA0-F07892DCCB6A} [2012-05-21 20:04:16 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{D1E89CB1-E0A4-4CE2-B453-70E2B0BA67AD} [2012-05-21 20:00:08 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{CE0CC400-9A9F-47EE-8ABD-05EB2CF7AE18} [2012-05-21 19:59:23 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{AC884260-91EA-47F9-A71F-15B9D1566013} [2012-05-21 19:57:14 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{707C144B-432D-49D8-959A-35ADAC47EFE6} [2012-05-21 19:57:02 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{6D702BCB-A42B-4F7B-B050-C368A57A3A13} [2012-05-21 19:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012-05-21 19:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD YouTube Downloader & Converter [2012-05-21 19:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD YouTube Downloader & Converter [2012-05-21 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\YTD YouTube Downloader & Converter [2012-05-21 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{BD31C110-97AA-4F43-A7AE-D2B41DEF48F7} [2012-05-19 20:09:13 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-05-19 20:09:13 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-05-17 23:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Dekovir [2012-05-14 23:56:18 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{A6A4086C-3735-46DD-807C-5EA2680FF849} [2012-05-12 01:09:23 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\NapiProjekt [2012-05-11 20:01:25 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012-05-11 20:01:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012-05-11 20:01:24 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-05-11 20:00:34 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012-05-11 02:28:03 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{99B4383B-7E7E-45AE-85DA-E85AFEC5608F} [2012-05-04 21:57:31 | 000,073,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll [2012-05-04 21:00:01 | 004,126,880 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012-05-04 19:21:40 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{3A7C6A58-6123-48F0-8518-6D7363E37181} [2012-05-03 01:56:52 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{535C6A03-AC93-4131-8F90-1B3A96B007A9} [2012-05-03 01:56:16 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{C58E64A7-7A67-45A8-B55C-8566EB55A339} [2012-05-03 01:55:51 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\{10A2AAE3-316E-42F3-AB96-0AB01CB32367} [2012-05-02 00:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012-05-02 00:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\JRTwine Software [2012-05-02 00:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delete FXP Files 2009 - Demo [2012-05-02 00:14:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{93F12E73-5AED-46C1-AE84-4E311A4255D1} [2012-04-29 01:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames [2012-04-26 02:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2012-04-26 02:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [1 C:\Users\Iwona\Desktop\*.tmp files -> C:\Users\Iwona\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-05-25 20:32:27 | 008,388,608 | -HS- | M] () -- C:\Users\Iwona\ntuser.dat [2012-05-25 20:23:38 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-05-25 20:23:38 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-05-25 20:14:48 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-05-25 20:14:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-05-25 20:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-05-25 20:14:38 | 2811,879,424 | -HS- | M] () -- C:\hiberfil.sys [2012-05-25 20:14:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-05-25 20:13:48 | 003,687,487 | -H-- | M] () -- C:\Users\Iwona\AppData\Local\IconCache.db [2012-05-25 20:06:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-05-25 19:49:48 | 001,849,138 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-05-25 19:49:48 | 000,803,868 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-05-25 19:49:48 | 000,718,076 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-05-25 19:49:48 | 000,179,646 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-05-25 19:49:48 | 000,146,098 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-05-24 21:07:57 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012-05-23 21:30:26 | 000,001,790 | ---- | M] () -- C:\Users\Iwona\Desktop\cc_20120523_212918.reg [2012-05-22 21:07:19 | 000,033,280 | ---- | M] () -- C:\Users\Iwona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-22 00:30:10 | 000,682,762 | ---- | M] () -- C:\Users\Iwona\Desktop\Muszka.mp3 [2012-05-21 23:23:33 | 000,382,458 | ---- | M] () -- C:\Users\Iwona\Desktop\bul bul Shippuuden.mp3 [2012-05-21 19:50:26 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-05-21 19:50:26 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-05-21 19:44:27 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk [2012-05-18 00:16:19 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk [2012-05-17 23:19:02 | 000,001,174 | ---- | M] () -- C:\Users\Iwona\Desktop\Chameleon Gems.lnk [2012-05-17 23:18:48 | 000,001,828 | ---- | M] () -- C:\Users\Iwona\Desktop\Gry Alawar.lnk [2012-05-11 20:16:07 | 000,331,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-05-04 21:00:01 | 004,126,880 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012-04-30 19:52:00 | 000,001,138 | ---- | M] () -- C:\Users\Iwona\Desktop\Tęczowa pajęczyna.lnk [1 C:\Users\Iwona\Desktop\*.tmp files -> C:\Users\Iwona\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-05-24 21:57:36 | 000,070,742 | ---- | C] () -- C:\Users\Iwona\Desktop\level_complete.mp3 [2012-05-24 21:57:13 | 000,366,131 | ---- | C] () -- C:\Users\Iwona\Desktop\birds_intro.mp3 [2012-05-23 21:29:29 | 000,001,790 | ---- | C] () -- C:\Users\Iwona\Desktop\cc_20120523_212918.reg [2012-05-22 00:30:07 | 000,682,762 | ---- | C] () -- C:\Users\Iwona\Desktop\Muszka.mp3 [2012-05-21 23:23:29 | 000,382,458 | ---- | C] () -- C:\Users\Iwona\Desktop\bul bul Shippuuden.mp3 [2012-05-21 19:44:27 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk [2012-05-19 20:09:14 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-05-18 00:16:19 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk [2012-05-17 23:19:02 | 000,001,174 | ---- | C] () -- C:\Users\Iwona\Desktop\Chameleon Gems.lnk [2012-05-17 23:18:48 | 000,001,828 | ---- | C] () -- C:\Users\Iwona\Desktop\Gry Alawar.lnk [2012-05-15 02:13:26 | 003,687,487 | -H-- | C] () -- C:\Users\Iwona\AppData\Local\IconCache.db [2012-04-30 19:52:00 | 000,001,138 | ---- | C] () -- C:\Users\Iwona\Desktop\Tęczowa pajęczyna.lnk [2011-12-10 20:28:25 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2011-11-03 01:56:27 | 000,000,149 | ---- | C] () -- C:\Windows\swosfff.ini [2011-09-11 13:17:33 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011-08-10 11:31:38 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011-07-07 22:41:14 | 000,000,000 | ---- | C] () -- C:\Users\Iwona\AppData\Local\{21EF5915-2D3D-4957-9521-1B665CB5B6EB} [2011-07-02 20:49:35 | 000,112,128 | RH-- | C] () -- C:\Windows\CdaC14BA.DLL [2011-07-02 20:49:35 | 000,030,720 | RH-- | C] () -- C:\Windows\CdaC13BA.EXE [2011-07-02 20:49:20 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS [2011-06-24 14:13:49 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2011-06-07 22:04:36 | 000,007,603 | ---- | C] () -- C:\Users\Iwona\AppData\Local\Resmon.ResmonCfg [2011-05-11 02:18:06 | 000,063,952 | ---- | C] () -- C:\Users\Iwona\AppData\Roaming\GDIPFONTCACHEV1.DAT [2011-04-05 20:02:44 | 000,000,061 | ---- | C] () -- C:\Windows\ocuBxTMI.ini [2011-04-05 20:02:44 | 000,000,033 | ---- | C] () -- C:\ProgramData\K01Rffky.dat [2011-04-05 20:02:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\msdesksw_default.theme [2011-02-24 12:05:27 | 000,000,739 | ---- | C] () -- C:\Windows\STImgBrowser.INI [2011-02-11 16:42:06 | 000,001,324 | ---- | C] () -- C:\Windows\disney.ini [2011-02-07 21:12:07 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-02-07 21:12:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-02-07 21:12:05 | 002,600,448 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011-02-07 21:12:05 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011-02-07 21:12:04 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-02-07 21:12:04 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-02-07 21:12:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-02-07 21:12:04 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2011-02-01 16:09:25 | 000,000,288 | ---- | C] () -- C:\Windows\Support.ini [2011-01-31 23:51:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011-01-31 23:51:37 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011-01-31 14:16:19 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-01-31 13:30:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-01-30 15:35:52 | 000,033,280 | ---- | C] () -- C:\Users\Iwona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-29 22:34:40 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2011-01-29 13:12:18 | 000,063,952 | ---- | C] () -- C:\Users\Iwona\AppData\Local\GDIPFONTCACHEV1.DAT [2011-01-29 12:27:00 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011-01-29 12:17:52 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011-01-29 12:03:15 | 001,849,138 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [color=#E56717]========== LOP Check ==========[/color] [2011-10-07 11:22:29 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\123 Free Solitaire [2011-08-30 02:42:30 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Ashampoo [2011-12-22 22:03:32 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Audacity [2011-06-30 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Autodesk [2011-04-22 23:09:35 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\AVSMedia [2012-04-25 21:11:54 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\DAEMON Tools Lite [2011-05-16 22:29:45 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Dev-Cpp [2011-04-05 19:58:00 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\dolphin [2012-02-24 02:15:49 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Dropbox [2011-09-08 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Easy MP3 Recorder [2012-02-25 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\EurekaLog [2011-09-13 15:43:09 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Friday's games [2011-11-17 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\GetRightToGo [2012-01-23 16:46:52 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\GHISLER [2011-07-04 22:15:55 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\gtk-2.0 [2012-03-01 22:00:23 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\IVONA 2 Voice [2011-02-14 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\IVONA ControlCenter [2011-01-29 22:22:28 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\IVONA Player [2012-03-06 01:17:22 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\IVONA Reader [2011-11-13 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Marine Aquarium 3 [2011-02-01 12:54:12 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\ML [2012-05-12 01:09:25 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\NapiProjekt [2012-01-23 17:10:26 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Notepad++ [2012-02-16 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\OpenCandy [2012-05-17 23:39:50 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Rovio [2011-01-31 23:51:35 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Samsung [2012-01-05 00:34:48 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Softland [2011-09-13 11:20:20 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Thunderbird [2011-03-17 12:03:45 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Vimisoft Studio [2011-02-01 01:06:23 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Windows Live Writer [2012-05-25 09:16:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 36 bytes -> C:\Windows\System32\desktop.ini:WIN64 @Alternate Data Stream - 32 bytes -> C:\Windows\win.ini:WINDOWS @Alternate Data Stream - 27 bytes -> C:\ProgramData\ABuosU.theme:NTOSCHK @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:A11EF047 < End of report >