OTL logfile created on: 2010-10-05 15:55:31 - Run 4 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Kapibara\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 35,46 Gb Total Space | 4,36 Gb Free Space | 12,29% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 6,86 Gb Free Space | 17,58% Space Free | Partition Type: NTFS Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MFIALKOWSKA Current User Name: Kapibara Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-10-05 15:53:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kapibara\Desktop\OTL.exe PRC - [2010-09-19 12:43:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-09-10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2010-04-12 10:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-11-24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe PRC - [2008-04-14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2005-05-24 23:41:09 | 000,503,808 | ---- | M] (Stamina) -- C:\Program Files\Konnekt\konnekt.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-10-05 15:53:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kapibara\Desktop\OTL.exe MOD - [2010-09-10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2008-04-14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Unknown | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - File not found [Unknown | Stopped] -- -- (MSDTC) SRV - [2010-09-10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Unknown | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Unknown | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Unknown | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - [2010-09-29 22:29:37 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-09-10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard) DRV - [2010-09-10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cmderd.sys -- (cmderd) DRV - [2010-04-12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009-10-20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF) DRV - [2008-07-27 00:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Unknown | Stopped] -- C:\Program Files\BatteryCare\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2008-06-26 07:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008-04-28 16:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey) DRV - [2008-04-13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus) DRV - [2008-01-18 11:49:24 | 000,220,640 | ---- | M] (Synaptics, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP) DRV - [2007-06-18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007-02-12 13:56:44 | 000,625,664 | ---- | M] (Conexant Systems Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2007-01-13 11:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm) DRV - [2006-12-21 00:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV) DRV - [2006-12-21 00:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006-12-21 00:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf) DRV - [2006-09-24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\speedfan.sys -- (speedfan) DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Unknown | Running] -- C:\WINDOWS\System32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1715567821-1682526488-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1715567821-1682526488-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://google.pl/ig" FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.18 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-19 12:44:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-19 12:44:08 | 000,000,000 | ---D | M] [2010-02-05 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\Mozilla\Extensions [2010-10-04 14:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\Mozilla\Firefox\Profiles\2lrc2rdi.default\extensions [2010-08-18 12:19:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kapibara\Application Data\Mozilla\Firefox\Profiles\2lrc2rdi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-07 16:28:32 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Kapibara\Application Data\Mozilla\Firefox\Profiles\2lrc2rdi.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010-02-06 12:56:11 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Kapibara\Application Data\Mozilla\Firefox\Profiles\2lrc2rdi.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2010-09-21 19:34:32 | 000,002,075 | ---- | M] () -- C:\Documents and Settings\Kapibara\Application Data\Mozilla\FireFox\Profiles\2lrc2rdi.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-10-04 14:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-02-14 02:11:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-05-22 14:17:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-22 14:17:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-02-06 13:07:31 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010-09-19 12:44:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-09-19 12:44:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-09-19 12:44:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-09-19 12:44:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-09-19 12:44:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-09-19 12:44:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKU\S-1-5-21-1715567821-1682526488-682003330-1003..\Run: [Konnekt] C:\Program Files\Konnekt\konnekt.exe (Stamina) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1715567821-1682526488-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1715567821-1682526488-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-21-1715567821-1682526488-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1715567821-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1715567821-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Kapibara\Desktop\l.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kapibara\Desktop\l.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-02-05 16:12:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-10-05 15:54:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kapibara\Desktop\OTL.exe [2010-10-04 13:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO [2010-10-04 13:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kapibara\Application Data\Canneverbe Limited [2010-10-04 13:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010-10-04 12:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010-10-04 12:09:11 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW [2010-10-04 11:56:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-10-04 11:56:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-10-04 11:56:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-10-04 11:56:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-10-04 11:56:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot [2010-10-04 11:55:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-10-04 11:54:09 | 000,000,000 | --SD | C] -- C:\ComboFix [2010-10-04 11:18:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-10-04 11:17:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp [2010-10-04 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2010-10-04 10:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kapibara\Desktop\do porządków [2010-10-04 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo [2010-10-04 10:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2010-10-04 10:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner [2010-10-04 10:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kapibara\Application Data\TweakNow RegCleaner [2010-10-03 14:57:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kapibara\Recent [2010-10-03 14:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-10-03 14:50:47 | 003,430,224 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Kapibara\Desktop\ccsetup236.exe [2010-10-03 14:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kapibara\Desktop\Grotów 2010 [2010-09-29 22:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kapibara\LiU_print [2010-09-29 22:37:24 | 000,000,000 | ---D | C] -- D:\My Documents\Alcohol 120% [2010-09-29 22:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2010-09-29 22:29:37 | 000,436,792 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-09-29 15:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kapibara\Application Data\ipla [2010-09-29 15:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ipla [2010-09-29 15:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\ipla [2010-09-29 15:57:37 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll [2010-09-29 14:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles [2010-09-29 14:00:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010-09-29 14:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010-09-29 14:00:51 | 000,000,000 | ---D | C] -- D:\My Documents\My eBooks [2010-09-29 14:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kapibara\Application Data\InterTrust [2010-09-29 14:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010-09-29 13:53:19 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010-09-29 13:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\EuroPlus+ Angielski z Cambridge [2010-09-28 15:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\YDP [2010-09-28 15:48:37 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe [2010-09-28 14:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\AidemMedia [2010-09-28 14:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\AM [2010-09-28 14:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EL [2010-09-28 14:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\EasyLanguage [2010-09-27 10:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Edgard [2010-09-21 19:12:30 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm [2010-09-21 19:12:30 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-09-21 19:12:29 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-09-21 19:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010-09-10 23:41:40 | 000,285,480 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010-09-10 23:40:54 | 000,091,560 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2010-09-10 23:40:52 | 000,239,240 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2010-09-10 23:40:52 | 000,025,240 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2010-09-10 23:40:48 | 000,015,592 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-10-05 15:53:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kapibara\Desktop\OTL.exe [2010-10-05 15:51:43 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-10-05 15:51:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-10-05 15:51:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-10-05 15:50:57 | 000,350,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010-10-05 15:50:15 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Kapibara\NTUSER.DAT [2010-10-04 13:25:38 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Kapibara\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2010-10-04 13:10:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kapibara\ntuser.ini [2010-10-04 13:10:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk [2010-10-04 12:51:56 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Kapibara\Desktop\MBRCheck.exe [2010-10-04 12:50:15 | 000,316,269 | ---- | M] () -- C:\Documents and Settings\Kapibara\Desktop\Vba32ArkitLog_2010-10-4_12-50-6.html [2010-10-04 12:33:05 | 000,000,775 | ---- | M] () -- D:\My Documents\ax_files.xml [2010-10-04 12:17:42 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\Kapibara\Desktop\HiJackThis.lnk [2010-10-04 10:18:04 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-10-04 10:13:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\prvlcl.dat [2010-10-04 10:01:18 | 000,528,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-10-04 10:01:18 | 000,112,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-10-04 10:01:18 | 000,004,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-10-03 15:11:34 | 000,044,904 | ---- | M] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010-10-03 14:47:16 | 003,430,224 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Kapibara\Desktop\ccsetup236.exe [2010-10-03 14:46:11 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010-09-29 22:29:37 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-09-29 22:16:44 | 000,000,394 | ---- | M] () -- C:\Documents and Settings\Kapibara\Application Data\burnaware.ini [2010-09-29 21:55:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-09-29 15:57:37 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll [2010-09-29 14:51:16 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-09-29 14:07:32 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EuroPlus+ Angielski z Cambridge.lnk [2010-09-21 19:00:40 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-19 15:10:10 | 000,462,395 | ---- | M] () -- D:\My Documents\madziadyplom.jpg [2010-09-14 10:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-09-14 10:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2010-09-10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010-09-10 23:40:54 | 000,091,560 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2010-09-10 23:40:52 | 000,239,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2010-09-10 23:40:52 | 000,025,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2010-09-10 23:40:48 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-10-04 13:10:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk [2010-10-04 12:52:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Kapibara\Desktop\MBRCheck.exe [2010-10-04 12:50:15 | 000,316,269 | ---- | C] () -- C:\Documents and Settings\Kapibara\Desktop\Vba32ArkitLog_2010-10-4_12-50-6.html [2010-10-04 12:17:42 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\Kapibara\Desktop\HiJackThis.lnk [2010-10-04 11:56:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-10-04 11:56:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-10-04 11:56:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-10-04 11:56:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-10-04 11:56:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-10-04 10:27:14 | 000,350,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010-10-03 14:46:11 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010-09-29 22:39:13 | 000,000,775 | ---- | C] () -- D:\My Documents\ax_files.xml [2010-09-29 21:55:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-09-29 14:08:06 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-09-29 14:07:32 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EuroPlus+ Angielski z Cambridge.lnk [2010-09-21 19:12:31 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-09-21 19:12:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-09-21 19:12:29 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-09-21 19:12:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-09-21 19:12:28 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-09-19 15:09:36 | 000,462,395 | ---- | C] () -- D:\My Documents\madziadyplom.jpg [2010-08-12 12:26:02 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\FASTWiz.log [2010-07-07 19:05:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\PUTTY.RND [2010-05-23 23:03:23 | 000,000,163 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2010-05-23 23:02:34 | 000,000,365 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2010-05-01 21:50:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\FnF4.txt [2010-03-20 19:29:18 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-03-09 12:26:30 | 000,000,394 | ---- | C] () -- C:\Documents and Settings\Kapibara\Application Data\burnaware.ini [2010-02-25 13:36:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\prvlcl.dat [2010-02-10 12:54:52 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-07 18:12:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2010-02-06 13:22:56 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-02-05 17:10:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll [2010-02-05 16:56:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\QSwitch.txt [2010-02-05 16:56:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\DSwitch.txt [2010-02-05 16:56:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kapibara\Local Settings\Application Data\AtStart.txt [2009-10-20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010-10-04 13:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010-06-15 00:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath [2010-09-28 14:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EL [2010-09-29 15:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla [2010-02-09 15:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer [2010-05-14 09:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\stamina [2010-02-08 15:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010-06-10 23:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010-09-19 12:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\BatteryCare [2010-10-04 11:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\BitComet [2010-10-04 13:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\Canneverbe Limited [2010-02-09 20:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\ERS G-Studio [2010-03-17 14:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\Folder Guard [2010-09-28 12:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\foobar2000 [2010-02-06 13:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\Foxit [2010-02-05 18:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\Gadu-Gadu [2010-06-18 16:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\GetRightToGo [2010-09-29 14:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\InterTrust [2010-10-03 14:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\ipla [2010-02-19 16:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\Notepad++ [2010-02-09 15:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\PDF Writer [2010-10-04 10:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kapibara\Application Data\TweakNow RegCleaner [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AAB2E68 < End of report >