OTL logfile created on: 30.08.2012 11:02:13 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = K:\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 56,96% Memory free 6,70 Gb Paging File | 5,27 Gb Available in Paging File | 78,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 482,92 Gb Total Space | 173,46 Gb Free Space | 35,92% Space Free | Partition Type: NTFS Drive K: | 448,59 Gb Total Space | 180,41 Gb Free Space | 40,22% Space Free | Partition Type: NTFS Computer Name: IWONNA-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.08.30 10:59:54 | 000,598,528 | ---- | M] (OldTimer Tools) -- K:\Downloads\OTL.exe PRC - [2012.07.26 17:40:54 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.05.30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.05.18 18:54:28 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012.02.24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011.09.16 11:08:18 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe PRC - [2011.09.16 10:56:50 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe PRC - [2011.05.24 15:08:54 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.01.27 23:24:10 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe PRC - [2009.07.08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe PRC - [2009.07.07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009.07.07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.03.04 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.11.22 12:49:08 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe PRC - [2007.09.26 17:23:26 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.01.09 23:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2007.01.05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.07.26 17:40:53 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.24 15:08:53 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2009.07.13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll MOD - [2009.07.13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012.08.15 13:02:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.26 17:40:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.01.27 23:24:10 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.26 17:23:26 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 17:23:26 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Harmonogram automatycznej usługi LiveUpdate) SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.14 01:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc) SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2007.01.05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.08.07 10:56:58 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120829.003\NAVEX15.SYS -- (NAVEX15) DRV - [2012.08.07 10:56:55 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120829.003\NAVENG.SYS -- (NAVENG) DRV - [2012.08.01 02:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.08.01 02:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.01.27 23:26:55 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.01.24 13:27:44 | 000,641,024 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2011.01.08 04:40:10 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ids-diskless\20120824.001\IDSvix86.sys -- (IDSvix86) DRV - [2010.12.01 13:26:28 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2010.12.01 13:26:18 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2009.08.03 20:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV) DRV - [2009.08.03 20:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009.08.03 20:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW) DRV - [2009.08.03 20:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS) DRV - [2009.08.03 20:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009.08.03 20:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS) DRV - [2009.07.07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis) DRV - [2009.07.07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp) DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.12.01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.12.01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.12.01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.04.14 03:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=88c61911-97d8-4308-b562-6e2a0d57bb4a&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes,DefaultScope = {FEC8E82F-A996-4C47-B6BD-8D0349BAE1AA} IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=88c61911-97d8-4308-b562-6e2a0d57bb4a&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100471&mntrId=1842d4780000000000000022433a9e2a IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes\{787D21F0-5E0F-46C1-AFE4-86D507328125}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^PL&apn_ptnrs=^A9T&apn_uid=7812355040404069&p2=^A9T^YYYYYY^YY^PL&q={searchTerms} IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes\{CC48B2F7-9B96-440D-BAF1-77A20A6B32E4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYPL&apn_uid=cb0d89a4-6269-4985-9a77-d0bd390c5d96&apn_sauid=B5CBD477-4F0C-4545-A639-88344475436D IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\SearchScopes\{FEC8E82F-A996-4C47-B6BD-8D0349BAE1AA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3274435004-398758450-600149560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.2.5.2 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&apn_uid=cb0d89a4-6269-4985-9a77-d0bd390c5d96&apn_ptnrs=FV&apn_sauid=B5CBD477-4F0C-4545-A639-88344475436D&apn_dtid=YYYYYYYYPL&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.18 18:54:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.18 18:54:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.26 17:40:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.21 10:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.27 20:32:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.26 17:40:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.21 10:50:27 | 000,000,000 | ---D | M] [2011.01.30 22:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2008.07.31 02:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.17 11:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\9pw3cc1q.default\extensions [2012.06.04 22:53:03 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\9pw3cc1q.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012.08.16 17:20:18 | 000,002,571 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9pw3cc1q.default\searchplugins\askcom.xml [2012.05.07 19:20:45 | 000,001,800 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9pw3cc1q.default\searchplugins\funmoods.xml [2012.06.08 18:31:50 | 000,002,474 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9pw3cc1q.default\searchplugins\Web Search.xml [2010.03.18 19:58:49 | 000,001,196 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9pw3cc1q.default\searchplugins\winamp-search.xml [2012.06.05 00:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.31 00:48:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.07.26 17:40:54 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.18 18:54:32 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.08.12 05:51:25 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012.05.07 20:33:37 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ask.xml [2011.08.11 23:20:48 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.08.12 05:51:25 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011.08.12 05:51:25 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011.08.12 05:51:25 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011.08.12 05:51:25 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011.08.12 05:51:25 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\ CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-3274435004-398758450-600149560-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [GProton] %ALLUSERSPROFILE%\GProton.exe File not found O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UACEnableEntry] regedit.exe /s C:\Users\user\AppData\Local\Temp\\UAC_Enable.reg File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3274435004-398758450-600149560-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-3274435004-398758450-600149560-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-3274435004-398758450-600149560-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-3274435004-398758450-600149560-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-3274435004-398758450-600149560-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.34.50 212.76.34.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B5E3E72-20F0-43A4-93AC-68E3A6F1A587}: DhcpNameServer = 212.76.34.50 212.76.34.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F71C78F9-FC7A-435A-B28B-05D9BF1609C5}: DhcpNameServer = 212.76.34.50 212.76.34.49 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.07.16 18:28:44 | 000,247,360 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.08.30 10:38:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{61EDDC45-B058-4409-AB73-8D303F2A51D9} [2012.08.29 13:57:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9BC712C8-C27E-47D8-A72A-AE591ED987B5} [2012.08.28 12:12:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{49A25D62-5B9B-4F39-907A-682577E95437} [2012.08.27 23:09:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F864B519-0271-4146-A9ED-1875BC6DE321} [2012.08.27 10:52:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FE0BF4A6-0E02-48E7-B6A6-8AFE3EADD777} [2012.08.26 22:34:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2D249D69-8BC6-45A1-9718-172C8F205CB2} [2012.08.26 10:34:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1C8E689A-1D8E-4B79-ABCA-27DBD94673C4} [2012.08.24 23:25:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B71DD192-29C5-4777-B785-65D8B012189F} [2012.08.24 11:25:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{329AE32E-4EEE-49A4-B269-94FE040815EE} [2012.08.23 12:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.08.23 10:39:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4E769654-D32C-4FEC-934E-D701EF77A269} [2012.08.22 15:02:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{62E0E5C3-5F56-4847-AF57-218804394557} [2012.08.21 10:50:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.21 10:14:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{ECD840B2-6AA2-455F-A530-874C43FDAEC2} [2012.08.20 20:57:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E73B78CB-EAA4-49B6-B0B3-CB16F36B6423} [2012.08.20 08:57:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{29233D13-C66E-44A5-8319-958FEC796F9A} [2012.08.18 22:48:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6A1D8A05-64A9-46D9-B3A1-140C494F2A29} [2012.08.18 10:48:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0D700CA1-7673-4249-8C6E-4DEDD42B510C} [2012.08.17 21:31:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{176F985E-8EF8-4D9B-9DDC-5C169FB6B17A} [2012.08.17 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A87C09D0-D0A0-4A1E-9669-BAF3DEBF06D1} [2012.08.17 10:47:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2012.08.17 09:31:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{075BB7FD-5DA0-4AC9-A12F-943054E42BEF} [2012.08.17 09:31:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6791A668-47CA-48AF-B854-76AB35599C8A} [2012.08.16 16:38:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.16 16:38:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.16 16:38:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.16 16:38:33 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.16 16:38:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.16 16:38:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.16 16:38:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.16 16:38:01 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.16 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{EF660783-1EE5-462D-981F-C9D48C74342C} [2012.08.16 16:30:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7B5839B0-1870-4D76-B62E-E170B989EB60} [2012.08.15 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [2012.08.15 11:02:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CD46D63D-604E-49BB-9FF3-1BB3A855994D} [2012.08.15 11:02:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{075A8752-8DDD-40AC-A0EA-2622F6D9CCFE} [2012.08.14 23:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft [2012.08.14 12:01:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BB3CAF53-3121-4675-9195-AD49ABADBD1E} [2012.08.14 12:01:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{61316220-34E4-4E69-9662-B99244699DD2} [2012.08.13 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6010F39A-839B-41DC-8636-ACAB6022DA20} [2012.08.13 10:58:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6F4FA289-A5E9-465C-9000-BE3A28528D73} [2012.08.05 21:16:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E8A5127B-02FF-45C8-947D-B6BD3B07E601} [2012.08.05 21:16:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B5767302-DD68-4525-9537-D33FF9048776} [2012.08.04 19:05:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C819E6A3-930B-48D7-BE55-8E4470EBC33D} [2012.08.04 19:05:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0C08405B-3CBE-4CB9-AB50-326A993C0C29} [2012.08.03 09:08:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.08.03 09:05:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1F14D83F-74D5-4D31-BC8A-5D74D1F47920} [2012.08.03 09:05:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E2AD0A78-3223-49E6-9CB2-7A966797354D} [2012.08.02 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2F1A1B82-25C8-4106-AA6D-07FBC41490F8} [2012.08.02 13:24:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F075E486-863C-495B-845E-412A991CAE99} [2012.08.01 21:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\TSearch [2012.08.01 21:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\smartdl [2012.08.01 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D42E8428-3AEB-44E4-A895-4D2D8E22562E} [2012.08.01 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CC9AF959-EB8E-44D4-A9D7-951AE28D5B0A} [2012.07.31 21:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\e-Deklaracje [2012.07.31 15:16:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{16F35711-CD17-4CD6-8142-B77A26016A00} [2012.07.31 15:16:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{75D93475-4339-4642-9E18-A4B263BF143E} [2011.05.30 20:06:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.08.30 11:03:26 | 007,602,176 | -HS- | M] () -- C:\Users\user\NTUSER.DAT [2012.08.30 11:02:15 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 10:57:35 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 10:57:35 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 10:43:20 | 001,495,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012.08.30 10:43:20 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012.08.30 10:43:20 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.30 10:43:20 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012.08.30 10:43:20 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.30 10:37:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012.08.30 10:37:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 23:34:45 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.08.29 23:34:45 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.08.29 17:32:10 | 335,887,492 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.28 20:08:19 | 000,116,736 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.28 18:23:09 | 000,000,166 | ---- | M] () -- C:\Users\user\AppData\Roaming\default.rss [2012.08.27 23:26:19 | 004,214,792 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db [2012.08.21 10:50:28 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.08.20 22:00:39 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - user.job [2012.08.18 23:15:22 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.08.16 16:53:52 | 000,272,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.15 13:36:16 | 000,000,991 | ---- | M] () -- C:\Users\user\Desktop\Format Factory.lnk [2012.08.15 13:02:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.15 13:02:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.31 21:26:01 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\e-Deklaracje.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.08.15 13:36:16 | 000,000,991 | ---- | C] () -- C:\Users\user\Desktop\Format Factory.lnk [2012.08.03 09:08:31 | 335,887,492 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.07.01 17:07:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.06.26 21:26:52 | 000,031,007 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2012.05.18 23:16:34 | 004,214,792 | -H-- | C] () -- C:\Users\user\AppData\Local\IconCache.db [2012.05.08 18:12:14 | 042,705,238 | ---- | C] () -- C:\Program Files\FormatFactory.exe [2012.01.24 21:46:32 | 000,707,504 | ---- | C] () -- C:\Users\user\AppData\Local\unins000.exe [2012.01.24 21:46:32 | 000,011,761 | ---- | C] () -- C:\Users\user\AppData\Local\unins000.msg [2012.01.24 21:46:32 | 000,002,156 | ---- | C] () -- C:\Users\user\AppData\Local\unins000.dat [2012.01.06 19:49:42 | 000,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI [2012.01.06 19:41:43 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.06 16:09:52 | 000,000,184 | ---- | C] () -- C:\Windows\pdf2word.INI [2011.12.28 21:42:09 | 000,460,624 | ---- | C] () -- C:\Users\user\AppData\Local\promo.exe [2011.08.17 12:50:18 | 000,000,022 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll [2011.08.11 23:55:09 | 000,085,100 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.08.03 18:25:13 | 000,000,217 | ---- | C] () -- C:\Users\user\AppData\Roaming\burnaware.ini [2011.07.18 00:34:24 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Roaming\downloads.m3u [2011.07.11 20:57:50 | 000,000,272 | ---- | C] () -- C:\Users\user\AppData\Roaming\.backup.dm [2011.07.10 19:17:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat [2011.05.30 20:06:32 | 000,087,608 | ---- | C] () -- C:\Users\user\AppData\Roaming\inst.exe [2011.05.30 20:06:32 | 000,007,887 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat [2011.05.30 20:06:31 | 000,001,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf [2011.05.25 19:39:01 | 000,001,057 | ---- | C] () -- C:\Users\user\AppData\Roaming\vso_ts_preview.xml [2011.04.01 15:59:35 | 007,792,640 | RHS- | C] () -- C:\ProgramData\Readar_SL.exe [2011.02.25 22:52:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\lxeasm.dll [2011.02.25 22:51:55 | 000,024,576 | ---- | C] () -- C:\Windows\System32\lxeasmr.dll [2011.02.25 19:47:08 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi [2011.02.03 12:15:43 | 000,000,166 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.rss [2011.02.02 22:37:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.02.02 22:27:54 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.02.01 18:40:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.02.01 15:30:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.02.01 15:30:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.02.01 15:30:40 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2011.01.31 15:59:12 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2011.01.31 00:19:05 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2011.01.28 02:44:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.01.27 23:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini [2011.01.27 19:54:44 | 000,000,552 | ---- | C] () -- C:\Users\user\AppData\Local\d3d8caps.dat [2011.01.27 19:49:56 | 000,116,736 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.27 17:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.24 21:51:36 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2011.01.24 21:51:36 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2011.01.24 21:51:36 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2011.01.24 21:51:36 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2011.01.24 13:29:48 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.01.24 13:29:18 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2011.01.24 13:14:22 | 000,060,696 | ---- | C] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT [2011.01.24 13:14:05 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2011.01.24 13:14:04 | 000,000,020 | -HS- | C] () -- C:\Users\user\ntuser.ini [2011.01.24 13:14:03 | 007,602,176 | -HS- | C] () -- C:\Users\user\NTUSER.DAT [2011.01.24 13:14:03 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.01.24 13:14:03 | 000,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011.01.24 13:14:03 | 000,065,536 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [color=#E56717]========== LOP Check ==========[/color] [2011.08.03 18:18:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo [2011.08.11 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon [2011.05.30 18:55:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft [2011.02.01 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2011.03.06 17:39:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo [2012.01.22 18:15:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NapiProjekt [2011.05.30 21:56:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Notepad++ [2012.06.08 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy [2012.06.08 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\pdfforge [2011.06.10 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird [2012.08.24 23:40:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent [2012.01.06 17:23:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vso [2011.07.21 20:20:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinAVI [2012.08.29 23:34:49 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:242231A9 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B9D8E22 < End of report >