OTL logfile created on: 2013-03-24 17:20:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Artur.PRIVATE\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 79,90% Memory free 3,85 Gb Paging File | 3,62 Gb Available in Paging File | 94,19% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files Drive C: | 46,41 Gb Total Space | 4,43 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 1,61 Gb Free Space | 8,04% Space Free | Partition Type: NTFS Drive E: | 45,37 Gb Total Space | 0,68 Gb Free Space | 1,51% Space Free | Partition Type: NTFS Drive G: | 60,00 Gb Total Space | 1,66 Gb Free Space | 2,77% Space Free | Partition Type: NTFS Drive H: | 400,00 Gb Total Space | 0,91 Gb Free Space | 0,23% Space Free | Partition Type: NTFS Drive I: | 471,50 Gb Total Space | 1,66 Gb Free Space | 0,35% Space Free | Partition Type: NTFS Computer Name: PRIVATE | User Name: Artur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-03-24 16:32:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\OTL.exe PRC - [2013-03-05 23:32:40 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013-02-10 04:20:28 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013-02-04 21:49:54 | 002,033,912 | ---- | M] (UltraVNC) -- C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe PRC - [2008-04-14 20:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-02-10 04:20:28 | 001,564,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll MOD - [2013-02-10 04:20:28 | 000,357,224 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll MOD - [2011-02-28 23:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS.0\system32\Primomonnt.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013-03-13 17:10:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-03-05 23:32:40 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013-02-10 04:20:28 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-02-04 21:49:54 | 002,033,912 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe -- (uvnc_service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ARTUR~1.PRI\USTAWI~1\Temp\ugldapod.sys -- (ugldapod) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-12-19 06:41:55 | 000,128,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2012-06-27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012-06-19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2012-06-03 09:45:50 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS.0\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2012-01-09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012-01-09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-09-17 10:16:22 | 000,972,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\RTL8192cu.sys -- (RTL8192cu) DRV - [2010-04-08 19:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\nvgts.sys -- (nvgts) DRV - [2010-03-12 07:43:31 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\nvatabus.sys -- (nvatabus) DRV - [2010-03-04 11:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2010-03-04 11:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2010-02-11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-11-25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\Si3114r5.sys -- (Si3114r5) DRV - [2008-11-25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2008-11-25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\SiRemFil.sys -- (SiRemFil) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-746137067-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm IE - HKU\S-1-5-21-1614895754-746137067-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.oriflame.com/ IE - HKU\S-1-5-21-1614895754-746137067-1801674531-1003\..\SearchScopes,DefaultScope = {39384487-38A5-41E4-A4E4-7B82D2439B16} IE - HKU\S-1-5-21-1614895754-746137067-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1614895754-746137067-1801674531-1003\..\SearchScopes\{39384487-38A5-41E4-A4E4-7B82D2439B16}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKU\S-1-5-21-1614895754-746137067-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS.0\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: c:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2004-08-04 11:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKU\S-1-5-21-1614895754-746137067-1801674531-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1614895754-746137067-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1614895754-746137067-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361276964312 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361278970890 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7716AA1D-857F-4B7D-859C-E3575885CC22}: NameServer = 62.179.1.63,62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80030DD7-33F4-44AE-A923-E5AEAAC9DF94}: NameServer = 62.179.1.63,62.179.1.62 O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-12-12 12:40:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-03-24 17:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\PCHealth [2013-03-24 17:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\ApplicationHistory [2013-03-24 16:32:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\OTL.exe [2013-03-24 16:30:55 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\CSC [2013-03-23 21:50:52 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\URTTEMP [2013-03-13 21:14:48 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\usb8023x.sys [2013-03-13 21:08:25 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\TFC.exe [2013-03-11 16:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\Podatnik.info [2013-03-11 16:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Menu Start\Programy\PIT pro 2012 [2013-03-10 14:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\Mozilla [2013-03-07 23:08:15 | 012,338,481 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\wtw-setup-all.exe [2013-03-05 23:32:48 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.0\System32\javaws.exe [2013-03-05 23:32:48 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.0\System32\javacpl.cpl [2013-03-05 23:32:44 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.0\System32\javaw.exe [2013-03-05 23:32:44 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.0\System32\java.exe [2013-03-05 23:32:44 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.0\System32\WindowsAccessBridge.dll [2013-03-04 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\Watchtower [2013-02-27 20:42:11 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Artur.PRIVATE\Moje dokumenty\winmine.exe [2013-02-25 18:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\MetaGeek,_LLC [2013-02-25 18:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek [2013-02-25 18:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Menu Start\Programy\MetaGeek [2013-02-25 16:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-02-22 18:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\Adobe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-03-24 17:10:15 | 000,000,934 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job [2013-03-24 17:04:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl [2013-03-24 17:04:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT [2013-03-24 17:04:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat [2013-03-24 17:03:48 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\Artur.PRIVATE\NTUSER.DAT [2013-03-24 17:03:48 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Artur.PRIVATE\ntuser.ini [2013-03-24 17:03:45 | 003,233,454 | -H-- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\IconCache.db [2013-03-24 17:03:38 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2013-03-24 17:00:03 | 000,218,975 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\1364140764.bdinstall.bin [2013-03-24 16:38:04 | 000,003,280 | ---- | M] () -- C:\WINDOWS.0\System32\nvAppTimestamps [2013-03-24 16:33:16 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\wlewgnx4.exe [2013-03-24 16:32:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\OTL.exe [2013-03-24 10:43:37 | 001,213,970 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI [2013-03-24 10:43:37 | 000,541,908 | ---- | M] () -- C:\WINDOWS.0\System32\perfh015.dat [2013-03-24 10:43:37 | 000,481,358 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat [2013-03-24 10:43:37 | 000,099,268 | ---- | M] () -- C:\WINDOWS.0\System32\perfc015.dat [2013-03-24 10:43:37 | 000,079,814 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat [2013-03-23 21:52:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS.0\imsins.BAK [2013-03-23 18:56:12 | 001,038,879 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\4021203A.pdf [2013-03-20 08:46:22 | 000,896,079 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\ALEKSANDRA_LOC_PIT-37_ORD-ZU_d1e878809f5471953c893b1f1b79743f.pdf [2013-03-19 12:28:55 | 000,092,603 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\19_03_2013.adr [2013-03-19 00:26:28 | 1992,294,400 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\Boy.1080p.part4.rar [2013-03-19 00:06:19 | 435,926,740 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\Boy.1080p.part5.rar [2013-03-17 17:25:07 | 000,091,214 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\https___www.upc.pdf [2013-03-17 11:23:58 | 2343,914,895 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\c.s01e01.720p.bluray.x264-rovers.mkv [2013-03-15 11:23:26 | 000,215,095 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Moje dokumenty\jakwybracantene-poradnik.pdf [2013-03-14 20:55:11 | 059,113,491 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\Kabaret Moralnego Niepokoju - Wielka Gra (PEŁNA DOBRA KOPIA).flv [2013-03-13 21:08:25 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\TFC.exe [2013-03-13 17:10:11 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerApp.exe [2013-03-13 17:10:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerCPLApp.cpl [2013-03-09 18:04:09 | 001,079,188 | ---- | M] () -- C:\WINDOWS.0\System32\nvdrsdb0.bin [2013-03-09 18:04:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS.0\System32\nvdrssel.bin [2013-03-09 15:46:22 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Moje dokumenty\Default.rdp [2013-03-07 23:08:18 | 012,338,481 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\wtw-setup-all.exe [2013-03-06 11:02:10 | 000,000,387 | ---- | M] () -- C:\WINDOWS.0\System32\checkdnsid.xml [2013-03-05 23:32:40 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.0\System32\npDeployJava1.dll [2013-03-05 23:32:40 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.0\System32\deployJava1.dll [2013-03-05 23:32:40 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.0\System32\javaws.exe [2013-03-05 23:32:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.0\System32\javaw.exe [2013-03-05 23:32:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.0\System32\java.exe [2013-03-05 23:32:40 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.0\System32\javacpl.cpl [2013-03-05 23:32:40 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.0\System32\WindowsAccessBridge.dll [2013-03-05 23:26:55 | 010,049,794 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\yp2_P.pdf [2013-03-02 11:25:23 | 000,208,896 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT [2013-03-01 22:04:21 | 000,050,280 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2013-03-01 03:27:54 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\mshtml.dll [2013-02-25 16:42:51 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-03-24 17:00:03 | 000,218,975 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\1364140764.bdinstall.bin [2013-03-24 16:33:16 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\wlewgnx4.exe [2013-03-23 18:56:12 | 001,038,879 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\4021203A.pdf [2013-03-19 12:28:55 | 000,092,603 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\19_03_2013.adr [2013-03-18 23:59:19 | 435,926,740 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\Boy.1080p.part5.rar [2013-03-18 23:59:13 | 1992,294,400 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\Boy.1080p.part4.rar [2013-03-17 20:05:12 | 2343,914,895 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\c.s01e01.720p.bluray.x264-rovers.mkv [2013-03-17 17:25:07 | 000,091,214 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\https___www.upc.pdf [2013-03-15 11:23:26 | 000,215,095 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Moje dokumenty\jakwybracantene-poradnik.pdf [2013-03-14 20:48:22 | 059,113,491 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\Kabaret Moralnego Niepokoju - Wielka Gra (PEŁNA DOBRA KOPIA).flv [2013-03-09 15:46:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Moje dokumenty\Default.rdp [2013-03-05 23:26:52 | 010,049,794 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Pulpit\yp2_P.pdf [2013-02-27 16:59:32 | 018,818,880 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Moje dokumenty\12xs.rtf [2013-02-27 16:59:26 | 004,130,849 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Moje dokumenty\12xs.pdf [2013-02-25 15:44:20 | 000,000,387 | ---- | C] () -- C:\WINDOWS.0\System32\checkdnsid.xml [2013-02-19 17:16:45 | 000,005,504 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\StarOpen.sys [2013-02-19 17:07:38 | 000,180,624 | ---- | C] () -- C:\WINDOWS.0\System32\Primomonnt.dll [2013-02-19 16:57:06 | 000,025,548 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\RTAIODAT.DAT [2013-02-19 14:44:01 | 000,112,640 | ---- | C] () -- C:\WINDOWS.0\System32\ff_vfw.dll [2013-02-19 14:44:01 | 000,000,714 | ---- | C] () -- C:\WINDOWS.0\System32\ff_vfw.dll.manifest [2013-02-19 14:36:48 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db [2013-02-19 14:36:48 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\recently-used.xbel [2013-02-19 14:36:47 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-02-19 14:36:47 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2013-02-19 13:58:51 | 000,050,280 | ---- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2013-02-19 13:56:37 | 002,287,232 | ---- | C] () -- C:\WINDOWS.0\System32\nvdata.data [2013-02-19 13:51:27 | 001,213,970 | ---- | C] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI [2013-02-19 13:51:26 | 000,004,381 | ---- | C] () -- C:\WINDOWS.0\ODBCINST.INI [2013-02-19 13:50:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT [2013-02-19 13:33:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll [2013-02-19 13:13:56 | 000,488,382 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\1361275836.bdinstall.bin [2013-02-19 13:08:30 | 003,233,454 | -H-- | C] () -- C:\Documents and Settings\Artur.PRIVATE\Ustawienia lokalne\Dane aplikacji\IconCache.db [2013-02-19 13:06:14 | 000,010,084 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\nvphy.bin [2013-02-19 13:06:12 | 001,079,188 | ---- | C] () -- C:\WINDOWS.0\System32\nvdrsdb1.bin [2013-02-19 13:06:12 | 001,079,188 | ---- | C] () -- C:\WINDOWS.0\System32\nvdrsdb0.bin [2013-02-19 13:06:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS.0\System32\nvdrssel.bin [2013-02-19 13:03:43 | 002,621,440 | -H-- | C] () -- C:\Documents and Settings\Artur.PRIVATE\NTUSER.DAT [2013-02-19 13:03:43 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Artur.PRIVATE\ntuser.ini [2013-02-19 12:57:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS.0\bootstat.dat [2013-02-19 12:56:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\control.ini [2013-02-19 12:55:37 | 000,000,488 | RH-- | C] () -- C:\WINDOWS.0\System32\logonui.exe.manifest [2013-02-19 12:55:34 | 000,000,749 | RH-- | C] () -- C:\WINDOWS.0\System32\cdplayer.exe.manifest [2013-02-19 12:54:44 | 000,021,856 | ---- | C] () -- C:\WINDOWS.0\System32\emptyregdb.dat [2013-02-19 12:54:43 | 000,000,037 | ---- | C] () -- C:\WINDOWS.0\vbaddin.ini [2013-02-19 12:54:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS.0\vb.ini [2013-02-19 12:54:27 | 000,026,717 | ---- | C] () -- C:\WINDOWS.0\System32\tslabels.ini [2013-02-19 12:54:27 | 000,003,813 | ---- | C] () -- C:\WINDOWS.0\System32\msdtcprf.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2013-02-19 17:04:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS.0\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012-12-27 11:31:51 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS.0\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS.0\system32\wbem\wbemess.dll -- [2008-04-14 20:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-02-09 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BDLogging [2013-02-09 18:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bitdefender [2012-12-12 23:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2013-02-09 18:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\F-Secure [2013-02-10 21:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2012-12-13 11:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache [2012-12-15 22:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Panda Security [2012-12-13 11:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2013-02-19 13:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\BDLogging [2013-02-19 17:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Canneverbe Limited [2013-02-19 21:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Installations [2013-02-19 17:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Panda Security [2013-02-19 17:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\PC Suite [2013-02-18 13:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\(null) [2013-02-09 19:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\Bitdefender [2012-12-12 23:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\Canneverbe Limited [2013-02-13 11:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\IVONA ControlCenter [2013-02-13 11:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\IVONA Reader [2012-12-29 16:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\mkvtoolnix [2013-02-10 20:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\Nokia [2012-12-12 22:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\Opera [2012-12-13 11:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\PC Suite [2013-02-11 22:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\Podatnik.info [2013-01-28 18:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\PrimoPDF [2013-02-09 18:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\QuickScan [2013-02-14 16:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\uTorrent [2012-12-14 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\Watchtower [2012-12-25 20:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Dane aplikacji\YesShield [2013-02-19 17:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\Canneverbe Limited [2013-02-19 21:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\Nokia [2013-02-19 14:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\Opera [2013-03-11 16:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\Podatnik.info [2013-02-19 13:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\QuickScan [2013-03-04 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur.PRIVATE\Dane aplikacji\Watchtower [2013-02-09 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\QuickScan [color=#E56717]========== Purity Check ==========[/color] < End of report >