Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014 01 Ran by Krysia (administrator) on KRYSTYNA on 09-08-2014 17:49:09 Running from D:\Pobieraczkujemy Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (HP) C:\WINDOWS\system32\HPSIsvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (OldTimer Tools) D:\Pobieraczkujemy\OTL.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,,C:\Program Files\lasykjvx\tdklujfl.exe HKU\S-1-5-21-789336058-57989841-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-789336058-57989841-1417001333-1003\...\MountPoints2: {db8efbbc-09ed-11e4-b242-b1ab76518f6e} - G:\SISetup.exe Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\mcserver.lnk ShortcutTarget: mcserver.lnk -> C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE) Startup: C:\Documents and Settings\Krysia\Menu Start\Programy\Autostart\tdklujfl.exe () Startup: C:\Documents and Settings\Krysia\Menu Start\Programy\Autostart\Watch.lnk ShortcutTarget: Watch.lnk -> C:\WINDOWS\twain_32\A4CIS600\WATCH.exe (Common Group) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180&d=20140603 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180&d=20140603 BHO: CouponDownloader -> {c817d3d8-b9da-521d-971d-2c0a747ea697} -> C:\Program Files\C78087A8-C960-4464-A618-3D351DF6C0D7\gohymlmtrh.dll No File BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Tcpip\..\Interfaces\{B4866D93-84BD-4078-B65E-128D24D92976}: [NameServer]213.158.199.1 213.158.199.5 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Krysia\Dane aplikacji\Mozilla\Firefox\Profiles\1uv1qt12.default FF DefaultSearchEngine: Search FF Homepage: https://www.google.pl/?gws_rd=ssl FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF user.js: detected! => C:\Documents and Settings\Krysia\Dane aplikacji\Mozilla\Firefox\Profiles\1uv1qt12.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Site Matcher - C:\Documents and Settings\Krysia\Dane aplikacji\Mozilla\Firefox\Profiles\1uv1qt12.default\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-08-06] FF Extension: BrotherSoft Extreme Community Toolbar - C:\Documents and Settings\Krysia\Dane aplikacji\Mozilla\Firefox\Profiles\1uv1qt12.default\Extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}(2) [2014-04-12] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-08-01] FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2014-04-12] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 CouponDownloaderService; C:\Program Files\C78087A8-C960-4464-A618-3D351DF6C0D7\eexvlcbkbu.exe [X] S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] S2 rqpbhevlkc32; C:\Program Files\004\rqpbhevlkc32.exe run options=01100010040000000000000000000000 sourceguid=C78087A8-C960-4464-A618-3D351DF6C0D7 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 BMLoad; C:\WINDOWS\System32\drivers\BMLoad.sys [13184 2009-12-15] (Bytemobile, Inc.) [File not signed] R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [821760 2004-08-23] (C-Media Inc) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation) R1 netfilter; C:\WINDOWS\System32\drivers\netfilter.sys [47488 2014-07-25] (NetFilterSDK.com) [File not signed] R3 SFC4; C:\WINDOWS\System32\drivers\SFC4.sys [41472 1998-09-16] () [File not signed] R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed] R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.) R3 zte_cdc_acm; C:\WINDOWS\System32\DRIVERS\zte_cdc_acm.sys [67968 2011-08-10] (ZTE) S3 zte_cpo; C:\WINDOWS\System32\DRIVERS\zte_cpo.sys [9984 2011-08-10] (ZTE) S4 IntelIde; No ImagePath U1 WS2IFSL; U3 fxldqpoc; \??\C:\DOCUME~1\Krysia\USTAWI~1\Temp\fxldqpoc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 17:48 - 2014-08-09 17:49 - 00000000 ____D () C:\FRST 2014-08-09 17:38 - 2014-08-09 17:38 - 00000000 ____D () C:\Program Files\lasykjvx 2014-08-06 10:24 - 2014-08-06 10:24 - 00000000 ____D () C:\Documents and Settings\Krysia\Dane aplikacji\WinRAR 2014-08-06 10:23 - 2014-08-06 10:23 - 00000000 ____D () C:\Documents and Settings\Krysia\Menu Start\Programy\WinRAR 2014-08-06 10:23 - 2014-08-06 10:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\WinRAR 2014-08-06 09:00 - 2014-08-06 15:12 - 00000000 ____D () C:\Documents and Settings\Krysia\Dane aplikacji\FLV and Media Player 2014-08-06 08:59 - 2014-08-06 08:59 - 00000549 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\FLV and Media Player.lnk 2014-08-06 08:59 - 2014-08-06 08:59 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Applian Technologies 2014-08-06 08:57 - 2014-08-06 08:57 - 23750568 _____ () C:\Documents and Settings\Krysia\Moje dokumenty\FLVPlayerInstall.exe 2014-08-06 08:55 - 2014-08-06 08:55 - 00000000 ____D () C:\Documents and Settings\Krysia\Dane aplikacji\SimilarAddon 2014-08-06 08:49 - 2014-08-06 09:05 - 00025027 _____ () C:\WINDOWS\svcpack.log 2014-08-06 08:49 - 2014-08-06 08:49 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak 2014-08-06 08:38 - 2014-08-06 08:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\IsoBuster 2014-08-01 10:50 - 2014-08-01 10:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-31 12:29 - 2014-07-31 12:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini073114-01.dmp 2014-07-25 16:03 - 2014-07-25 16:03 - 00047488 _____ (NetFilterSDK.com) C:\WINDOWS\system32\Drivers\netfilter.sys 2014-07-21 11:30 - 2014-07-22 11:54 - 00000000 ____D () C:\Documents and Settings\Krysia\Pulpit\104_PANA 2014-07-21 11:16 - 2014-07-22 11:58 - 00000000 ____D () C:\Documents and Settings\Krysia\Pulpit\103_PANA 2014-07-12 20:19 - 2014-07-12 20:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\HP 2014-07-12 20:19 - 2010-04-29 19:11 - 00099896 _____ (HP) C:\WINDOWS\system32\HPSIsvc.exe 2014-07-12 20:18 - 2014-07-12 20:18 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_mvusbews_01007.Wdf 2014-07-12 20:18 - 2010-04-28 17:49 - 01112288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2014-07-12 20:18 - 2010-04-28 17:49 - 00167936 _____ () C:\WINDOWS\system32\m1130wia.dll 2014-07-12 20:18 - 2010-04-28 17:49 - 00081920 _____ () C:\WINDOWS\system32\mvusbews.dll 2014-07-12 20:18 - 2010-04-28 17:49 - 00049152 _____ () C:\WINDOWS\system32\HPM1210SMs.dll 2014-07-12 20:18 - 2010-04-28 17:49 - 00017408 _____ (Marvell Semiconductor, Inc.) C:\WINDOWS\system32\Drivers\mvusbews.sys 2014-07-12 20:18 - 2010-03-31 11:50 - 01167360 _____ () C:\WINDOWS\system32\HPM1210SM.exe 2014-07-12 20:18 - 2010-03-31 11:50 - 00167936 _____ () C:\WINDOWS\system32\HPM1210LM.DLL 2014-07-12 20:18 - 2008-12-22 05:02 - 02219152 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Ltwvc15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00482448 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltkrn15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00445584 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltimgsfx15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00302224 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltimgcor15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00257168 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltefx15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00216208 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltimgefx15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00212112 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltimgclr15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00150672 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltfil15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00117904 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Lttwn15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00117904 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Ltimgutl15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00105616 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltpnt15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00068752 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltpdg15u.dll 2014-07-12 20:18 - 2008-12-22 05:02 - 00038032 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltimgopt15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 01711248 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltclr15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 01035408 _____ (The OpenSSL Project) C:\WINDOWS\system32\ltcry15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 00646288 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Ltdlgfile15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 00384144 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Lfcmp15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 00261264 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\LTDIS15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 00232592 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Ltdlgkrn15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 00146576 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Lftif15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 00097424 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Lffax15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 00064656 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\LTCON15u.dll 2014-07-12 20:18 - 2008-12-22 05:01 - 00024720 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Lfbmp15u.dll 2014-07-12 20:17 - 2014-07-12 20:17 - 00000000 ____D () C:\Program Files\HP 2014-07-12 20:17 - 2010-04-28 00:50 - 00316416 ____R (Microsoft Corporation) C:\WINDOWS\system32\Difxapi.dll 2014-07-12 20:17 - 2010-03-31 19:49 - 00284672 _____ () C:\WINDOWS\system32\mvhlewsi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 17:49 - 2014-08-09 17:48 - 00000000 ____D () C:\FRST 2014-08-09 17:49 - 2014-04-12 14:46 - 00000024 _____ () C:\Documents and Settings\Krysia\uhndvlkk.log 2014-08-09 17:49 - 2014-04-12 14:23 - 00000000 ____D () C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp 2014-08-09 17:38 - 2014-08-09 17:38 - 00000000 ____D () C:\Program Files\lasykjvx 2014-08-09 17:38 - 2014-04-12 16:57 - 00104807 _____ () C:\WINDOWS\Explorermgr.exe 2014-08-09 17:27 - 2014-04-13 21:59 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-09 17:25 - 2014-04-12 16:07 - 00000211 _____ () C:\WINDOWS\wiadebug.log 2014-08-09 17:25 - 2014-04-12 16:07 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-08-09 17:17 - 2014-04-12 14:23 - 00000000 ____D () C:\Documents and Settings\Krysia\Pulpit 2014-08-09 17:10 - 2007-12-09 20:37 - 00000000 ____D () C:\Program Files\Outlook Express 2014-08-09 09:56 - 2014-04-12 14:15 - 01973186 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-09 09:54 - 2014-04-13 09:50 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-08-09 09:54 - 2014-04-12 22:32 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job 2014-08-09 09:54 - 2014-04-12 14:21 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-09 09:54 - 2005-02-24 17:32 - 00021828 _____ () C:\WINDOWS\system32\nvapps.xml 2014-08-08 21:38 - 2014-04-12 14:23 - 00000188 ___SH () C:\Documents and Settings\Krysia\ntuser.ini 2014-08-08 21:38 - 2014-04-12 14:21 - 00032354 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-08 15:00 - 2014-04-13 09:50 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-08-08 08:19 - 2014-04-12 16:02 - 00469819 _____ () C:\WINDOWS\setupapi.log 2014-08-06 15:12 - 2014-08-06 09:00 - 00000000 ____D () C:\Documents and Settings\Krysia\Dane aplikacji\FLV and Media Player 2014-08-06 10:41 - 2014-04-12 16:02 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-08-06 10:41 - 2012-02-02 20:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-08-06 10:41 - 2009-02-13 15:23 - 00000000 ____D () C:\Program Files\EPSON 2014-08-06 10:41 - 2008-09-15 14:17 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-08-06 10:40 - 2014-04-12 14:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\EPSON PhotoQuicker 2014-08-06 10:24 - 2014-08-06 10:24 - 00000000 ____D () C:\Documents and Settings\Krysia\Dane aplikacji\WinRAR 2014-08-06 10:24 - 2014-04-12 14:23 - 00000000 __RHD () C:\Documents and Settings\Krysia\Dane aplikacji 2014-08-06 10:23 - 2014-08-06 10:23 - 00000000 ____D () C:\Documents and Settings\Krysia\Menu Start\Programy\WinRAR 2014-08-06 10:23 - 2014-08-06 10:23 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\WinRAR 2014-08-06 10:23 - 2014-04-12 14:23 - 00000000 ___RD () C:\Documents and Settings\Krysia\Menu Start\Programy 2014-08-06 10:23 - 2009-02-18 16:31 - 00000000 ____D () C:\Program Files\WinRAR 2014-08-06 10:11 - 2007-12-09 20:36 - 00000000 ____D () C:\WINDOWS\Registration 2014-08-06 09:05 - 2014-08-06 08:49 - 00025027 _____ () C:\WINDOWS\svcpack.log 2014-08-06 08:59 - 2014-08-06 08:59 - 00000549 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\FLV and Media Player.lnk 2014-08-06 08:59 - 2014-08-06 08:59 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Applian Technologies 2014-08-06 08:59 - 2014-04-12 16:02 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Pulpit 2014-08-06 08:57 - 2014-08-06 08:57 - 23750568 _____ () C:\Documents and Settings\Krysia\Moje dokumenty\FLVPlayerInstall.exe 2014-08-06 08:57 - 2014-04-12 14:23 - 00000000 ___RD () C:\Documents and Settings\Krysia\Moje dokumenty 2014-08-06 08:55 - 2014-08-06 08:55 - 00000000 ____D () C:\Documents and Settings\Krysia\Dane aplikacji\SimilarAddon 2014-08-06 08:49 - 2014-08-06 08:49 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak 2014-08-06 08:38 - 2014-08-06 08:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\IsoBuster 2014-08-05 19:29 - 2014-04-12 16:00 - 00000463 _____ () C:\WINDOWS\system\CmiCnfg.ini 2014-08-03 11:01 - 2001-07-22 01:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-01 10:50 - 2014-08-01 10:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-31 12:29 - 2014-07-31 12:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini073114-01.dmp 2014-07-25 16:03 - 2014-07-25 16:03 - 00047488 _____ (NetFilterSDK.com) C:\WINDOWS\system32\Drivers\netfilter.sys 2014-07-22 11:58 - 2014-07-21 11:16 - 00000000 ____D () C:\Documents and Settings\Krysia\Pulpit\103_PANA 2014-07-22 11:54 - 2014-07-21 11:30 - 00000000 ____D () C:\Documents and Settings\Krysia\Pulpit\104_PANA 2014-07-21 11:15 - 2014-04-12 14:50 - 00016896 _____ () C:\Documents and Settings\Krysia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-12 20:19 - 2014-07-12 20:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\HP 2014-07-12 20:18 - 2014-07-12 20:18 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_mvusbews_01007.Wdf 2014-07-12 20:18 - 2014-04-12 16:02 - 00172862 _____ () C:\WINDOWS\setupact.log 2014-07-12 20:17 - 2014-07-12 20:17 - 00000000 ____D () C:\Program Files\HP 2014-07-12 15:39 - 2007-12-09 20:37 - 00000000 ____D () C:\Program Files\Movie Maker 2014-07-10 10:17 - 2013-07-22 11:21 - 00000000 ____D () C:\WINDOWS\system32\MRT Files to move or delete: ==================== C:\Documents and Settings\directx\DSETUP.dll C:\Documents and Settings\directx\dsetup32.dll C:\Documents and Settings\directx\DXSETUP.exe Some content of TEMP: ==================== C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\AUTORUN.EXE C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\Checkupdate.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\DownloadSetup__2299_i1133009387_il1.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\Foxit Reader Updater.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\fp_pl_pfs_installer.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\gcapi_dll.dll C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\gtapi_signed.dll C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\nspBE.tmp.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\removedirectory.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\siinst.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\StopService.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\strings.dll C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\vsexplore.exe C:\Documents and Settings\Krysia\Ustawienia lokalne\Temp\WINDOWSXP-KB936929-SP3-X86-PLK.EXE ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================