Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01 Ran by Grzegorz (administrator) on GOMAK-027C74590 on 27-01-2015 19:45:33 Running from C:\Documents and Settings\Grzegorz\Pulpit Loaded Profiles: Grzegorz (Available profiles: Grzegorz) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Glarysoft Ltd) C:\Program Files\Glary Utilities 4\Integrator.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\instalki\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\instalki\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\instalki\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\instalki\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\instalki\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BootExecute: autocheck autochk * BootDefrag.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1123561945-1580818891-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1123561945-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1123561945-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1 URLSearchHook: HKU\S-1-5-21-1123561945-1580818891-725345543-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-1123561945-1580818891-725345543-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1123561945-1580818891-725345543-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXSP2504C_S09QJ1GL847288&ts=1421744264&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123561945-1580818891-725345543-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXSP2504C_S09QJ1GL847288&ts=1421744264&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123561945-1580818891-725345543-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXSP2504C_S09QJ1GL847288&ts=1421744264&type=default&q={searchTerms} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\instalki\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\instalki\office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 217.113.224.134 217.113.224.35 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Grzegorz\Dane aplikacji\Mozilla\Firefox\Profiles\3grg2w5s.default-1421778185078 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-24] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-08-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-19] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Profile: C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Foxtab Speed Dial) - C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm [2013-12-03] CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\DOCUME~1\Grzegorz\USTAWI~1\DANEAP~1\foxtab_speeddial.crx [2013-11-11] CHR HKU\S-1-5-21-1123561945-1580818891-725345543-1004\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\DOCUME~1\Grzegorz\USTAWI~1\DANEAP~1\foxtab_speeddial.crx [2013-11-11] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] () S3 Microsoft Office Groove Audit Service; D:\instalki\office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed] R2 Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-20] (Enigma Software Group USA, LLC.) R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [86016 2006-05-26] (SigmaTel, Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-01-20] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-01-20] () S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 sfng32; C:\WINDOWS\System32\drivers\sfng32.sys [41728 2005-12-03] (Sonic Focus, Inc) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1177032 2006-05-26] (SigmaTel, Inc.) S3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1965872 2006-06-30] (Microsoft Corporation) S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X] S3 catchme; \??\C:\DOCUME~1\Grzegorz\USTAWI~1\Temp\catchme.sys [X] U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.) S4 IntelIde; No ImagePath R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; No ImagePath U3 kwwdqfog; \??\C:\DOCUME~1\Grzegorz\USTAWI~1\Temp\kwwdqfog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 19:45 - 2015-01-27 19:45 - 00016060 _____ () C:\Documents and Settings\Grzegorz\Pulpit\FRST.txt 2015-01-27 19:43 - 2015-01-27 19:45 - 00000000 ____D () C:\FRST 2015-01-27 19:33 - 2015-01-27 19:33 - 00004696 _____ () C:\Documents and Settings\Grzegorz\Pulpit\GMER.txt 2015-01-27 17:20 - 2015-01-27 17:20 - 00380416 _____ () C:\Documents and Settings\Grzegorz\Pulpit\33mkb8o1.exe 2015-01-27 17:18 - 2015-01-27 17:18 - 01120768 _____ (Farbar) C:\Documents and Settings\Grzegorz\Pulpit\FRST.exe 2015-01-24 10:01 - 2015-01-24 10:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-20 19:23 - 2015-01-20 19:23 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Pulpit\Stare dane programu Firefox 2015-01-20 18:18 - 2015-01-20 18:18 - 00000000 ____D () C:\sh4ldr 2015-01-20 18:18 - 2015-01-20 18:18 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Dane aplikacji\Enigma Software Group 2015-01-20 18:17 - 2015-01-20 18:17 - 00019984 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys 2015-01-20 18:17 - 2015-01-20 18:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-20 16:58 - 2015-01-20 16:58 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2015-01-20 16:40 - 2015-01-20 16:40 - 00014705 _____ () C:\ComboFix.txt 2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp 2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Documents and Settings\Default User\Ustawienia lokalne\temp 2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\temp 2015-01-20 16:10 - 2015-01-20 16:40 - 00000000 ____D () C:\Qoobox 2015-01-20 16:10 - 2015-01-20 16:39 - 00000000 ____D () C:\WINDOWS\erdnt 2015-01-20 16:10 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2015-01-20 16:10 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2015-01-20 16:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2015-01-20 16:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2015-01-20 16:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2015-01-20 16:10 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2015-01-20 16:10 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2015-01-20 16:10 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2015-01-20 16:10 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2015-01-20 09:59 - 2015-01-20 10:11 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Opera Software 2015-01-20 09:59 - 2015-01-20 10:11 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Dane aplikacji\Opera Software 2015-01-20 09:56 - 2015-01-20 16:38 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-01-20 09:55 - 2015-01-23 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\FlvPlayer 2015-01-19 15:37 - 2015-01-19 15:37 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Pulpit\ml 2015-01-19 15:26 - 2015-01-19 15:27 - 00112640 ___SH () C:\Documents and Settings\Grzegorz\Moje dokumenty\Thumbs.db ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 19:45 - 2013-05-10 00:12 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Pulpit 2015-01-27 19:45 - 2011-01-20 16:24 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Temp 2015-01-27 19:37 - 2014-05-20 17:27 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobrane 2015-01-27 17:22 - 2011-01-20 17:07 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-01-27 17:22 - 2011-01-20 16:15 - 01850215 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-27 17:15 - 2011-01-20 17:10 - 00000211 _____ () C:\WINDOWS\wiadebug.log 2015-01-27 15:56 - 2014-04-02 14:50 - 02179927 _____ () C:\WINDOWS\system32\RegFile3.txt 2015-01-27 15:53 - 2014-04-02 14:42 - 00000324 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job 2015-01-27 15:53 - 2014-04-02 14:42 - 00000000 ____D () C:\Program Files\Glary Utilities 4 2015-01-27 15:53 - 2011-01-20 16:24 - 00000000 ___HD () C:\Documents and Settings\Grzegorz\Szablony 2015-01-27 15:52 - 2014-03-21 21:25 - 00000228 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-01-27 15:52 - 2011-01-20 17:10 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-01-27 15:52 - 2011-01-20 16:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-27 14:21 - 2011-01-20 16:24 - 00000188 ___SH () C:\Documents and Settings\Grzegorz\ntuser.ini 2015-01-27 14:21 - 2011-01-20 16:23 - 00032530 _____ () C:\WINDOWS\SchedLgU.Txt 2015-01-26 19:12 - 2013-01-12 13:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2015-01-26 18:57 - 2011-04-13 07:17 - 00000000 ___SD () C:\Documents and Settings\Grzegorz\UserData 2015-01-26 18:57 - 2011-01-20 16:24 - 00000000 ____D () C:\Documents and Settings\Grzegorz 2015-01-25 10:19 - 2006-03-02 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-01-25 10:18 - 2014-04-02 14:42 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Dane aplikacji\DiskDefrag 2015-01-25 04:20 - 2011-01-20 22:19 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Dane aplikacji\Skype 2015-01-24 22:51 - 2014-04-26 10:43 - 00002267 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2015-01-23 09:58 - 2011-01-20 17:07 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-01-23 09:58 - 2011-01-20 16:24 - 00000000 ___HD () C:\Documents and Settings\Grzegorz\Dane aplikacji 2015-01-22 00:54 - 2011-01-20 16:21 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-01-21 19:07 - 2011-01-21 00:02 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Dane aplikacji\Gadu-Gadu 10 2015-01-20 18:35 - 2011-01-20 16:24 - 00001599 _____ () C:\Documents and Settings\Grzegorz\Menu Start\Programy\Pomoc zdalna.lnk 2015-01-20 18:30 - 2011-01-20 16:17 - 00001599 ____C () C:\Documents and Settings\Default User\Menu Start\Programy\Pomoc zdalna.lnk 2015-01-20 18:30 - 2011-01-20 16:17 - 00001507 _____ () C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk 2015-01-20 18:29 - 2011-01-20 16:17 - 00001563 _____ () C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2015-01-20 17:17 - 2011-01-20 16:59 - 00000000 ____D () C:\WINDOWS\twain_32 2015-01-20 17:15 - 2014-02-11 00:04 - 00000000 ____D () C:\Documents and Settings\NetworkService\Dane aplikacji\FoxTab 2015-01-20 17:15 - 2013-11-11 19:04 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Dane aplikacji\FoxTab 2015-01-20 17:15 - 2011-01-20 17:06 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-01-20 17:15 - 2011-01-20 16:24 - 00000000 ___HD () C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji 2015-01-20 16:40 - 2012-12-11 01:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne 2015-01-20 16:40 - 2011-01-20 17:07 - 00000000 __RHD () C:\Documents and Settings\Default User\Ustawienia lokalne 2015-01-20 16:40 - 2011-01-20 16:21 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne 2015-01-20 16:38 - 2011-01-20 16:23 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-01-20 16:38 - 2006-03-02 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2015-01-20 10:23 - 2011-01-20 16:24 - 00000767 _____ () C:\Documents and Settings\Grzegorz\Menu Start\Programy\Internet Explorer.lnk 2015-01-20 10:23 - 2011-01-20 16:13 - 00000819 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Windows Messenger.lnk 2015-01-20 10:21 - 2011-01-20 16:24 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Menu Start\Programy 2015-01-20 10:15 - 2013-08-08 13:57 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Dane aplikacji\PhotoScape 2015-01-20 10:05 - 2006-03-02 13:00 - 00000719 _____ () C:\WINDOWS\win.ini 2015-01-19 15:38 - 2014-06-29 22:48 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Pulpit\z aparatu 2015-01-19 15:34 - 2014-02-25 07:55 - 00000000 ___RD () C:\Documents and Settings\Grzegorz\Moje dokumenty\Moje obrazy 2015-01-19 15:31 - 2011-01-20 16:24 - 00000000 ___RD () C:\Documents and Settings\Grzegorz\Moje dokumenty 2015-01-19 15:26 - 2011-04-13 07:21 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Moje dokumenty\Moje zeskanowane obrazy 2015-01-19 15:26 - 2011-01-20 22:50 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Moje dokumenty\Pobieranie 2015-01-19 15:26 - 2011-01-20 16:24 - 00000000 ___RD () C:\Documents and Settings\Grzegorz\Moje dokumenty\Moje obrazy-2011 2015-01-17 22:22 - 2011-01-30 20:50 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-14 16:55 - 2013-08-15 13:45 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 16:43 - 2011-02-01 00:19 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-12 09:11 - 2014-12-11 22:08 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Pulpit\vip 2015-01-12 09:11 - 2014-03-22 20:35 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Pulpit\Nowy folder 2015-01-12 09:11 - 2014-03-08 09:36 - 00000000 ____D () C:\Documents and Settings\Grzegorz\Pulpit\dla prababci 2015-01-08 21:27 - 2012-04-09 20:11 - 00460824 _____ () C:\img2-001.raw 2015-01-08 15:10 - 2014-03-21 21:24 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job ==================== Files in the root of some directories ======= 2013-12-20 00:04 - 2014-03-25 00:04 - 0000116 _____ () C:\Documents and Settings\Grzegorz\Dane aplikacji\WB.CFG 2011-01-20 16:57 - 2014-12-11 21:50 - 0224768 _____ () C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-11 19:04 - 2013-11-11 19:04 - 0364318 _____ () C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\foxtab_speeddial.crx ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================