Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01 Ran by Mariusz (administrator) on GEOPC (04-08-2015 17:29:35) Running from C:\Documents and Settings\Mariusz\Pulpit Loaded Profiles: Mariusz (Available Profiles: Mariusz & Administrator) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Language: Polski Internet Explorer Version 8 (Default browser path: "C:\Program Files\Opera\Opera.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe () C:\Program Files\SecureAge\Everything\Everything.exe () C:\Program Files\SecureAge\Everything\Everything.exe (SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe (SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe (SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe (SourceFire, Inc.) C:\Program Files\SecureAge\AntiVirus\clamd.exe (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [Everything] => C:\Program Files\SecureAge\Everything\Everything.exe [1048576 2014-08-06] () HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [7833280 2015-07-28] (SecureAge Technology) HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [23417320 2015-07-28] (SecureAge Technology) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - webcheck.dll (Microsoft Corporation) SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - stobject.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Mariusz\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Mariusz\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Mariusz\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Mariusz\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Mariusz\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Mariusz\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Mariusz\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Mariusz\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1177238915-1604221776-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1177238915-1604221776-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1177238915-1604221776-725345543-1004 -> DefaultScope {BC6545FD-668D-4485-B6FE-95CF07887ED7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1177238915-1604221776-725345543-1004 -> {BC6545FD-668D-4485-B6FE-95CF07887ED7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} Toolbar: HKU\S-1-5-21-1177238915-1604221776-725345543-1004 -> No Name - {E731E5E0-BFE5-4A04-A06E-0C81BCCD2B01} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{8125B100-F331-4DF1-9710-75E176F82813}: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\dtawfwpi.default FF Homepage: www.google.pl FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-20] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1177238915-1604221776-725345543-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-25] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Extension: Google Translator for Firefox - C:\Documents and Settings\Mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\dtawfwpi.default\Extensions\translator@zoli.bod.xpi [2014-03-09] FF Extension: Adblock Plus - C:\Documents and Settings\Mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\dtawfwpi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-01] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-15] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-06] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Everything; C:\Program Files\SecureAge\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] S3 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed] S3 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software) [File not signed] R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [789184 2015-07-28] (SecureAge Technology) R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [185024 2015-06-15] (SecureAge Technology) R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [833536 2015-07-27] (SecureAge Technology) R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [964288 2015-07-27] (SecureAge Technology) U2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [780488 2015-07-28] (SecureAge Technology) S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567008 2014-12-20] (Mister Group) S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-05-10] (Advanced Micro Devices) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [19712 2009-10-21] (Bo Brantén) [File not signed] S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed] S3 GVCplDrv; C:\WINDOWS\system32\Drivers\GVCplDrv.sys [23040 2004-05-02] () [File not signed] S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron ) R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [42752 2006-08-23] (JMicron Technology Corp.) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) R0 SAAppCtl; C:\WINDOWS\System32\DRIVERS\saappctl.sys [207016 2015-07-28] (SecureAge Technology) R0 sascan; C:\WINDOWS\System32\DRIVERS\sascan.sys [72432 2015-07-23] (SecureAge Technology) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [163644 2012-09-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] () R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc) S3 avchv; system32\DRIVERS\avchv.sys [X] S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-04 17:29 - 2015-08-04 17:29 - 00000324 _____ C:\Documents and Settings\Mariusz\Pulpit\Addition.txt 2015-08-04 17:28 - 2015-08-04 17:29 - 00012627 _____ C:\Documents and Settings\Mariusz\Pulpit\FRST.txt 2015-08-04 17:27 - 2015-08-04 17:29 - 00000000 ____D C:\FRST 2015-08-04 17:26 - 2015-08-04 16:43 - 01673728 _____ (Farbar) C:\Documents and Settings\Mariusz\Pulpit\FRST.exe 2015-08-04 17:26 - 2015-08-04 16:43 - 00380416 _____ C:\Documents and Settings\Mariusz\Pulpit\frrf10qz.exe 2015-08-04 16:25 - 2015-08-04 17:29 - 04415241 _____ C:\WINDOWS\system32\Drivers\whitelist2.sa 2015-08-04 16:25 - 2015-08-04 16:25 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\SecureAge 2015-08-04 16:08 - 2015-08-04 16:08 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-08-04 16:08 - 2015-08-04 16:08 - 00000000 ____D C:\Program Files\Common Files\Java 2015-08-04 15:54 - 2015-08-04 15:54 - 00000000 ____D C:\WINDOWS\system32\Lang 2015-08-04 14:23 - 2015-08-04 16:00 - 00559336 _____ C:\WINDOWS\system32\prfh0415.dat 2015-08-04 14:23 - 2015-08-04 16:00 - 00108222 _____ C:\WINDOWS\system32\prfc0415.dat 2015-08-04 14:22 - 2015-08-04 16:09 - 00000000 ____D C:\Program Files\Comodo 2015-08-04 14:22 - 2015-08-04 16:09 - 00000000 ____D C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Comodo 2015-08-04 14:22 - 2015-08-04 16:09 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Comodo 2015-08-04 14:21 - 2015-08-04 16:02 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Comodo 2015-08-04 13:35 - 2015-08-04 13:35 - 00000069 _____ C:\Documents and Settings\Mariusz\Pulpit\eicar.txt 2015-08-04 11:54 - 2015-08-04 16:11 - 00000211 _____ C:\boot.ini 2015-08-03 22:07 - 2015-08-03 22:26 - 00000000 ____D C:\Documents and Settings\Mariusz\Dane aplikacji\vlc 2015-08-03 22:07 - 2015-08-03 22:07 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\VideoLAN 2015-08-03 22:06 - 2015-08-03 22:06 - 00000000 ____D C:\Program Files\VideoLAN 2015-08-03 20:49 - 2015-08-03 20:49 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\SecureAge TechnologySecureAge Technology 2015-08-03 20:48 - 2015-08-03 20:48 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ClamAV 2015-08-03 20:17 - 2015-08-03 20:17 - 17408375 _____ C:\WINDOWS\system32\scan.db 2015-08-03 20:16 - 2015-08-04 16:25 - 00000000 ____D C:\Program Files\SecureAge 2015-08-03 20:10 - 2015-08-03 20:10 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\SecureAge Technology 2015-07-28 12:52 - 2015-07-28 12:52 - 00000000 ____D C:\Documents and Settings\Mariusz\Moje dokumenty\WebCam Center 2015-07-28 12:52 - 2015-07-28 12:52 - 00000000 ____D C:\Documents and Settings\Mariusz\Dane aplikacji\Creative 2015-07-28 12:41 - 2003-06-12 23:25 - 00007062 _____ C:\WINDOWS\system32\audiopid.vxd 2015-07-28 12:40 - 2015-07-28 12:40 - 00000086 _____ C:\WINDOWS\setup.log 2015-07-28 12:40 - 2000-05-22 10:58 - 00647872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Mscomct2.ocx 2015-07-28 12:40 - 1999-10-10 19:00 - 00041984 ____N (Creative Technology Ltd ) C:\WINDOWS\Ctregrun.exe 2015-07-28 12:39 - 2015-07-28 12:57 - 00000000 ____D C:\WINDOWS\CtDrvInstall 2015-07-28 12:38 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe 2015-07-28 12:24 - 2008-04-14 19:21 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax 2015-07-28 12:24 - 2008-04-14 19:21 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax 2015-07-28 12:24 - 2008-04-13 20:46 - 00085248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00019200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS 2015-07-28 12:24 - 2008-04-13 20:46 - 00017024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00011136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys 2015-07-28 12:24 - 2008-04-13 20:46 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys 2015-07-28 12:24 - 2008-04-13 20:39 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys 2015-07-28 12:23 - 2008-04-14 19:21 - 00091648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax 2015-07-28 12:23 - 2008-04-14 19:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax 2015-07-28 12:23 - 2008-04-14 19:21 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax 2015-07-28 12:23 - 2008-04-14 19:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax 2015-07-28 12:23 - 2008-04-14 19:21 - 00043008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax 2015-07-28 12:23 - 2008-04-14 19:21 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax 2015-07-28 12:23 - 2008-04-14 19:20 - 00054784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2015-07-28 12:23 - 2008-04-14 19:20 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfwwdm32.dll 2015-07-28 12:23 - 2006-06-16 05:30 - 00090112 ____R (Creative Technology Ltd.) C:\WINDOWS\CtDrvIns.exe 2015-07-28 12:23 - 2005-11-30 19:00 - 00020564 ____R (Creative Technology Ltd.) C:\WINDOWS\system32\V0260Srv.exe 2015-07-28 06:35 - 2015-07-28 06:35 - 00207016 _____ (SecureAge Technology) C:\WINDOWS\system32\Drivers\saappctl.sys 2015-07-23 03:12 - 2015-07-23 03:12 - 00072432 _____ (SecureAge Technology) C:\WINDOWS\system32\Drivers\sascan.sys 2015-07-20 21:28 - 2015-07-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 10 2015-07-05 18:31 - 2015-07-05 18:31 - 00000000 ____D C:\Documents and Settings\Mariusz\Dane aplikacji\Lavasoft 2015-07-05 18:17 - 2015-07-05 18:17 - 00095592 _____ C:\Documents and Settings\All Users\Dane aplikacji\1436113024.bdinstall.bin 2015-07-05 18:17 - 2015-07-05 18:17 - 00037346 _____ C:\Documents and Settings\All Users\Dane aplikacji\1436113021.bdinstall.bin 2015-07-05 18:16 - 2015-07-05 18:16 - 00000000 ____D C:\Documents and Settings\Mariusz\Dane aplikacji\LavasoftStatistics 2015-07-05 17:10 - 2015-07-05 17:13 - 00002842 _____ C:\WINDOWS\system32\lic2.xml4539 2015-07-05 17:10 - 2015-07-05 17:10 - 00206088 _____ C:\Documents and Settings\All Users\Dane aplikacji\1436108898.bdinstall.bin 2015-07-05 17:10 - 2015-07-05 17:10 - 00007718 _____ C:\Report 2015-07-05 17.10.07.txt 2015-07-05 17:07 - 2015-07-05 17:07 - 00000000 ____D C:\Program Files\e-Deklaracje ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-04 17:29 - 2010-02-13 16:36 - 00000000 ____D C:\Documents and Settings\Mariusz\Ustawienia lokalne\Temp 2015-08-04 17:29 - 2009-06-26 20:59 - 00000000 ____D C:\Documents and Settings\Mariusz\Pulpit 2015-08-04 16:45 - 2015-06-30 20:41 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-04 16:31 - 2009-06-26 22:33 - 00000000 ____D C:\WINDOWS\security 2015-08-04 16:25 - 2009-06-26 22:39 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2015-08-04 16:13 - 2009-06-26 20:53 - 01489992 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-04 16:12 - 2010-01-17 18:16 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-08-04 16:12 - 2010-01-17 18:16 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-08-04 16:11 - 2014-03-21 23:29 - 00000226 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-08-04 16:11 - 2009-06-26 20:59 - 00000188 ___SH C:\Documents and Settings\Mariusz\ntuser.ini 2015-08-04 16:11 - 2009-06-26 20:57 - 00032314 _____ C:\WINDOWS\SchedLgU.Txt 2015-08-04 16:11 - 2009-06-26 20:57 - 00000188 ___SH C:\Documents and Settings\LocalService\ntuser.ini 2015-08-04 16:11 - 2009-06-26 20:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-04 16:11 - 2006-03-02 14:00 - 00000507 _____ C:\WINDOWS\win.ini 2015-08-04 16:11 - 2006-03-02 14:00 - 00000227 _____ C:\WINDOWS\system.ini 2015-08-04 16:09 - 2009-06-26 22:39 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-08-04 16:08 - 2014-03-30 22:43 - 00000000 ____D C:\Program Files\Java 2015-08-04 16:05 - 2009-06-26 22:39 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2015-08-04 16:02 - 2009-06-26 22:39 - 00000000 ___HD C:\Documents and Settings\All Users\Dane aplikacji 2015-08-04 16:01 - 2014-05-27 20:10 - 00065536 _____ C:\WINDOWS\system32\config\COMODO I.evt 2015-08-04 15:57 - 2013-11-26 21:21 - 00011878 _____ C:\WINDOWS\system32\wpa.bak 2015-08-04 15:57 - 2006-03-02 14:00 - 00011878 _____ C:\WINDOWS\system32\wpa.dbl 2015-08-04 15:54 - 2009-06-26 20:52 - 00000000 ____D C:\WINDOWS\system32\Restore 2015-08-04 15:45 - 2009-06-27 01:09 - 00000000 ____D C:\WINDOWS\pss 2015-08-04 14:23 - 2014-08-14 20:11 - 00131997 _____ C:\WINDOWS\setupapi.log 2015-08-04 14:22 - 2009-06-26 20:59 - 00000000 ___HD C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji 2015-08-04 14:06 - 2009-06-26 21:35 - 00087464 _____ C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-08-04 14:05 - 2009-06-26 22:39 - 00372080 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-04 13:53 - 2009-06-26 22:40 - 01267982 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-04 13:53 - 2006-03-02 14:00 - 00559336 _____ C:\WINDOWS\system32\perfh015.dat 2015-08-04 13:53 - 2006-03-02 14:00 - 00108222 _____ C:\WINDOWS\system32\perfc015.dat 2015-08-04 11:32 - 2013-11-13 12:46 - 00000000 ____D C:\Documents and Settings\Mariusz\Moje dokumenty\TrackMania 2015-08-03 22:07 - 2009-06-26 20:59 - 00000000 __RHD C:\Documents and Settings\Mariusz\Dane aplikacji 2015-08-03 20:07 - 2010-02-13 13:58 - 00000000 ____D C:\Program Files\The KMPlayer 2015-08-03 20:07 - 2009-06-26 20:59 - 00000000 ___RD C:\Documents and Settings\Mariusz\Menu Start\Programy 2015-08-03 20:01 - 2009-06-26 22:33 - 00000000 ____D C:\WINDOWS\twain_32 2015-08-03 18:58 - 2014-05-25 18:36 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-03 18:07 - 2015-03-18 19:02 - 00000000 ____D C:\Documents and Settings\Mariusz\Dane aplikacji\eM Client 2015-07-28 12:57 - 2009-06-26 22:39 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start 2015-07-28 12:52 - 2009-06-26 20:59 - 00000000 ___RD C:\Documents and Settings\Mariusz\Moje dokumenty 2015-07-28 12:41 - 2009-06-26 21:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-07-28 12:23 - 2009-06-26 21:06 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2015-07-24 12:12 - 2012-09-03 19:02 - 00000000 ____D C:\Program Files\CDBurnerXP 2015-07-23 23:48 - 2012-09-03 19:02 - 00001618 _____ C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk 2015-07-23 23:48 - 2012-09-03 19:02 - 00001556 _____ C:\Documents and Settings\All Users\Menu Start\Programy\CDBurnerXP.lnk 2015-07-20 21:29 - 2011-12-14 20:38 - 00000000 ____D C:\Program Files\TeamViewer 2015-07-20 21:28 - 2014-12-30 17:10 - 00000706 _____ C:\Documents and Settings\All Users\Pulpit\TeamViewer 10.lnk 2015-07-20 21:24 - 2012-03-29 18:07 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-07-20 21:24 - 2011-05-13 21:54 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-07-20 20:41 - 2015-04-14 20:55 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-07-05 18:24 - 2014-08-14 20:41 - 00007993 _____ C:\WINDOWS\setupact.log 2015-07-05 18:17 - 2012-08-31 00:25 - 06477398 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1177238915-1604221776-725345543-1004-0.dat 2015-07-05 18:17 - 2012-08-31 00:25 - 00376462 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2015-07-05 17:07 - 2014-03-28 12:49 - 00000676 _____ C:\Documents and Settings\All Users\Menu Start\Programy\e-Deklaracje.lnk 2015-07-05 17:05 - 2014-11-27 00:26 - 00065536 _____ C:\WINDOWS\system32\config\Nano.evt 2015-07-05 17:04 - 2014-11-27 00:27 - 00000000 ____D C:\Documents and Settings\Mariusz\Dane aplikacji\Panda Security 2015-07-05 17:04 - 2014-11-27 00:24 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Panda Security ==================== Files in the root of some directories ======= 2013-11-13 10:34 - 2013-11-13 10:34 - 0002528 _____ () C:\Documents and Settings\Mariusz\Dane aplikacji\$_hpcst$.hpc 2015-02-28 20:54 - 2015-02-28 20:54 - 0000000 _____ () C:\Documents and Settings\Mariusz\Dane aplikacji\gdfw.log 2015-02-28 20:54 - 2015-02-28 20:54 - 0000779 _____ () C:\Documents and Settings\Mariusz\Dane aplikacji\gdscan.log 2009-06-27 01:35 - 2014-12-16 22:19 - 0165888 _____ () C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-18 16:55 - 2014-01-18 16:55 - 0000132 _____ () C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2014-03-28 12:50 - 2015-02-14 16:28 - 0005903 _____ () C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\unins000.dat 2015-02-14 16:28 - 2015-02-14 16:28 - 0707744 _____ () C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\unins000.exe 2014-03-28 12:50 - 2015-02-14 16:28 - 0011761 _____ () C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\unins000.msg Some files in TEMP: ==================== C:\Documents and Settings\Mariusz\Ustawienia lokalne\Temp\jre-8u51-windows-au.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================