Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-01-2015 03 Ran by Jarek (administrator) on JR-4D8A689B2268 on 07-01-2015 07:25:18 Running from C:\Documents and Settings\Jarek\Pulpit\bbb Loaded Profile: Jarek (Available profiles: Jarek) Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe () C:\Program Files\Overclocking\RivaTuner\RivaTuner.exe () C:\Program Files\Overclocking\RivaTuner\Tools\RTSS\RTSS.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe () C:\Program Files\Overclocking\CPUCooL\CooLSRV.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Raxco Software, Inc.) C:\Program Files\Perfect Disk\PD\PD91Agent.exe (Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe (VoyagerSoft, LLC) C:\Program Files\SolidConverterPDF\SCPDF\SolidPdfService.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16126464 2007-04-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1822720 2007-04-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG) HKLM\...\Run: [AsusStartupHelp] => C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe [363008 2006-11-14] () HKLM\...\Run: [RivaTuner] => C:\Program Files\Overclocking\RivaTuner\RivaTuner.exe [2781184 2009-08-22] () HKLM\...\Run: [RivaTunerStartupDaemon] => C:\Program Files\Overclocking\RivaTuner\RivaTuner.exe [2781184 2009-08-22] () HKLM\...\Run: [RTSS] => C:\Program Files\Overclocking\RivaTuner\Tools\RTSS\RTSS.exe [106496 2009-08-22] () HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-15] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-05-28] (Google Inc.) HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [Otsics] => C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Otsics\tmpD2.exe HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [Ektion] => regsvr32.exe "C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Ektion\kbdcomex54.dll" HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [YjPack] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Otsics\AcroIEHelperShim.DLL" HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [ChromeUpdate] => C:\Documents and Settings\Jarek\Dane aplikacji\FrameworkUpdate\ChromeUpdate.exe HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\MountPoints2: {449fcbcb-2654-11de-9108-001d6024504c} - setup.exe Startup: C:\Documents and Settings\Jarek\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Secure\Icons\SecureIconsProvider.dll () BootExecute: autocheck autochk /k:C * GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1417001333-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-1417001333-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 URLSearchHook: HKU\S-1-5-21-1417001333-746137067-839522115-1004 - (No Name) - {bfc39e47-d643-4dc2-aa1d-61377501c844} - No File SearchScopes: HKU\.DEFAULT -> {EAEBAFFD-2CEF-4EDF-B0EE-5663F1593BA4} URL = BHO: Solid Converter PDF -> {259F616C-A300-44F5-B04A-ED001A26C85C} -> C:\Program Files\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) Toolbar: HKLM - Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\.DEFAULT -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File Toolbar: HKU\S-1-5-21-1417001333-746137067-839522115-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found () Winsock: Catalog9 02 mswsock.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog9 12 mswsock.dll File Not found () Winsock: Catalog9 13 mswsock.dll File Not found () Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Jarek\Dane aplikacji\Mozilla\Firefox\Profiles\iogfycus.default-1420610875036 FF Homepage: hxxp://www.google.pl FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Codecs\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Codecs\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=0.8.6h -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VLC media player\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Extension: z - C:\Program Files\Mozilla Firefox\extensions\{c1155307-dccb-e4d5-3289-a50ddc49be78}(2) [2015-01-07] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-07] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-07] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-01-07] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-07] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\Mozilla Thunderbird Chrome: ======= CHR Profile: C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CPUCooLServer; C:\Program Files\Overclocking\CPUCooL\CooLSrv.exe [118784 2008-04-12] () [File not signed] R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed] R2 PD91Agent; C:\Program Files\Perfect Disk\PD\PD91Agent.exe [693512 2008-12-31] (Raxco Software, Inc.) S3 PD91Engine; C:\Program Files\Perfect Disk\PD\PD91Engine.exe [910600 2008-12-31] (Raxco Software, Inc.) R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 ScReadSpool; C:\Program Files\SolidConverterPDF\SCPDF\SolidPdfService.exe [184320 2006-11-02] (VoyagerSoft, LLC) [File not signed] S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] S2 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S2 SecurityCenterServer4196545509; "C:\WINDOWS\system32\deurge.exe" -service "C:\Documents and Settings\Jarek\Dane aplikacji\Aguhxyro\googy.exe" ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12664 2006-10-19] () S3 asusgsb; C:\WINDOWS\System32\drivers\asusgsb.sys [12416 2007-07-12] (ASUSTeK Computer Inc.) [File not signed] R3 AtcL002; C:\WINDOWS\System32\DRIVERS\l251x86.sys [29696 2007-07-03] (Atheros Communications Inc.) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [278984 2008-05-24] () S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation) R2 cpuz132; C:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows (R) Codename Longhorn DDK provider) [File not signed] R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [71184 2009-01-05] (Raxco Software, Inc.) R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-07-12] (ASUSTeK Computer Inc.) [File not signed] S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed] R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [11304 2008-01-22] (Ahead Software AG) R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [132904 2008-01-22] (Ahead Software AG) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [68096 2007-11-02] (EZB Systems, Inc.) [File not signed] R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25416 2008-05-24] () R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation) S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2004-08-03] (Microsoft Corporation) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.) R1 ntiomin; C:\WINDOWS\system32\Drivers\ntiomin.sys [11392 2008-04-12] () [File not signed] R1 ntiopnp; C:\WINDOWS\system32\Drivers\ntiopnp.sys [12800 2008-04-12] () [File not signed] R1 ntiowp; C:\WINDOWS\system32\Drivers\ntiowp.sys [12352 2006-10-20] () [File not signed] R3 RivaTuner32; C:\Program Files\Overclocking\RivaTuner\RivaTuner32.sys [9088 2009-08-22] () [File not signed] R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [163644 2008-07-06] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R0 sfdrv01; C:\WINDOWS\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [File not signed] R0 sfdrv01a; C:\WINDOWS\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce)) R0 sfvfs02; C:\WINDOWS\System32\drivers\sfvfs02.sys [63488 2005-11-03] (Protection Technology) [File not signed] S2 ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys [X] U3 awdw3w0e; No ImagePath S0 Chl27; No ImagePath S3 ddxgb; \??\C:\DOCUME~1\Jarek\USTAWI~1\Temp\ddxgb.sys [X] S0 Hmq51; No ImagePath S4 IntelIde; No ImagePath S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] S3 Video3D; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 07:18 - 2015-01-07 07:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-07 07:08 - 2015-01-07 07:08 - 00000000 ____D () C:\Documents and Settings\Jarek\Pulpit\Stare dane programu Firefox 2015-01-06 19:59 - 2015-01-06 19:59 - 00000000 ____D () C:\TDSSKiller_Quarantine 2015-01-05 02:25 - 2015-01-05 02:25 - 00000020 _____ () C:\Documents and Settings\Jarek\defogger_reenable 2015-01-04 01:25 - 2015-01-07 07:25 - 00000000 ____D () C:\FRST 2015-01-04 00:30 - 2015-01-07 07:25 - 00000000 ____D () C:\Documents and Settings\Jarek\Pulpit\bbb 2015-01-03 23:15 - 2015-01-03 23:15 - 00000000 ____D () C:\Documents and Settings\Jarek\Pulpit\Win XP 2014-12-23 15:19 - 2014-12-23 15:19 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-12-23 15:19 - 2014-12-23 15:19 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-12-23 15:19 - 2008-08-09 12:59 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-12-23 15:19 - 2008-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty 2014-12-23 15:19 - 2008-05-05 09:27 - 00010993 _____ () C:\Documents and Settings\Administrator\netfxsl.log 2014-12-23 15:19 - 2008-05-05 09:26 - 00001599 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk 2014-12-23 15:19 - 2008-05-05 09:26 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria 2014-12-23 15:19 - 2008-05-05 09:26 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-12-23 15:19 - 2008-05-05 09:23 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony 2014-12-23 15:14 - 2015-01-04 00:23 - 00000000 __SHD () C:\WINDOWS\CSC 2014-12-21 11:54 - 2014-12-21 11:54 - 00000000 ____D () C:\Documents and Settings\Jarek\Dane aplikacji\Ylgyas 2014-12-19 00:02 - 2014-12-19 00:02 - 00000034 _____ () C:\Documents and Settings\Jarek\Pulpit\Nowy Dokument tekstowy (2).txt 2014-12-08 01:50 - 2014-12-08 02:33 - 391462241 _____ () C:\Documents and Settings\Jarek\Pulpit\Alone.in.the.Zone.BBRip.x264-Insidek_Disc1.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 07:25 - 2009-08-25 00:20 - 00000000 ____D () C:\Documents and Settings\Jarek\Ustawienia lokalne\Temp 2015-01-07 07:18 - 2012-05-11 17:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-07 07:17 - 2008-05-05 09:25 - 01327983 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-07 07:15 - 2014-05-24 08:22 - 00000470 _____ () C:\WINDOWS\Tasks\Log On Notice.job 2015-01-07 07:15 - 2012-05-12 23:17 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-07 07:15 - 2008-05-05 09:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-07 07:14 - 2008-05-05 09:32 - 00000188 ___SH () C:\Documents and Settings\Jarek\ntuser.ini 2015-01-07 07:14 - 2008-05-05 09:31 - 00032482 _____ () C:\WINDOWS\SchedLgU.Txt 2015-01-07 07:08 - 2008-05-05 09:32 - 00000000 ____D () C:\Documents and Settings\Jarek\Pulpit 2015-01-07 07:00 - 2008-05-05 09:32 - 00000000 __RHD () C:\Documents and Settings\Jarek\Dane aplikacji 2015-01-07 06:59 - 2014-09-20 05:36 - 00002883 _____ () C:\WINDOWS\setupapi.log 2015-01-07 06:59 - 2008-05-05 11:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-01-07 06:55 - 2013-11-10 06:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2015-01-07 06:54 - 2008-05-09 15:48 - 00000000 ____D () C:\Program Files\Java 2015-01-07 06:52 - 2008-05-09 15:48 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-01-07 06:37 - 2012-05-12 23:17 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-06 20:00 - 2014-11-26 00:41 - 00000000 ____D () C:\Documents and Settings\Jarek\Dane aplikacji\FrameworkUpdate 2015-01-06 20:00 - 2004-08-03 23:36 - 00065664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys 2015-01-06 02:55 - 2009-08-04 22:58 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-01-05 02:25 - 2008-05-05 09:32 - 00000000 ____D () C:\Documents and Settings\Jarek 2015-01-04 00:31 - 2014-03-11 02:01 - 00000000 ____D () C:\Documents and Settings\Jarek\Pulpit\The Graveyard 2015-01-03 23:07 - 2002-09-28 23:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-21 12:00 - 2014-05-24 08:22 - 00000468 _____ () C:\WINDOWS\Tasks\Daily Notice.job 2014-12-21 07:13 - 2013-04-16 03:13 - 00000000 ____D () C:\Program Files\URLSnooper2 2014-12-21 00:00 - 2008-11-30 16:04 - 00000370 _____ () C:\WINDOWS\Tasks\NeroLiveEpgUpdate-JR-4D8A689B2268_Jarek.job 2014-12-17 02:37 - 2008-05-05 09:32 - 00000000 ___HD () C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji 2014-12-15 06:52 - 2012-12-07 13:00 - 00000000 ____D () C:\Program Files\KMPlayer 2014-12-09 23:03 - 2014-05-18 07:47 - 00000000 ____D () C:\Documents and Settings\Jarek\Moje dokumenty\Mount&Blade Warband Savegames 2014-12-09 23:01 - 2014-05-18 17:19 - 00000000 ____D () C:\Documents and Settings\Jarek\Pulpit\M&B Warband - Mods 2014-12-09 22:57 - 2014-05-10 14:15 - 00000000 ____D () C:\Documents and Settings\Jarek\Pulpit\Mount&Blade - Warband 2014-12-09 22:34 - 2014-05-18 07:36 - 00000000 ____D () C:\Documents and Settings\Jarek\Pulpit\M&B Warband 1.153 Some content of TEMP: ==================== C:\Documents and Settings\Jarek\Ustawienia lokalne\Temp\sqlite3.dll C:\Documents and Settings\Jarek\Ustawienia lokalne\Temp\Tsu64A05F5C.dll C:\Documents and Settings\Jarek\Ustawienia lokalne\Temp\_is5257.exe C:\Documents and Settings\Jarek\Ustawienia lokalne\Temp\{120D3EDF-FBCD-49FA-8BDC-CACD13A29E1D}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================