Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by MM (administrator) on SPECIAL-XP on 20-03-2015 12:18:36 Running from C:\Documents and Settings\MM\Moje dokumenty\Pobrane Loaded Profiles: MM (Available profiles: MM) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SysTool PasSame LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (http://www.emule-project.net) C:\Program Files\eMule\emule.exe (XTab system) C:\Program Files\XTab\ProtectService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (SearchProtect) C:\Program Files\XTab\CmdShell.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (XTab system) C:\Program Files\XTab\HPNotify.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16248320 2006-06-27] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-06-27] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2006-06-27] (Realtek Semiconductor Corp.) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [HPHUPD08] => C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-01] (Hewlett-Packard) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\logon.scr [778113 2008-05-02] (nufsoft.com) HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\logon.scr [778113 2008-05-02] (nufsoft.com) HKU\S-1-5-21-1390067357-583907252-842925246-1003\...\Run: [Google Update] => C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [107912 2014-10-27] (Google Inc.) HKU\S-1-5-21-1390067357-583907252-842925246-1003\...\Run: [eMuleAutoStart] => C:\Program Files\eMule\emule.exe [5758976 2010-04-07] (http://www.emule-project.net) HKU\S-1-5-21-1390067357-583907252-842925246-1003\...\MountPoints2: {3ea7ac70-cf0f-11e0-96e8-003005c9b029} - H:\SETUP.EXE /AUTORUN HKU\S-1-5-21-1390067357-583907252-842925246-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\logon.scr [778113 2008-05-02] (nufsoft.com) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1390067357-583907252-842925246-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6 HKU\S-1-5-21-1390067357-583907252-842925246-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6 HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {3E11A34D-CD50-4A89-82BA-571B0AB8EB7C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-03-10] (Thinknice Co. Limited) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-21] (AVAST Software) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453 FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: do-search FF SelectedSearchEngine: do-search FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll [2015-01-18] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @rayv.com/rayvplugin -> C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll [2011-12-27] (RayV) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1390067357-583907252-842925246-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin HKU\S-1-5-21-1390067357-583907252-842925246-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin HKU\S-1-5-21-1390067357-583907252-842925246-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-02] (Unity Technologies ApS) FF user.js: detected! => C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453\user.js [2015-03-20] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2009-07-31] (LizardTech) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453\searchplugins\do-search.xml [2015-03-20] FF Extension: Fast Start - C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453\Extensions\istart_ffnt@gmail.com [2015-03-19] FF Extension: Search Enginer - C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453\Extensions\searchengine@gmail.com [2015-03-19] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-08-25] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453\extensions\searchengine@gmail.com FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453\extensions\istart_ffnt@gmail.com Chrome: ======= CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\37.0.2062.120\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Google Update) - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (avast! Online Security) - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-18] CHR Extension: (Google Wallet) - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21] StartMenuInternet: chrome.exe - C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software) R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158816 2015-03-10] (XTab system) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed] R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-19] (SysTool PasSame LIMITED) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] () R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-09-29] (HP) R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-09-29] (HP) R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-09-29] (HP) R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [62208 2008-05-02] (Silicon Image, Inc.) [File not signed] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2011-08-25] () [File not signed] S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 12:17 - 2015-03-20 12:18 - 00000000 ____D () C:\FRST 2015-03-19 18:42 - 2015-03-19 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate 2015-03-19 18:41 - 2015-03-19 18:42 - 00000000 ____D () C:\Program Files\XTab 2015-03-19 18:41 - 2015-03-19 18:41 - 00000000 ____D () C:\Documents and Settings\MM\Dane aplikacji\do-search 2015-03-19 18:41 - 2015-03-19 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect 2015-03-17 18:31 - 2015-03-17 18:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 12:19 - 2014-07-18 18:26 - 00000000 ____D () C:\Documents and Settings\MM\Moje dokumenty\Pobrane 2015-03-20 12:19 - 2011-08-24 13:15 - 00000000 ____D () C:\Documents and Settings\MM\Ustawienia lokalne\Temp 2015-03-20 12:10 - 2011-08-24 13:06 - 01174640 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-20 12:09 - 2014-03-27 20:34 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-03-20 12:09 - 2012-08-01 10:39 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-03-20 12:09 - 2011-08-24 13:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-20 12:08 - 2011-08-24 13:15 - 00000188 ___SH () C:\Documents and Settings\MM\ntuser.ini 2015-03-20 12:08 - 2011-08-24 13:14 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-20 12:00 - 2012-01-28 08:34 - 00000360 _____ () C:\WINDOWS\Tasks\HPpromotions journeysoftware.job 2015-03-20 11:54 - 2014-11-21 13:43 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-03-19 20:21 - 2011-08-25 08:42 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-583907252-842925246-1003UA.job 2015-03-19 18:42 - 2011-08-24 14:58 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-03-19 18:41 - 2011-08-24 13:15 - 00000000 __RHD () C:\Documents and Settings\MM\Dane aplikacji 2015-03-19 17:53 - 2012-06-17 05:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-19 17:53 - 2001-07-21 23:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-03-11 01:23 - 2011-08-25 08:42 - 00002298 _____ () C:\Documents and Settings\MM\Pulpit\Google Chrome.lnk 2015-03-10 22:21 - 2011-08-25 08:42 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-583907252-842925246-1003Core.job 2015-03-10 20:54 - 2013-08-15 02:03 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-10 20:49 - 2011-08-25 08:28 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-09 19:46 - 2011-08-24 13:15 - 00000000 ____D () C:\Documents and Settings\MM 2015-03-09 19:05 - 2011-08-24 13:15 - 00000000 ___HD () C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji 2015-02-26 12:41 - 2012-01-28 08:33 - 00000000 ____D () C:\Documents and Settings\MM\Dane aplikacji\Winamp ==================== Files in the root of some directories ======= 2012-01-28 08:38 - 2015-02-15 16:25 - 0196608 _____ () C:\Documents and Settings\MM\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Documents and Settings\MM\FIX.REG ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================