OTL logfile created on: 2012-11-30 20:26:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Holica\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,99 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 75,74% Memory free
6,19 Gb Paging File | 5,68 Gb Available in Paging File | 91,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,53 Gb Total Space | 30,17 Gb Free Space | 22,10% Space Free | Partition Type: NTFS
Drive D: | 146,80 Gb Total Space | 44,27 Gb Free Space | 30,16% Space Free | Partition Type: NTFS
 
Computer Name: HOLICA-PC | User Name: Holica | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-11-30 20:24:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holica\Downloads\OTL.exe
PRC - [2012-11-19 21:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012-10-27 08:18:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-08-19 15:34:31 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012-11-17 20:28:10 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012-11-17 20:27:29 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012-11-17 20:27:21 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012-10-27 08:18:13 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-08-19 15:34:31 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012-03-22 19:00:00 | 004,417,024 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffmpeg.dll
MOD - [2012-03-22 19:00:00 | 003,471,360 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2012-03-22 18:58:24 | 000,172,032 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll
MOD - [2012-03-22 18:58:14 | 006,593,993 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
MOD - [2012-03-22 18:58:14 | 001,183,264 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll
MOD - [2012-03-22 18:58:14 | 000,207,835 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
MOD - [2012-01-08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009-07-26 00:13:26 | 001,404,928 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2009-07-26 00:13:24 | 000,507,904 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2009-04-26 23:15:40 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Users\Holica\AppData\Local\Temp\DAT1F10.tmp.exe -- (xtznijwwo)
SRV - File not found [Auto | Stopped] -- C:\Users\Holica\AppData\Local\Temp\DATB204.tmp.exe -- (delduwbyl)
SRV - File not found [Disabled | Stopped] -- C:\Users\Holica\AppData\Local\Temp\DAT46B5.tmp.exe -- (cyisdransyi)
SRV - [2012-11-19 21:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-10-27 08:18:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-19 15:34:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-24 14:23:28 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2010-03-25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-02-12 01:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008-12-17 23:52:40 | 000,036,480 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008-09-27 19:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008-08-26 20:55:32 | 000,522,792 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008-02-14 23:00:00 | 000,098,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-16 20:04:36 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-06-16 23:00:00 | 000,463,360 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\IncSvc.dll -- (IncSvc)
SRV - [2007-04-11 23:00:00 | 000,270,336 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012-03-07 00:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-10-27 02:25:48 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2011-10-27 02:25:48 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2011-10-27 02:25:48 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2011-10-27 02:25:48 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2011-10-27 02:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-10-27 02:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-10-27 02:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-10-27 02:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011-10-27 02:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-01-17 17:25:44 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009-07-26 00:13:16 | 000,048,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-01-23 18:09:30 | 000,161,152 | ---- | M] (SMI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2008-12-17 23:50:56 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdkbdmou.sys -- (Wdkbdmou)
DRV - [2008-12-17 21:58:38 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2008-12-16 08:03:00 | 007,542,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-11-19 10:33:50 | 000,057,856 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008-11-17 00:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008-10-15 18:42:02 | 000,014,336 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008-09-24 22:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008-08-29 02:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008-06-20 02:47:04 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008-05-07 19:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2008-04-28 18:56:00 | 000,011,264 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008-04-25 02:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2008-01-10 18:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2007-05-23 09:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006-11-02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2004-03-19 16:11:22 | 000,090,968 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=dpgppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=137
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=dpgppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110808&tt=3412_8&babsrc=SP_ss&mntrId=e231217c000000000000002556ec1fe2
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VD&o=14778&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=VX&apn_dtid=&apn_uid=B30B5244-B455-4838-A4D7-440EBB1C46A3&apn_sauid=26E0E4DE-7EC5-43E4-B0C2-976E9F423108
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6R8arnP7hY&i=26
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111473658352&tb_oid=13-11-2012&tb_mrud=14-11-2012&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: IplextoALL@ALLPlayer.org:0.7.0
FF - prefs.js..extensions.enabledAddons: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.4.9
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=tb50ffwinamp&tb_uuid=2012111473658352&tb_oid=13-11-2012&tb_mrud=14-11-2012&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Holica\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Holica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Holica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Holica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Holica\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Holica\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Holica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012-06-11 13:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-27 08:18:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-27 08:18:07 | 000,000,000 | ---D | M]
 
[2010-02-11 21:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holica\AppData\Roaming\mozilla\Extensions
[2012-11-14 19:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holica\AppData\Roaming\mozilla\Firefox\Profiles\wtejn54c.default\extensions
[2010-06-03 17:49:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Holica\AppData\Roaming\mozilla\Firefox\Profiles\wtejn54c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-11-11 13:12:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Holica\AppData\Roaming\mozilla\Firefox\Profiles\wtejn54c.default\extensions\ffxtlbr@Facemoods.com
[2012-06-11 13:18:15 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Holica\AppData\Roaming\mozilla\Firefox\Profiles\wtejn54c.default\extensions\ffxtlbr@incredibar.com
[2012-11-12 20:32:55 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Users\Holica\AppData\Roaming\mozilla\Firefox\Profiles\wtejn54c.default\extensions\IplextoALL@ALLPlayer.org
[2012-06-14 12:47:14 | 000,000,000 | ---D | M] (VDownloader Toolbar) -- C:\Users\Holica\AppData\Roaming\mozilla\Firefox\Profiles\wtejn54c.default\extensions\toolbar@ask.com
[2011-09-02 15:28:14 | 000,010,043 | ---- | M] () (No name found) -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\extensions\IplextoALL@ALLPlayer.org.xpi
[2012-10-22 18:40:58 | 000,012,929 | ---- | M] () (No name found) -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2012-03-28 15:06:09 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012-11-14 13:37:30 | 000,002,538 | ---- | M] () -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\searchplugins\aol-search.xml
[2012-06-14 12:47:14 | 000,002,312 | ---- | M] () -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\searchplugins\askcom.xml
[2010-06-08 11:30:50 | 000,000,933 | ---- | M] () -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\searchplugins\conduit.xml
[2012-06-11 13:17:59 | 000,002,203 | ---- | M] () -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\searchplugins\MyStart Search.xml
[2012-07-07 16:03:54 | 000,003,948 | ---- | M] () -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\searchplugins\sweetim.xml
[2010-05-14 14:41:38 | 000,001,196 | ---- | M] () -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\searchplugins\winamp-search.xml
[2010-05-20 20:48:31 | 000,001,972 | ---- | M] () -- C:\Users\Holica\AppData\Roaming\mozilla\firefox\profiles\wtejn54c.default\searchplugins\wrzuta.xml
[2012-10-27 08:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-27 08:18:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-10-27 08:18:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-02-02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-07-11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-06-26 17:08:06 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-08-21 11:47:32 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-06-26 17:08:06 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-11-11 13:12:45 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012-06-26 17:08:06 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-06-26 17:08:06 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-06-26 17:08:06 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-06-26 17:08:06 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2010-04-24 11:19:48 | 000,001,085 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       nero.com 
O1 - Hosts: 127.0.0.1       www.nero.com 
O1 - Hosts: 127.0.0.1       activate.nero.com 
O1 - Hosts: 127.0.0.1       www.activate.nero.com 
O1 - Hosts: 127.0.0.1       nero.de 
O1 - Hosts: 127.0.0.1       www.nero.de 
O1 - Hosts: 127.0.0.1       activate.nero.de 
O1 - Hosts: 127.0.0.1       www.activate.nero.de
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (gry Toolbar) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\prxtbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [GLOB - Ksiezycowy]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [OnekeyDM] C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe ()
O4 - HKLM..\Run: [svchost] c:\WINDOWS\svchost.exe File not found
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (ALLCinema)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Holica\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Tiusefu] C:\Users\Holica\AppData\Roaming\Feepyc\ebdu.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D09D1BA-7A03-4AE5-87BA-53458F7740FC}: DhcpNameServer = 91.231.23.26 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC33B106-7198-44D6-98C7-44B01989B6CD}: DhcpNameServer = 217.30.129.149 217.30.137.200
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - C:\Windows\System32\cryptnet32.dll ()
O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Holica\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Holica\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22bb8e83-fbb1-11df-af64-002556ec1fe2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
O33 - MountPoints2\{5930f656-2255-11e0-9234-002556ec1fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{5930f656-2255-11e0-9234-002556ec1fe2}\Shell\AutoRun\command - "" = F:\autorun.exe pl
O33 - MountPoints2\{59fdaa31-ca5f-11df-be0e-002556ec1fe2}\Shell - "" = Autorun
O33 - MountPoints2\{59fdaa31-ca5f-11df-be0e-002556ec1fe2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
O33 - MountPoints2\{69aaef71-81df-11df-8e04-002556ec1fe2}\Shell\AutoRun\command - "" = F:\12gn6id2.exe
O33 - MountPoints2\{69aaef71-81df-11df-8e04-002556ec1fe2}\Shell\open\Command - "" = F:\12gn6id2.exe
O33 - MountPoints2\{b4ae3dcf-e97f-11df-818f-002556ec1fe2}\Shell\AutoRun\command - "" = F:\b9v.exe
O33 - MountPoints2\{b4ae3dcf-e97f-11df-818f-002556ec1fe2}\Shell\open\Command - "" = F:\b9v.exe
O33 - MountPoints2\{dcc2059c-1824-11df-8c53-00235a6eff45}\Shell - "" = AutoRun
O33 - MountPoints2\{dcc2059c-1824-11df-8c53-00235a6eff45}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-11-30 19:17:00 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Users\Holica\wgsdgsdgdsgsd.exe
[2012-11-26 17:09:43 | 000,000,000 | ---D | C] -- C:\Users\Holica\Desktop\płyta do auta
[2012-11-25 20:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-11-25 20:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012-11-22 15:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012-11-22 15:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012-11-20 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Holica\Desktop\Bones sezon 8
[2012-11-17 14:55:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-11-17 14:54:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012-11-17 14:54:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-11-17 14:54:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012-11-17 14:54:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-11-17 14:54:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-11-17 14:54:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-11-17 14:54:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-11-16 14:01:49 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012-11-16 14:01:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-11-12 21:16:56 | 000,000,000 | ---D | C] -- C:\Users\Holica\Desktop\ruski
[2012-11-12 20:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\ALLYouTubeDownloader
[2012-11-11 21:24:12 | 000,000,000 | ---D | C] -- C:\Users\Holica\AppData\Roaming\Roxuzi
[2012-11-11 21:24:12 | 000,000,000 | ---D | C] -- C:\Users\Holica\AppData\Roaming\Feepyc
[2012-11-11 21:24:12 | 000,000,000 | ---D | C] -- C:\Users\Holica\AppData\Roaming\Ecaghi
[2012-01-10 11:18:24 | 002,161,160 | ---- | C] (DownVision                                                  ) -- C:\Users\Holica\AppData\Local\setup.exe
[2010-05-20 16:01:37 | 002,131,336 | ---- | C] (Ask.com                                                      ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-11-30 20:12:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-30 20:11:33 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012-11-30 20:11:30 | 000,161,518 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012-11-30 20:10:20 | 000,161,518 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012-11-30 20:09:45 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2012-11-30 20:09:35 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-30 20:09:35 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-30 20:08:14 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Users\Holica\wgsdgsdgdsgsd.exe
[2012-11-30 20:07:50 | 000,001,356 | ---- | M] () -- C:\Users\Holica\AppData\Local\d3d9caps.dat
[2012-11-30 19:32:12 | 000,007,460 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012-11-30 19:18:05 | 535,822,336 | ---- | M] () -- C:\Users\Holica\Desktop\2_Fast_2_Furious_(2003).DVDScr.DVL.avi
[2012-11-30 18:49:17 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4126559233-1998363153-2523124183-1004UA.job
[2012-11-30 18:49:16 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-30 18:49:15 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4126559233-1998363153-2523124183-1004UA.job
[2012-11-30 13:37:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4126559233-1998363153-2523124183-1004Core.job
[2012-11-28 19:28:01 | 000,080,896 | ---- | M] () -- C:\Users\Holica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-11-28 17:10:01 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012-11-27 20:09:12 | 000,722,446 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-11-27 20:09:12 | 000,645,858 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-11-27 20:09:12 | 000,149,544 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-11-27 20:09:12 | 000,122,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-11-24 00:27:47 | 000,006,354 | ---- | M] () -- C:\Users\Holica\Desktop\images.jpg
[2012-11-19 15:47:39 | 000,015,644 | ---- | M] () -- C:\Users\Holica\Desktop\Matura - K.G J.R A.D M.S B.S I.H.odt
[2012-11-17 20:44:30 | 003,751,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-11-15 21:11:31 | 000,068,550 | ---- | M] () -- C:\Users\Holica\Desktop\bf800aa3f7.jpeg
[2012-11-12 21:16:37 | 006,943,628 | ---- | M] () -- C:\Users\Holica\Desktop\ruski.zip
[2012-11-10 11:13:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4126559233-1998363153-2523124183-1004Core.job
[2012-11-01 12:36:17 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Holica.job
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-11-30 19:17:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012-11-28 17:45:30 | 731,060,224 | ---- | C] () -- C:\Users\Holica\Desktop\Fast.And.Furious.2009.PL.DVDRip.XviD.avi
[2012-11-27 16:47:40 | 535,822,336 | ---- | C] () -- C:\Users\Holica\Desktop\2_Fast_2_Furious_(2003).DVDScr.DVL.avi
[2012-11-25 20:49:27 | 000,002,339 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012-11-24 00:27:46 | 000,006,354 | ---- | C] () -- C:\Users\Holica\Desktop\images.jpg
[2012-11-21 14:32:11 | 734,089,216 | ---- | C] () -- C:\Users\Holica\Desktop\Diabeł Ubiera Się U Prady DVDRip Lektor PL.avi
[2012-11-19 15:47:39 | 000,015,644 | ---- | C] () -- C:\Users\Holica\Desktop\Matura - K.G J.R A.D M.S B.S I.H.odt
[2012-11-15 21:11:29 | 000,068,550 | ---- | C] () -- C:\Users\Holica\Desktop\bf800aa3f7.jpeg
[2012-11-12 21:16:24 | 006,943,628 | ---- | C] () -- C:\Users\Holica\Desktop\ruski.zip
[2012-10-16 18:35:28 | 000,002,070 | ---- | C] () -- C:\Users\Holica\.recently-used.xbel
[2012-03-23 20:15:28 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-01-10 11:18:11 | 000,460,624 | ---- | C] () -- C:\Users\Holica\AppData\Local\promo.exe
[2011-10-31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011-10-31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011-10-31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011-10-31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011-10-31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011-09-01 17:30:43 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2011-08-08 09:29:50 | 000,011,099 | ---- | C] () -- C:\Users\Holica\AppData\Roaming\TheHunterSettings_live.bin
[2011-08-07 11:32:44 | 000,000,042 | ---- | C] () -- C:\Users\Holica\AppData\Roaming\TheHunterSettings_live.cfg
[2011-03-18 17:05:45 | 000,327,743 | ---- | C] () -- C:\Windows\System32\drivers\str.sys
[2011-03-18 17:05:36 | 000,000,016 | ---- | C] () -- C:\Windows\System32\crt.dat
[2011-03-18 17:05:35 | 000,295,042 | ---- | C] () -- C:\Windows\System32\shimg.dll
[2011-03-18 17:05:35 | 000,049,152 | ---- | C] () -- C:\Windows\System32\cryptnet32.dll
[2010-05-02 09:34:14 | 000,001,356 | ---- | C] () -- C:\Users\Holica\AppData\Local\d3d9caps.dat
[2010-02-18 21:15:45 | 000,000,036 | ---- | C] () -- C:\Users\Holica\AppData\Roaming\TheHunterSettings.cfg
[2010-02-10 23:38:28 | 000,080,896 | ---- | C] () -- C:\Users\Holica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-26 00:10:00 | 000,161,518 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009-07-26 00:02:46 | 000,161,518 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 64 bytes -> C:\Users\Holica\Desktop\MOV04896.MPG:TOC.WMV
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >