OTL logfile created on: 2011-12-26 20:41:57 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\BROWAR\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,33% Memory free 3,98 Gb Paging File | 2,89 Gb Available in Paging File | 72,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,89 Gb Total Space | 25,19 Gb Free Space | 57,39% Space Free | Partition Type: NTFS Drive D: | 44,38 Gb Total Space | 19,64 Gb Free Space | 44,25% Space Free | Partition Type: NTFS Computer Name: BROWAR-PC | User Name: BROWAR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-12-26 19:30:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BROWAR\Desktop\OTL.exe PRC - [2011-12-22 17:58:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-12-19 19:58:58 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2011-08-12 06:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe PRC - [2011-06-28 16:43:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011-06-24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011-04-27 10:03:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-08-02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2007-01-02 09:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-12-22 17:58:34 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-12-05 13:58:42 | 000,076,800 | ---- | M] () -- C:\Users\BROWAR\AppData\Roaming\Mozilla\Firefox\Profiles\iawtvs3a.default\extensions\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}\components\RadioWMPCoreGecko9.dll MOD - [2011-11-17 05:42:43 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011-08-12 06:45:26 | 000,198,144 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll MOD - [2011-08-12 06:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe MOD - [2010-12-12 11:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll MOD - [2010-12-12 11:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll MOD - [2010-12-12 11:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll MOD - [2010-12-12 11:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll MOD - [2010-12-12 11:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll MOD - [2010-12-12 11:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll MOD - [2010-05-23 19:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll MOD - [2010-05-23 19:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files\Rainlendar2\lua51.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-12-19 19:58:58 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2011-06-28 16:43:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011-06-08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011-04-27 10:03:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-01-02 09:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-12-19 19:59:14 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2011-12-19 19:59:13 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2011-12-19 19:59:12 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2011-06-28 16:43:53 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011-06-28 16:43:53 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011-06-20 19:17:59 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-06-20 19:17:59 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-05-18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011-05-18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011-05-18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011-05-18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011-03-13 17:41:57 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-06-17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-07-13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-08-04 03:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006-02-16 10:55:16 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006-02-16 10:55:12 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2658192813-454988573-4214590755-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-2658192813-454988573-4214590755-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: fr-classique-reforme1990@dictionaries.addons.mozilla.org:4.0.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {5c81f57f-3cf7-4785-b4ef-11ace31aec4f}:3.3.3.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-12-22 17:58:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-04 14:28:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-12-22 17:58:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-04 14:28:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-08-16 19:41:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011-03-13 18:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BROWAR\AppData\Roaming\mozilla\Extensions [2011-03-13 18:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BROWAR\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011-12-15 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BROWAR\AppData\Roaming\mozilla\Firefox\Profiles\iawtvs3a.default\extensions [2011-12-06 08:03:38 | 000,000,000 | ---D | M] (Bigpoint Games PL Community Toolbar) -- C:\Users\BROWAR\AppData\Roaming\mozilla\Firefox\Profiles\iawtvs3a.default\extensions\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f} [2011-10-07 11:58:03 | 000,000,000 | ---D | M] (Dictionnaire français «Classique &amp; Réforme 1990») -- C:\Users\BROWAR\AppData\Roaming\mozilla\Firefox\Profiles\iawtvs3a.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org [2011-12-21 19:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\USERS\BROWAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IAWTVS3A.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI () (No name found) -- C:\USERS\BROWAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IAWTVS3A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011-12-22 17:58:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011-10-03 15:44:10 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-10-03 15:44:10 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-10-03 15:44:10 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-10-03 15:44:10 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-10-03 15:44:10 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-10-03 15:44:10 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-2658192813-454988573-4214590755-1000..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\BROWAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011-03-13 20:29:39 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2658192813-454988573-4214590755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59E1B2FD-53F9-4F87-88D1-66412CEB8B1F}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9CB5BC-7EB7-49C6-BD47-D54C69E99424}: DhcpNameServer = 212.27.40.241 212.27.40.240 O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-12-26 19:30:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\BROWAR\Desktop\OTL.exe [2011-12-14 19:31:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011-12-14 19:31:30 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011-12-14 19:31:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011-12-14 19:31:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011-12-14 19:31:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011-12-14 19:31:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011-12-14 19:30:07 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011-12-14 19:30:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011-12-14 19:29:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011-12-14 19:27:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011-12-14 19:26:37 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011-12-14 19:26:36 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011-12-06 19:25:20 | 000,000,000 | ---D | C] -- C:\Users\BROWAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP Manager [2011-12-04 14:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\StartSearch plugin [2011-10-31 13:49:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-12-26 20:43:51 | 001,835,008 | ---- | M] () -- C:\Users\BROWAR\ntuser.dat [2011-12-26 19:30:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BROWAR\Desktop\OTL.exe [2011-12-26 16:47:25 | 000,697,896 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-12-26 16:47:25 | 000,694,430 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011-12-26 16:47:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-12-26 16:47:25 | 000,134,974 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-12-26 16:47:25 | 000,130,140 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011-12-26 16:47:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-12-26 16:47:24 | 002,373,080 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-12-26 16:46:42 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-12-26 16:46:42 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-12-26 16:39:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-12-26 16:38:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-12-26 16:08:42 | 002,106,776 | -H-- | M] () -- C:\Users\BROWAR\AppData\Local\IconCache.db [2011-12-22 17:58:46 | 000,001,998 | ---- | M] () -- C:\Users\BROWAR\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011-12-19 19:59:14 | 000,082,400 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys [2011-12-19 19:59:13 | 000,039,640 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys [2011-12-19 19:59:12 | 000,491,816 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys [2011-12-19 19:59:11 | 000,019,600 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys [2011-12-19 19:58:56 | 000,033,984 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll [2011-12-19 19:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll [2011-12-14 20:12:59 | 000,281,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-12-21 13:00:06 | 002,106,776 | -H-- | C] () -- C:\Users\BROWAR\AppData\Local\IconCache.db [2011-10-31 13:49:24 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2011-09-20 12:01:24 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll [2011-06-20 19:17:59 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011-06-20 19:17:59 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011-06-15 08:53:38 | 000,011,776 | ---- | C] () -- C:\Users\BROWAR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-22 00:01:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011-03-21 23:59:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-03-21 23:59:14 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2011-03-13 19:59:30 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-03-13 13:37:46 | 000,694,430 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2011-03-13 13:37:46 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2011-03-13 13:37:46 | 000,130,140 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2011-03-13 13:37:46 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2011-03-13 01:48:41 | 000,697,896 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2011-03-13 01:48:41 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2011-03-13 01:48:41 | 000,134,974 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2011-03-13 01:48:41 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2011-03-13 00:56:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-03-13 00:28:02 | 000,062,952 | ---- | C] () -- C:\Users\BROWAR\AppData\Local\GDIPFONTCACHEV1.DAT [2011-03-13 00:18:15 | 002,373,080 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 05:33:53 | 000,281,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 03:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 03:04:23 | 000,000,565 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 03:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-13 22:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2009-07-13 22:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2009-07-13 22:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2009-07-13 22:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2009-07-13 22:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2009-07-13 22:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2009-07-13 22:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2009-07-13 22:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2009-07-13 22:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2009-07-13 22:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2009-07-13 22:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2009-07-13 22:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2009-07-13 22:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2009-07-13 22:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2009-07-13 22:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2009-07-13 22:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009-07-13 22:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009-07-13 22:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009-07-13 22:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009-07-13 22:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009-07-13 22:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009-07-13 22:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009-07-13 22:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009-07-13 22:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009-07-13 22:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009-07-13 22:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009-07-13 22:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009-07-13 22:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009-07-13 22:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009-07-13 22:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-07-13 21:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009-06-10 22:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2009-06-10 22:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003-09-22 13:49:36 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [color=#E56717]========== LOP Check ==========[/color] [2011-10-13 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\Auslogics [2011-12-04 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\BESTplayer [2011-06-27 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\Canneverbe Limited [2011-06-21 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\DivoGames [2011-04-27 17:24:18 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\gtk-2.0 [2011-04-12 20:46:21 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\KeePass [2011-03-23 11:42:45 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\MP-Manager [2011-03-23 11:27:35 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\MPMAN [2011-07-14 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\Nokia [2011-03-13 19:55:30 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\OpenOffice.org [2011-07-14 12:50:21 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\PC Suite [2011-06-19 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\Settlement. Colossus [2011-06-30 18:46:29 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\SumatraPDF [2011-03-13 18:56:39 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\Thunderbird [2011-12-23 15:30:30 | 000,000,000 | ---D | M] -- C:\Users\BROWAR\AppData\Roaming\uTorrent [2011-12-14 17:03:56 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:587EB586 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07BF512B < End of report >