OTL logfile created on: 2012-07-14 18:26:48 - Run 4 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Administrator\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 707,84 Mb Available Physical Memory | 69,16% Memory free 2,40 Gb Paging File | 2,23 Gb Available in Paging File | 92,91% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,67 Gb Total Space | 22,67 Gb Free Space | 60,19% Space Free | Partition Type: NTFS Drive D: | 38,65 Gb Total Space | 3,59 Gb Free Space | 9,28% Space Free | Partition Type: NTFS Computer Name: KOMP | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-14 09:23:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\OTL.exe PRC - [2012-06-27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2008-04-15 00:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-07-04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-06-27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010-05-07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix) DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\avgmfx86.sys -- (Avgmfx86) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\aticir.sys -- (AtiIrRcvr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atinavrr.sys -- (ATIAVPCI) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akt3nn0v) DRV - [2011-02-10 16:17:10 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010-11-10 04:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC) DRV - [2010-11-10 04:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2010-05-07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010-02-11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-07-09 06:24:34 | 001,668,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-02-13 21:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008-04-14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008-04-14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2006-11-10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2003-06-09 03:45:04 | 000,116,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia) DRV - [2003-06-09 03:44:52 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2003-06-09 03:44:36 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k) DRV - [2003-06-09 03:44:32 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003-06-09 03:44:22 | 000,494,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003-06-09 03:42:58 | 000,186,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k) DRV - [2003-06-09 03:42:44 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k) DRV - [2003-06-09 03:42:28 | 000,819,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2001-08-17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1292428093-117609710-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=a0cf3c840000000000000004619c395c IE - HKU\S-1-5-21-1292428093-117609710-1417001333-500\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1292428093-117609710-1417001333-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1292428093-117609710-1417001333-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=a0cf3c840000000000000004619c395c IE - HKU\S-1-5-21-1292428093-117609710-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012-07-09 20:38:43 | 000,000,000 | ---D | M] [2011-02-10 21:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2012-07-14 10:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9nvmrwn8.default\extensions [2012-07-14 09:02:43 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9nvmrwn8.default\extensions\ffxtlbr@babylon.com [2011-02-10 21:58:41 | 000,571,320 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\9NVMRWN8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2011-02-10 22:00:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-02-10 22:00:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} O1 HOSTS File: ([2012-07-14 10:38:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [taskschd] C:\Documents and Settings\TATA\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\261\taskschd.exe File not found O4 - HKLM..\Run: [thawbrkr] C:\Documents and Settings\NOWY\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3857\thawbrkr.exe () O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1292428093-117609710-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1292428093-117609710-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1292428093-117609710-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1292428093-117609710-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBFE77B-38E8-4319-8DAA-99D2265F988F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D817F793-A918-4098-86E0-B845789F7E3A}: DhcpNameServer = 95.160.170.92 88.156.222.92 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-02-10 14:52:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-14 10:52:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012-07-14 10:41:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012-07-14 10:29:01 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-07-14 10:27:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-07-14 10:27:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-07-14 10:27:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-07-14 10:27:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-07-14 10:25:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-07-14 10:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Narzędzia administracyjne [2012-07-14 10:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moje wideo [2012-07-14 10:24:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012-07-14 10:24:25 | 004,577,833 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Moje dokumenty\ComboFix.exe [2012-07-14 09:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-07-14 09:34:21 | 000,000,000 | ---D | C] -- C:\_OTL [2012-07-14 09:23:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\OTL.exe [2012-07-14 09:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2012-07-14 09:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google [2012-07-14 09:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Giant Savings [2012-07-14 09:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Giant Savings [2012-07-14 09:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2012-07-14 09:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Babylon [2012-07-14 08:50:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012-07-14 08:48:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2012-07-14 08:48:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2012-07-09 20:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AVG [2012-07-09 20:38:13 | 000,000,000 | ---D | C] -- C:\$AVG [2012-07-09 20:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012 [2012-07-09 19:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Spybot - Search & Destroy [2012-07-09 19:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012-07-09 19:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2012-07-09 13:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\F4D5619C00006F72000023B50CDF108C [2012-07-07 09:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi [2012-06-24 17:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Skype [2012-06-24 17:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-14 18:20:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-14 15:11:41 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80671102}.rfx [2012-07-14 15:11:41 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80671102}.rfx [2012-07-14 15:11:41 | 000,016,348 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80671102}.rfx [2012-07-14 15:11:41 | 000,016,348 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80671102}.rfx [2012-07-14 15:11:41 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2012-07-14 15:11:41 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2012-07-14 15:11:41 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80671102}.dat [2012-07-14 15:11:41 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80671102}.dat [2012-07-14 10:38:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012-07-14 10:29:06 | 000,000,355 | RHS- | M] () -- C:\boot.ini [2012-07-14 10:24:39 | 004,577,833 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Moje dokumenty\ComboFix.exe [2012-07-14 10:09:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-14 09:23:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\OTL.exe [2012-07-14 09:21:24 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-07-14 09:02:56 | 000,000,237 | ---- | M] () -- C:\user.js [2012-07-14 08:31:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-07-09 20:47:25 | 101,300,814 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012-07-09 20:40:24 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2012.lnk [2012-07-09 20:23:57 | 000,000,245 | ---- | M] () -- C:\Boot.bak [2012-06-24 17:19:16 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-14 10:29:06 | 000,000,245 | ---- | C] () -- C:\Boot.bak [2012-07-14 10:29:03 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-07-14 10:27:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-07-14 10:27:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-07-14 10:27:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-07-14 10:27:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-07-14 10:27:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-07-14 09:02:53 | 000,000,237 | ---- | C] () -- C:\user.js [2012-07-09 20:40:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2012.lnk [2012-02-26 21:54:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012-02-16 10:36:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-02-14 14:40:00 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe [2011-08-20 10:31:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2011-03-29 18:36:03 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011-03-25 14:50:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-03-25 14:44:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011-02-12 13:58:00 | 000,010,751 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini [2011-02-10 21:58:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-02-10 21:57:34 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-02-10 21:57:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-02-10 21:57:33 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-02-10 21:57:33 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-02-10 21:57:33 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-02-10 21:45:20 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80671102}.dat [2011-02-10 21:45:20 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80671102}.dat [2011-02-10 16:26:33 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2011-02-10 16:26:32 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2011-02-10 16:26:28 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2011-02-10 16:25:46 | 000,035,674 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2011-02-10 16:25:46 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2011-02-10 16:25:21 | 000,251,970 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2011-02-10 16:25:20 | 000,189,490 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2011-02-10 16:25:20 | 000,142,968 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT [2011-02-10 16:25:20 | 000,114,972 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat [2011-02-10 16:25:20 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2011-02-10 16:25:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2011-02-10 16:25:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2011-02-10 16:25:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE [2011-02-10 16:25:11 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2011-02-10 16:25:11 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2011-02-10 16:24:48 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2011-02-10 16:18:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011-02-10 16:03:25 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011-02-10 15:37:09 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-02-10 15:35:30 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-02-10 14:55:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-02-10 14:49:16 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-11-10 04:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2010-11-10 04:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2010-11-10 04:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2010-11-10 04:31:42 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [color=#E56717]========== LOP Check ==========[/color] [2012-07-14 09:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Babylon [2011-02-20 13:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\BESTplayer [2011-02-10 22:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite [2011-02-10 22:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu [2012-05-05 20:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10 [2012-07-09 20:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012 [2011-06-06 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\avg9 [2012-07-14 09:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2011-03-15 13:48:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2011-02-10 16:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-10-30 11:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Easybits GO [2012-07-09 19:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\F4D5619C00006F72000023B50CDF108C [2012-07-09 21:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2011-12-04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ProgDVB [2012-02-15 10:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RadiantViewer [2012-07-10 07:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAMA\Dane aplikacji\AVG2012 [2011-02-18 21:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAMA\Dane aplikacji\Nowe Gadu-Gadu [2012-07-14 15:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOWY\Dane aplikacji\AVG2012 [2012-07-14 15:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOWY\Dane aplikacji\hellomoto [2012-07-09 20:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TATA\Dane aplikacji\AVG2012 [2012-02-14 14:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TATA\Dane aplikacji\CAD-KAS [2012-02-14 14:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TATA\Dane aplikacji\DAEMON Tools Lite [2012-06-01 17:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TATA\Dane aplikacji\Foxit Software [2011-10-30 11:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TATA\Dane aplikacji\go [2012-07-09 13:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TATA\Dane aplikacji\hellomoto [2011-03-30 15:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TATA\Dane aplikacji\Leadertech [2011-03-25 15:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TATA\Dane aplikacji\Nowe Gadu-Gadu [color=#E56717]========== Purity Check ==========[/color] < End of report >