OTL logfile created on: 2012-08-02 17:47:21 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\megi\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16945) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1013,50 Mb Total Physical Memory | 254,04 Mb Available Physical Memory | 25,07% Memory free 2,22 Gb Paging File | 0,88 Gb Available in Paging File | 39,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 52,65 Gb Total Space | 5,77 Gb Free Space | 10,95% Space Free | Partition Type: NTFS Drive D: | 52,31 Gb Total Space | 4,40 Gb Free Space | 8,41% Space Free | Partition Type: NTFS Computer Name: MAGDA | User Name: megi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-02 17:45:09 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\megi\Desktop\OTL.exe PRC - [2012-07-10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2011-09-06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2009-01-26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe PRC - [2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007-11-15 20:02:40 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\megi\AppData\Local\Temp\RtkBtMnt.exe PRC - [2006-12-01 11:34:16 | 000,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006-12-01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006-11-24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006-11-20 22:43:08 | 000,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006-11-18 06:58:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe PRC - [2006-11-18 06:58:00 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe PRC - [2006-11-18 06:56:50 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe PRC - [2006-11-16 17:35:18 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006-11-13 01:13:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2006-11-02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2004-03-23 13:06:12 | 000,888,832 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-26 19:06:26 | 000,100,864 | ---- | M] () -- C:\Users\megi\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll MOD - [2012-07-26 19:06:23 | 004,051,456 | ---- | M] () -- C:\Users\megi\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll MOD - [2012-07-10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll MOD - [2012-07-10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll MOD - [2012-07-10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avutil-51.dll MOD - [2012-07-10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avformat-54.dll MOD - [2012-07-10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll MOD - [2012-07-10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll MOD - [2008-06-19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll MOD - [2008-03-05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll MOD - [2008-03-04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll MOD - [2008-02-26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll MOD - [2007-12-24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll MOD - [2007-09-20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006-11-06 03:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2007-11-17 20:44:03 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006-12-01 11:34:16 | 000,131,072 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006-11-30 20:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006-11-24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006-11-20 22:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006-11-18 06:58:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) SRV - [2006-11-18 06:58:00 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) SRV - [2006-11-18 06:56:50 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2006-11-16 17:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006-11-13 01:13:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\FsUsbExDisk.SYS -- (FsUsbExDisk) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011-09-06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-09-06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-09-06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-09-06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-09-06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011-09-06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2006-11-22 09:29:00 | 004,455,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006-11-18 06:57:32 | 000,006,656 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer\Acer Arcade\000.fcl -- ({2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}) DRV - [2006-11-10 15:38:22 | 000,506,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006-11-02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006-11-02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006-10-30 03:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006-10-25 08:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006-10-25 08:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006-10-25 08:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006-10-18 16:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2006-08-04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2005-11-29 09:22:00 | 000,806,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2005-01-13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2003-12-08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) DRV - [2003-12-08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/ins/ins_1326304413_347336 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/ins/ins_1326304413_347336 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/ins/ins_1326304413_347336 IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/ins/ins_1326304413_347336 IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT2233703 IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\SearchScopes,DefaultScope = {380F19BF-BC9C-7AE2-58D1-54D845E090F3} IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\SearchScopes\{0D642CD3-C07D-4486-A8B5-225CC7AD93EE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NRO2&o=15418&src=crm&q={searchTerms}&locale=en_NL IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\SearchScopes\{380F19BF-BC9C-7AE2-58D1-54D845E090F3}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z188&form=ZGAIDF&install_date=20111002&iesrc={referrer:source} IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms} IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703 IE - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-22 13:34:17 | 000,000,000 | ---D | M] [2011-11-15 17:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-15 21:48:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011-05-15 17:14:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\megi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: avast! WebRep = C:\Users\megi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (UrlHelper Class) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll File not found O3 - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll File not found O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1715803491-3577788184-3521047583-1000..\Run: [捁牥吠畯r] File not found O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} http://download.gamedesire.com/g_bin/pl/billard8_2_0_0_35.cab (GameDesire Pool 8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F37A1B6-8A76-4DF7-B85E-1A055F9D485F}: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C16B6EB-10C0-44A8-BD87-4BC78E70D700}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9679AF6-EA42-4F0E-B1AF-7EC913CAE0C4}: NameServer = 62.233.233.233 87.204.204.204 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\megi\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\megi\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{56873a44-785d-11dd-ab95-e2d10cbfab02}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs O33 - MountPoints2\{5ae31b6b-7af0-11df-8ad2-c1a7879ddb4d}\Shell - "" = AutoRun O33 - MountPoints2\{5ae31b6b-7af0-11df-8ad2-c1a7879ddb4d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{5cef8b8d-f01a-11e0-9057-d7bd53307352}\Shell\AutoRun\command - "" = h0.exe O33 - MountPoints2\{5cef8b8d-f01a-11e0-9057-d7bd53307352}\Shell\open\Command - "" = h0.exe O33 - MountPoints2\{5dfef843-31f2-11dd-9af0-e046f380e208}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-02 17:44:56 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\megi\Desktop\OTL.exe [2012-08-02 17:43:46 | 004,722,680 | ---- | C] (Swearware) -- C:\Users\megi\Desktop\ComboFix.exe [2012-08-02 17:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012-08-02 17:40:28 | 000,000,000 | ---D | C] -- C:\Users\megi\AppData\Roaming\Canneverbe Limited [2012-08-02 17:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012-08-02 17:36:30 | 005,360,088 | ---- | C] (Canneverbe Limited ) -- C:\Users\megi\Desktop\cdbxp_setup_4.4.1.3341.exe [2012-08-02 16:59:44 | 000,051,232 | ---- | C] (gkweb) -- C:\Users\megi\Desktop\wwdc_141_(dobreprogramy.pl).exe [2012-08-02 16:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012-08-02 16:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012-08-02 16:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012-08-02 16:37:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\megi\Desktop\spybotsd162.exe [2012-08-02 15:25:00 | 000,000,000 | ---D | C] -- C:\Windows\pss [2009-03-11 20:38:43 | 028,999,608 | ---- | C] (Microsoft Corporation) -- C:\Users\megi\fileformatconverters.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-02 18:00:09 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-08-02 17:59:56 | 000,000,300 | ---- | M] () -- C:\Windows\wininit.ini [2012-08-02 17:57:47 | 073,474,700 | ---- | M] () -- C:\Users\megi\Desktop\Niepotwierdzony 87687.crdownload [2012-08-02 17:56:28 | 090,720,752 | ---- | M] () -- C:\Users\megi\Desktop\Niepotwierdzony 74318.crdownload [2012-08-02 17:45:09 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\megi\Desktop\OTL.exe [2012-08-02 17:44:59 | 004,722,680 | ---- | M] (Swearware) -- C:\Users\megi\Desktop\ComboFix.exe [2012-08-02 17:39:16 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012-08-02 17:37:16 | 005,360,088 | ---- | M] (Canneverbe Limited ) -- C:\Users\megi\Desktop\cdbxp_setup_4.4.1.3341.exe [2012-08-02 17:21:08 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-02 17:21:08 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-02 16:59:25 | 000,051,232 | ---- | M] (gkweb) -- C:\Users\megi\Desktop\wwdc_141_(dobreprogramy.pl).exe [2012-08-02 16:52:03 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-08-02 16:44:50 | 000,001,059 | ---- | M] () -- C:\Users\megi\Desktop\Spybot - Search & Destroy.lnk [2012-08-02 16:40:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\megi\Desktop\spybotsd162.exe [2012-08-02 16:27:36 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-08-02 16:26:42 | 000,046,968 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-08-02 16:26:42 | 000,011,026 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-08-02 16:26:41 | 002,725,510 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-08-02 16:26:41 | 002,002,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-08-02 16:20:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-02 16:20:50 | 000,386,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-08-02 16:19:50 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys [2012-08-02 15:59:00 | 000,032,768 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2012-07-31 15:40:31 | 162,486,606 | ---- | M] () -- C:\Windows\MEMORY.DMP [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-02 17:59:55 | 000,000,300 | ---- | C] () -- C:\Windows\wininit.ini [2012-08-02 17:57:32 | 022,150,856 | ---- | C] () -- C:\Users\megi\Desktop\Niepotwierdzony 87687.crdownload [2012-08-02 17:42:24 | 090,720,752 | ---- | C] () -- C:\Users\megi\Desktop\Niepotwierdzony 74318.crdownload [2012-08-02 17:39:16 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012-08-02 17:39:15 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012-08-02 16:44:50 | 000,001,059 | ---- | C] () -- C:\Users\megi\Desktop\Spybot - Search & Destroy.lnk [2012-08-02 16:18:43 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys [2011-10-05 18:11:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-10-05 18:11:34 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-10-05 18:11:34 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-10-05 18:11:33 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-08-28 21:23:33 | 000,000,552 | ---- | C] () -- C:\Users\megi\AppData\Local\d3d8caps.dat [2011-07-22 22:21:10 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2010-08-06 19:27:21 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-07-21 18:59:46 | 000,001,024 | ---- | C] () -- C:\Users\megi\.rnd [2009-12-05 21:43:14 | 041,387,464 | ---- | C] () -- C:\Users\megi\setuppol.exe [2008-06-05 19:25:05 | 000,036,048 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008-05-02 21:33:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008-04-28 22:31:32 | 003,858,985 | ---- | C] () -- C:\Users\megi\eMule0.48a-Installer.exe [2008-04-03 00:14:40 | 000,008,482 | -HS- | C] () -- C:\Users\megi\Folder.jpg [2008-04-03 00:14:40 | 000,008,482 | -HS- | C] () -- C:\Users\megi\AlbumArt_{B9292963-E659-4799-BF35-BFFF47283949}_Large.jpg [2008-04-03 00:14:40 | 000,002,343 | -HS- | C] () -- C:\Users\megi\AlbumArtSmall.jpg [2008-04-03 00:14:40 | 000,002,343 | -HS- | C] () -- C:\Users\megi\AlbumArt_{B9292963-E659-4799-BF35-BFFF47283949}_Small.jpg [2008-02-06 22:25:48 | 000,000,680 | ---- | C] () -- C:\Users\megi\AppData\Local\d3d9caps.dat [2007-11-19 00:10:45 | 000,140,800 | ---- | C] () -- C:\Users\megi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-11-17 21:08:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [color=#E56717]========== LOP Check ==========[/color] [2008-02-06 14:07:37 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\AD ON Multimedia [2009-02-25 00:35:58 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\AutoUpdate [2012-08-02 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\Canneverbe Limited [2009-01-17 21:43:09 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\EBookSys [2007-11-17 22:41:08 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\Gadu-Gadu [2008-10-19 15:50:35 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\GanymedeNet [2009-09-03 23:50:48 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\GetRightToGo [2009-04-09 23:42:30 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\Kamerzysta [2010-09-17 10:52:47 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\maxup [2008-05-11 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\Nokia [2009-10-15 20:25:43 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\OpenOffice.org [2007-12-25 16:43:12 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\PC Suite [2011-07-22 20:30:32 | 000,000,000 | ---D | M] -- C:\Users\megi\AppData\Roaming\Samsung [2012-08-02 16:08:06 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >