Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2013 04 Ran by Karolina (administrator) on KAROLINA on 01-09-2013 12:59:11 Running from C:\Documents and Settings\Karolina\Pulpit Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastUI.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (BitTorrent Inc.) C:\Program Files\BitTorrent\BitTorrent.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Redefine Sp z o.o.) C:\Program Files\ipla\ipla.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Realtek Semiconductor Corp.) C:\DOCUME~1\Karolina\USTAWI~1\Temp\RtkBtMnt.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [PDF3 Registry Controller] - C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe [106496 2005-04-12] (ScanSoft, Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM\...\Run: [Zwinky Search Scope Monitor] - "C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h [x] HKLM\...\Run: [Zwinky_5q Browser Plugin Loader] - C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbrmon.exe [x] Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1 HKLM\...\Policies\Explorer: [NoDriveAutoRun] 67108863 HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 323 HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [BitTorrent] - C:\Program Files\BitTorrent\BitTorrent.exe [1125456 2013-05-24] (BitTorrent Inc.) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-05-09] (Skype Technologies S.A.) HKCU\...\Run: [GG] - C:\Documents and Settings\Karolina\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [3365440 2013-05-20] (GG Network S.A.) HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-24] (Samsung) HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia) HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKCU\...\Run: [IPLA!] - C:\Program Files\ipla\ipla.exe [21172832 2013-05-28] (Redefine Sp z o.o.) HKCU\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2010-06-17] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) Startup: C:\Documents and Settings\Karolina\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=PL&userid=3a732a9b-54b2-4c4d-b4c6-be738cdd24bf&searchtype=ds&q={searchTerms}&installDate=04/04/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=PL&userid=3a732a9b-54b2-4c4d-b4c6-be738cdd24bf&searchtype=hp&installDate=04/04/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=PL&userid=3a732a9b-54b2-4c4d-b4c6-be738cdd24bf&searchtype=ds&q={searchTerms}&installDate=04/04/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=ST9250315AS_6VCKJGG8____6VCKJGG8&ts=1354548559 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=ST9250315AS_6VCKJGG8____6VCKJGG8&ts=1354548559 URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=PL&userid=3a732a9b-54b2-4c4d-b4c6-be738cdd24bf&searchtype=ds&q={searchTerms}&installDate=04/04/2013 SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=PL&userid=3a732a9b-54b2-4c4d-b4c6-be738cdd24bf&searchtype=ds&q={searchTerms}&installDate=04/04/2013 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZJ^xpt249^YY^pl&si=begin-download&ptb=ED147F04-8A39-4FE4-BF0D-CD9C6635E2FE&ind=2013062216&n=77fce448&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=120665&babsrc=SP_ss_gin2g&mntrId=B89B0017C4161A04 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=PL&userid=3a732a9b-54b2-4c4d-b4c6-be738cdd24bf&searchtype=ds&q={searchTerms}&installDate=04/04/2013 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=120665&babsrc=SP_ss_gin2g&mntrId=B89B0017C4161A04 SearchScopes: HKCU - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZJ^xpt249^YY^pl&si=begin-download&ptb=ED147F04-8A39-4FE4-BF0D-CD9C6635E2FE&ind=2013062216&n=77fce448&psa=&st=sb&searchfor={searchTerms} BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll No File ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 217.113.224.135 217.113.224.36 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @google.com/npPicasa3,version=3.0.0 - e:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Karolina\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Karolina\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Documents and Settings\Karolina\Ustawienia lokalne\Dane aplikacji\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff Chrome: ======= CHR HomePage: hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=PL&userid=3a732a9b-54b2-4c4d-b4c6-be738cdd24bf&searchtype=hp&installDate=04/04/2013 CHR RestoreOnStartup: "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=PL&userid=3a732a9b-54b2-4c4d-b4c6-be738cdd24bf&searchtype=hp&installDate=04/04/2013" CHR Extension: () - C:\DOCUME~1\Karolina\USTAWI~1\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj\1.110 CHR Extension: () - C:\DOCUME~1\Karolina\USTAWI~1\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1 CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd11.crx CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Documents and Settings\Karolina\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM\...\Chrome\Extension: [jinihaffgdhejchgkogpfkdmpldnmnji] - C:\DOCUME~1\Karolina\USTAWI~1\Temp\ccex.crx CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Documents and Settings\Karolina\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-01-19] () S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x] S2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x] S2 Zwinky_5qService; C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe [x] ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1606368 2010-06-04] (Atheros Communications, Inc.) R2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2008-08-12] (Adaptec) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] () R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-20] (AVG Technologies) R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [213544 2009-08-27] (Broadcom Corporation) R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-23] (Conexant Systems, Inc.) R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-23] (Conexant Systems, Inc.) S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [69168 2010-06-17] (Silicon Image, Inc.) S0 Si3114r5; C:\Windows\System32\Drivers\Si3114r5.sys [211496 2010-06-17] (Silicon Image, Inc) R0 Si3124; C:\Windows\System32\Drivers\Si3124.sys [69248 2010-06-17] (Silicon Image, Inc.) R0 Si3132; C:\Windows\System32\Drivers\Si3132.sys [80424 2010-06-17] (Silicon Image, Inc) R0 Si3132r5; C:\Windows\System32\Drivers\Si3132r5.sys [217128 2010-06-17] (Silicon Image, Inc) R0 Si3531; C:\Windows\System32\Drivers\Si3531.sys [210736 2010-06-17] (Silicon Image, Inc) S3 btaudio; system32\drivers\btaudio.sys [x] S3 BTDriver; system32\DRIVERS\btport.sys [x] S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [x] S3 btwhid; system32\DRIVERS\btwhid.sys [x] S3 catchme; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys [x] S4 IntelIde; No ImagePath S3 StarOpen; No ImagePath S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-01 12:58 - 2013-09-01 12:58 - 00063306 _____ C:\Documents and Settings\Karolina\Pulpit\Extras.Txt 2013-09-01 12:50 - 2013-08-31 17:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Karolina\Pulpit\OTL.exe 2013-09-01 12:50 - 2013-08-31 17:23 - 01085269 _____ (Farbar) C:\Documents and Settings\Karolina\Pulpit\FRST.exe 2013-09-01 04:19 - 2013-08-31 21:12 - 43253760 _____ C:\WINDOWS\system32\config\SOFTWARE.OLD 2013-09-01 04:19 - 2013-08-31 21:12 - 10485760 _____ C:\WINDOWS\system32\config\SYSTEM.OLD 2013-09-01 04:19 - 2013-08-31 21:12 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.OLD 2013-09-01 04:19 - 2013-08-31 21:12 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.OLD 2013-09-01 04:19 - 2013-08-31 21:12 - 00262144 _____ C:\WINDOWS\system32\config\SAM.OLD 2013-08-21 23:58 - 2013-08-21 23:58 - 00000000 ____D C:\_OTL 2013-08-11 19:27 - 2013-08-11 19:27 - 00000000 ____D C:\FRST 2013-08-10 01:30 - 2013-08-25 01:03 - 00084896 _____ C:\OTL.Txt 2013-08-06 23:26 - 2013-08-06 23:27 - 00000000 ___SD C:\ComboFix 2013-08-06 23:06 - 2013-08-06 23:06 - 00000000 _SHDC C:\cmdcons 2013-08-06 23:06 - 2011-01-19 14:40 - 00000211 _____ C:\Boot.bak 2013-08-06 23:06 - 2004-08-03 23:00 - 00262400 _RSHC C:\cmldr 2013-08-06 22:57 - 2013-08-06 22:57 - 00000000 ____D C:\WINDOWS\CSC 2013-08-06 22:39 - 2013-08-06 22:40 - 00008148 _____ C:\WINDOWS\tsoc.log 2013-08-06 22:39 - 2013-08-06 22:40 - 00004507 _____ C:\WINDOWS\imsins.log 2013-08-06 22:39 - 2013-08-06 22:40 - 00002161 _____ C:\WINDOWS\netfxocm.log 2013-08-06 22:39 - 2013-08-06 22:40 - 00001207 _____ C:\WINDOWS\MedCtrOC.log 2013-08-06 22:39 - 2013-08-06 22:40 - 00000885 _____ C:\WINDOWS\ocmsn.log 2013-08-06 22:39 - 2013-08-06 22:40 - 00000877 _____ C:\WINDOWS\msgsocm.log 2013-08-06 22:39 - 2013-08-06 22:40 - 00000319 _____ C:\WINDOWS\tabletoc.log 2013-08-06 22:38 - 2013-08-06 22:40 - 00041872 _____ C:\WINDOWS\iis6.log 2013-08-06 22:38 - 2013-08-06 22:40 - 00017551 _____ C:\WINDOWS\ocgen.log 2013-08-06 21:46 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2013-08-06 21:46 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2013-08-06 21:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2013-08-06 21:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2013-08-06 21:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2013-08-06 21:46 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2013-08-06 21:46 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe 2013-08-06 21:46 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe 2013-08-06 21:46 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe 2013-08-06 21:29 - 2013-08-06 23:27 - 00000000 ____D C:\Qoobox 2013-08-06 21:28 - 2013-08-06 21:59 - 00000000 ____D C:\WINDOWS\erdnt 2013-08-06 00:17 - 2013-08-30 14:27 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-08-06 00:17 - 2013-08-11 19:28 - 00000000 ____D C:\Documents and Settings\Administrator 2013-08-06 00:17 - 2013-08-06 23:13 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne 2013-08-06 00:17 - 2013-08-06 23:08 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2013-08-06 00:17 - 2013-08-06 21:29 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty 2013-08-06 00:17 - 2011-01-19 15:33 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start 2013-08-06 00:17 - 2011-01-19 15:33 - 00000000 ____D C:\Documents and Settings\Administrator\Ulubione 2013-08-06 00:17 - 2011-01-19 15:33 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit 2013-08-06 00:17 - 2011-01-19 14:48 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-08-06 00:17 - 2011-01-19 14:41 - 00000000 ___HD C:\Documents and Settings\Administrator\Szablony 2013-08-06 00:15 - 2013-08-06 23:05 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat 2013-08-05 22:05 - 2013-08-05 22:06 - 00017920 ___SH C:\Documents and Settings\Karolina\Pulpit\Thumbs.db 2013-08-04 21:46 - 2013-08-06 22:14 - 00004337 _____ C:\WINDOWS\KB2481109.log ==================== One Month Modified Files and Folders ======= 2013-09-01 12:59 - 2012-07-31 21:36 - 01212217 _____ C:\Documents and Settings\Karolina\debug.log 2013-09-01 12:58 - 2013-09-01 12:58 - 00145814 _____ C:\Documents and Settings\Karolina\Pulpit\OTL.Txt 2013-09-01 12:58 - 2013-09-01 12:58 - 00063306 _____ C:\Documents and Settings\Karolina\Pulpit\Extras.Txt 2013-09-01 12:58 - 2011-01-19 14:53 - 00000000 ____D C:\Documents and Settings\Karolina\Pulpit 2013-09-01 12:56 - 2011-06-27 22:15 - 00000000 ____D C:\Documents and Settings\Karolina\Dane aplikacji\BitTorrent 2013-09-01 07:44 - 2012-11-13 11:52 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-08-31 22:26 - 2012-11-22 22:22 - 00204801 _____ C:\WINDOWS\setupapi.log 2013-08-31 22:26 - 2012-11-13 17:41 - 00000000 ____D C:\Documents and Settings\Karolina\Dane aplikacji\GG 2013-08-31 22:24 - 2011-01-19 14:47 - 01621827 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-31 22:23 - 2013-06-12 09:50 - 00000000 ____D C:\Documents and Settings\Karolina\Dane aplikacji\ipla 2013-08-31 22:22 - 2011-01-19 15:37 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-31 22:22 - 2011-01-19 15:37 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-31 22:22 - 2008-04-15 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-08-31 22:21 - 2011-01-19 14:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-08-31 21:12 - 2013-09-01 04:19 - 43253760 _____ C:\WINDOWS\system32\config\SOFTWARE.OLD 2013-08-31 21:12 - 2013-09-01 04:19 - 10485760 _____ C:\WINDOWS\system32\config\SYSTEM.OLD 2013-08-31 21:12 - 2013-09-01 04:19 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.OLD 2013-08-31 21:12 - 2013-09-01 04:19 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.OLD 2013-08-31 21:12 - 2013-09-01 04:19 - 00262144 _____ C:\WINDOWS\system32\config\SAM.OLD 2013-08-31 21:11 - 2011-01-19 14:52 - 00032414 _____ C:\WINDOWS\SchedLgU.Txt 2013-08-31 17:24 - 2013-09-01 12:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Karolina\Pulpit\OTL.exe 2013-08-31 17:23 - 2013-09-01 12:50 - 01085269 _____ (Farbar) C:\Documents and Settings\Karolina\Pulpit\FRST.exe 2013-08-30 14:27 - 2013-08-06 00:17 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-08-30 14:27 - 2011-01-19 14:53 - 00000188 ___SH C:\Documents and Settings\Karolina\ntuser.ini 2013-08-30 14:27 - 2008-04-15 14:00 - 00000741 _____ C:\WINDOWS\win.ini 2013-08-25 01:03 - 2013-08-10 01:30 - 00084896 _____ C:\OTL.Txt 2013-08-21 23:58 - 2013-08-21 23:58 - 00000000 ____D C:\_OTL 2013-08-21 23:58 - 2011-01-19 15:33 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-08-21 23:58 - 2011-01-19 14:53 - 00000000 __RHD C:\Documents and Settings\Karolina\Dane aplikacji 2013-08-21 23:58 - 2011-01-19 14:53 - 00000000 ___RD C:\Documents and Settings\Karolina\Menu Start\Programy\Autostart 2013-08-11 19:28 - 2013-08-06 00:17 - 00000000 ____D C:\Documents and Settings\Administrator 2013-08-11 19:28 - 2011-01-19 14:53 - 00000000 ____D C:\Documents and Settings\Karolina 2013-08-11 19:28 - 2011-01-19 14:52 - 00000000 __SHD C:\Documents and Settings\NetworkService 2013-08-11 19:28 - 2011-01-19 14:52 - 00000000 __SHD C:\Documents and Settings\LocalService 2013-08-11 19:27 - 2013-08-11 19:27 - 00000000 ____D C:\FRST 2013-08-06 23:27 - 2013-08-06 23:26 - 00000000 ___SD C:\ComboFix 2013-08-06 23:27 - 2013-08-06 21:29 - 00000000 ____D C:\Qoobox 2013-08-06 23:15 - 2011-01-19 14:44 - 00000000 ____D C:\WINDOWS\system32\Restore 2013-08-06 23:13 - 2013-08-06 00:17 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne 2013-08-06 23:13 - 2011-01-19 14:52 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne 2013-08-06 23:11 - 2008-04-15 14:00 - 00000274 _____ C:\WINDOWS\system.ini 2013-08-06 23:08 - 2013-08-06 00:17 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2013-08-06 23:06 - 2013-08-06 23:06 - 00000000 _SHDC C:\cmdcons 2013-08-06 23:06 - 2011-01-19 15:32 - 00000327 ___SH C:\boot.ini 2013-08-06 23:05 - 2013-08-06 00:15 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat 2013-08-06 22:57 - 2013-08-06 22:57 - 00000000 ____D C:\WINDOWS\CSC 2013-08-06 22:40 - 2013-08-06 22:39 - 00008148 _____ C:\WINDOWS\tsoc.log 2013-08-06 22:40 - 2013-08-06 22:39 - 00004507 _____ C:\WINDOWS\imsins.log 2013-08-06 22:40 - 2013-08-06 22:39 - 00002161 _____ C:\WINDOWS\netfxocm.log 2013-08-06 22:40 - 2013-08-06 22:39 - 00001207 _____ C:\WINDOWS\MedCtrOC.log 2013-08-06 22:40 - 2013-08-06 22:39 - 00000885 _____ C:\WINDOWS\ocmsn.log 2013-08-06 22:40 - 2013-08-06 22:39 - 00000877 _____ C:\WINDOWS\msgsocm.log 2013-08-06 22:40 - 2013-08-06 22:39 - 00000319 _____ C:\WINDOWS\tabletoc.log 2013-08-06 22:40 - 2013-08-06 22:38 - 00041872 _____ C:\WINDOWS\iis6.log 2013-08-06 22:40 - 2013-08-06 22:38 - 00017551 _____ C:\WINDOWS\ocgen.log 2013-08-06 22:40 - 2012-12-13 17:55 - 00208873 _____ C:\WINDOWS\FaxSetup.log 2013-08-06 22:40 - 2012-12-13 17:55 - 00070064 _____ C:\WINDOWS\comsetup.log 2013-08-06 22:40 - 2012-12-13 17:55 - 00043594 _____ C:\WINDOWS\ntdtcsetup.log 2013-08-06 22:40 - 2011-02-22 16:45 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2013-08-06 22:40 - 2011-01-19 15:34 - 01130678 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-08-06 22:40 - 2008-04-15 14:00 - 00516938 _____ C:\WINDOWS\system32\perfh015.dat 2013-08-06 22:40 - 2008-04-15 14:00 - 00094916 _____ C:\WINDOWS\system32\perfc015.dat 2013-08-06 22:14 - 2013-08-04 21:46 - 00004337 _____ C:\WINDOWS\KB2481109.log 2013-08-06 21:59 - 2013-08-06 21:28 - 00000000 ____D C:\WINDOWS\erdnt 2013-08-06 21:29 - 2013-08-06 00:17 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty 2013-08-06 00:05 - 2012-11-27 13:39 - 00001209 _____ C:\WINDOWS\wmsetup.log 2013-08-05 22:31 - 2011-07-28 13:25 - 00000000 ____D C:\Documents and Settings\Karolina\Dane aplikacji\Media Player Classic 2013-08-05 22:06 - 2013-08-05 22:05 - 00017920 ___SH C:\Documents and Settings\Karolina\Pulpit\Thumbs.db 2013-08-04 22:19 - 2012-12-03 17:34 - 00009592 _____ C:\WINDOWS\setupact.log 2013-08-02 22:57 - 2011-01-19 14:53 - 00000000 ___RD C:\Documents and Settings\Karolina\Moje dokumenty\Moje obrazy 2013-08-02 22:57 - 2011-01-19 14:53 - 00000000 ___RD C:\Documents and Settings\Karolina\Moje dokumenty 2013-08-02 22:47 - 2011-02-07 00:43 - 00000000 ____D C:\WINDOWS\ie8updates Files to move or delete: ==================== C:\DOCUME~1\Karolina\USTAWI~1\Temp\NEventMessages.dll C:\DOCUME~1\Karolina\USTAWI~1\Temp\NOSEventMessages.dll C:\DOCUME~1\Karolina\USTAWI~1\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2010-06-17 10:33] - [2010-06-17 10:33] - 0111104 ____A (Microsoft Corporation) 8816e60bf654353e8e0d35ed98875445 C:\Windows\System32\User32.dll [2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================