OTL logfile created on: 2011-03-03 17:31:33 - Run 6 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Rygiel\Desktop\OTL Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 191,57 Gb Total Space | 118,51 Gb Free Space | 61,86% Space Free | Partition Type: NTFS Drive D: | 94,80 Gb Total Space | 92,21 Gb Free Space | 97,26% Space Free | Partition Type: NTFS Computer Name: KOMPUTER | User Name: Rygiel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-28 21:16:06 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rygiel\Desktop\OTL\OTL.exe PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2011-01-12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2009-10-27 18:36:16 | 001,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2008-10-29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007-11-04 00:40:25 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-10-23 13:52:26 | 002,764,800 | ---- | M] () -- C:\RecInfo\RecInfo.exe PRC - [2007-07-13 23:38:46 | 000,561,152 | ---- | M] () -- C:\Program Files\Hotkey Utility\tray.exe PRC - [2007-06-27 18:56:22 | 000,253,952 | ---- | M] () -- C:\Program Files\Light Sensor Utility\Sensor.exe PRC - [2007-05-16 20:42:10 | 000,029,696 | ---- | M] () -- C:\Program Files\Power Manager\PM.exe PRC - [2007-04-10 15:01:32 | 004,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-01-05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006-12-08 19:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-28 21:16:06 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Rygiel\Desktop\OTL\OTL.exe MOD - [2007-11-04 01:51:30 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-01-12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2009-09-17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-11-04 00:40:24 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-01-05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006-12-08 19:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-12-21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010-12-21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-12-21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2010-12-21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2010-08-03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdi.sys -- (epfwtdi) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-09-06 23:00:00 | 000,783,272 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2007-09-04 17:51:12 | 000,114,208 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2007-07-19 00:31:00 | 007,599,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007-07-02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007-06-18 17:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007-06-13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007-05-15 20:50:36 | 000,157,696 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007-03-15 16:46:24 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-03-05 23:00:00 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007-02-15 23:00:00 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007-01-04 20:15:08 | 000,009,336 | ---- | M] (http://www.internals.com) [Kernel | System | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO) DRV - [2004-06-10 00:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sacm2A.sys -- (USBCM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1799331704-3147706082-1461188951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-1799331704-3147706082-1461188951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1799331704-3147706082-1461188951-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1799331704-3147706082-1461188951-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=15627" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=15627&q=" FF - prefs.js..network.proxy.http: "174.142.24.201" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-16 13:46:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-16 13:46:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-03-02 11:54:55 | 000,000,000 | ---D | M] [2009-11-04 14:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rygiel\AppData\Roaming\mozilla\Extensions [2011-02-26 22:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rygiel\AppData\Roaming\mozilla\Firefox\Profiles\vdblqpwu.default\extensions [2009-11-04 14:15:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rygiel\AppData\Roaming\mozilla\Firefox\Profiles\vdblqpwu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-05 10:05:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Rygiel\AppData\Roaming\mozilla\Firefox\Profiles\vdblqpwu.default\extensions\firefox@tvunetworks.com [2011-02-22 17:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-19 19:48:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-22 11:18:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-27 07:00:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-01-02 21:06:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-22 17:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009-10-16 19:45:02 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-22 19:05:52 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml [2009-10-16 19:45:02 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-10-16 19:45:02 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-10-16 19:45:02 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-10-16 19:45:02 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-10-16 19:45:02 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe () O4 - HKLM..\Run: [recinfo] File not found O4 - HKLM..\Run: [recinfo572] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1799331704-3147706082-1461188951-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group) O4 - HKU\S-1-5-21-1799331704-3147706082-1461188951-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O7 - HKU\S-1-5-21-1799331704-3147706082-1461188951-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopcast.cn/download/SOPCORE.CAB (SopCore Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.245.176.3 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Rygiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Rygiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d51fdc0a-7d33-11de-9d68-00140b40f3cd}\Shell\AutoRun\command - "" = G:\USBNB.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-03-03 16:54:35 | 000,000,000 | ---D | C] -- C:\Avenger [2011-03-03 10:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2011-03-03 07:20:41 | 000,000,000 | ---D | C] -- C:\5499036c6864ae816cace477b9 [2011-03-03 05:17:47 | 000,000,000 | ---D | C] -- C:\9663c00be68e90ad448eda6f729f90 [2011-03-03 05:17:40 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2011-03-03 00:47:27 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll [2011-03-03 00:47:27 | 000,047,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe [2011-03-03 00:11:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe [2011-03-03 00:06:06 | 000,000,000 | ---D | C] -- C:\b339ea08a694c1cc151881cb [2011-03-02 22:38:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011-03-02 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\Rygiel\Desktop\Autoruns [2011-03-02 19:01:30 | 000,000,000 | ---D | C] -- C:\Users\Rygiel\Desktop\Gmer [2011-03-02 19:01:17 | 000,000,000 | ---D | C] -- C:\Users\Rygiel\Desktop\avenger [2011-03-02 11:57:24 | 000,000,000 | ---D | C] -- C:\Users\Rygiel\AppData\Roaming\ESET [2011-03-02 11:57:24 | 000,000,000 | ---D | C] -- C:\Users\Rygiel\AppData\Local\ESET [2011-03-02 11:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2011-03-02 11:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2011-03-02 11:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011-03-02 09:54:07 | 000,000,000 | --SD | C] -- C:\ComboFix [2011-03-02 09:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011-03-02 09:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-03-02 06:10:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011-03-02 06:10:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-03-02 06:10:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-03-02 06:10:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-03-01 18:24:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-03-01 18:00:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-03-01 16:38:39 | 000,000,000 | ---D | C] -- C:\Users\Rygiel\Desktop\Virusy [2011-03-01 16:38:39 | 000,000,000 | ---D | C] -- C:\Users\Rygiel\Desktop\OTL [2011-02-28 21:42:14 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011-02-22 17:37:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-02-22 17:37:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-02-22 17:37:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-02-22 17:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2009-10-27 22:16:55 | 000,015,429 | ---- | C] ( ) -- C:\Windows\System32\drivers\Sacm2A.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-03-03 17:43:11 | 000,610,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-03-03 17:43:11 | 000,536,826 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-03-03 17:43:11 | 000,104,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-03-03 17:43:11 | 000,087,092 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-03-03 17:40:52 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-03-03 17:30:48 | 000,027,430 | ---- | M] () -- C:\Users\Rygiel\AppData\Roaming\nvModes.001 [2011-03-03 17:30:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-03-03 17:30:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-03-03 17:30:34 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-03-03 17:30:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-03-03 17:30:20 | 2146,357,248 | -HS- | M] () -- C:\hiberfil.sys [2011-03-03 10:07:18 | 000,313,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-03-03 09:55:40 | 000,101,376 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2011-03-03 09:55:15 | 000,079,872 | ---- | M] (Axalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2011-03-03 09:27:11 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl [2011-03-03 07:20:41 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll [2011-03-03 07:20:41 | 000,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe [2011-03-03 05:17:18 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock [2011-03-03 01:46:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011-03-03 01:45:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011-03-02 18:51:46 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4938E6AD-684F-49FD-8168-1E7DA666A061}.job [2011-03-02 18:15:42 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{049BCB01-6C19-42F9-884A-ECE876EC25D2}.job [2011-03-02 12:21:57 | 000,000,486 | ---- | M] () -- C:\Users\Rygiel\Desktop\cc_20110302_122152.reg [2011-03-02 10:33:35 | 000,051,200 | ---- | M] () -- C:\Users\Rygiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-02 09:35:05 | 000,070,944 | ---- | M] () -- C:\Users\Rygiel\Desktop\cc_20110302_093451.reg [2011-03-02 09:18:14 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011-03-02 05:51:34 | 004,278,237 | R--- | M] () -- C:\Users\Rygiel\Desktop\ComboFix.exe [2011-03-01 18:33:12 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011-03-01 15:01:22 | 000,001,356 | ---- | M] () -- C:\Users\Rygiel\AppData\Local\d3d9caps.dat [2011-02-28 15:57:04 | 000,027,430 | ---- | M] () -- C:\Users\Rygiel\AppData\Roaming\nvModes.dat [2011-02-28 15:51:26 | 000,315,392 | ---- | M] () -- C:\Windows\KernelMessage [2011-02-02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-02-02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-02-02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-02-02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011-02-02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-03-03 17:30:20 | 2146,357,248 | -HS- | C] () -- C:\hiberfil.sys [2011-03-03 05:17:18 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock [2011-03-03 01:46:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011-03-03 01:45:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011-03-03 00:11:27 | 000,327,680 | ---- | C] () -- C:\Windows\SPInstall.etl [2011-03-02 18:51:46 | 000,000,434 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{4938E6AD-684F-49FD-8168-1E7DA666A061}.job [2011-03-02 18:15:42 | 000,000,434 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{049BCB01-6C19-42F9-884A-ECE876EC25D2}.job [2011-03-02 12:21:55 | 000,000,486 | ---- | C] () -- C:\Users\Rygiel\Desktop\cc_20110302_122152.reg [2011-03-02 09:34:58 | 000,070,944 | ---- | C] () -- C:\Users\Rygiel\Desktop\cc_20110302_093451.reg [2011-03-02 09:18:14 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011-03-02 06:10:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-03-02 06:10:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-03-02 06:10:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011-03-02 06:10:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-03-02 06:10:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-03-01 16:38:55 | 004,278,237 | R--- | C] () -- C:\Users\Rygiel\Desktop\ComboFix.exe [2011-01-12 23:05:28 | 000,000,094 | ---- | C] () -- C:\Users\Rygiel\AppData\Local\fusioncache.dat [2009-10-27 22:16:55 | 000,135,168 | ---- | C] () -- C:\Windows\UNDPX2A.exe [2009-10-27 22:16:55 | 000,053,693 | ---- | C] () -- C:\Windows\UNDPX2A.sys [2008-12-08 14:14:01 | 000,001,356 | ---- | C] () -- C:\Users\Rygiel\AppData\Local\d3d9caps.dat [2008-10-16 19:17:47 | 000,051,200 | ---- | C] () -- C:\Users\Rygiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-10-16 16:26:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008-10-16 15:47:23 | 000,027,430 | ---- | C] () -- C:\Users\Rygiel\AppData\Roaming\nvModes.dat [2008-10-16 15:47:23 | 000,027,430 | ---- | C] () -- C:\Users\Rygiel\AppData\Roaming\nvModes.001 [2008-01-10 20:50:34 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2008-01-10 20:50:02 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2007-10-09 10:56:22 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2007-10-09 10:56:21 | 000,535,840 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2007-10-09 10:56:21 | 000,086,508 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2007-10-09 10:56:21 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 13:47:37 | 000,313,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 11:33:01 | 000,610,174 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 11:33:01 | 000,103,956 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-11-02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006-11-02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006-08-11 18:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [color=#E56717]========== LOP Check ==========[/color] [2011-03-02 11:57:24 | 000,000,000 | ---D | M] -- C:\Users\Rygiel\AppData\Roaming\ESET [2008-10-16 15:49:10 | 000,000,000 | ---D | M] -- C:\Users\Rygiel\AppData\Roaming\Gadu-Gadu [2008-10-16 15:47:35 | 000,000,000 | ---D | M] -- C:\Users\Rygiel\AppData\Roaming\InterVideo [2010-01-20 20:21:48 | 000,000,000 | ---D | M] -- C:\Users\Rygiel\AppData\Roaming\Nokia [2010-01-20 20:26:04 | 000,000,000 | ---D | M] -- C:\Users\Rygiel\AppData\Roaming\PC Suite [2011-03-02 19:07:52 | 000,000,000 | ---D | M] -- C:\Users\Rygiel\AppData\Roaming\uTorrent [2011-03-03 16:27:09 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011-03-02 18:15:42 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{049BCB01-6C19-42F9-884A-ECE876EC25D2}.job [2011-03-02 18:51:46 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4938E6AD-684F-49FD-8168-1E7DA666A061}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Rygiel\Desktop\Flota OK.avi:TOC.WMV < End of report >