OTL logfile created on: 2012-07-04 21:53:03 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = F:\ Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502,42 Mb Total Physical Memory | 255,12 Mb Available Physical Memory | 50,78% Memory free 1,20 Gb Paging File | 1,01 Gb Available in Paging File | 84,56% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,63 Gb Total Space | 8,97 Gb Free Space | 48,13% Space Free | Partition Type: NTFS Drive D: | 18,63 Gb Total Space | 2,33 Gb Free Space | 12,53% Space Free | Partition Type: NTFS Drive F: | 1,97 Gb Total Space | 1,97 Gb Free Space | 99,93% Space Free | Partition Type: FAT Computer Name: PAWEL | User Name: Paweł | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-04 20:11:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2011-07-18 13:54:36 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2008-04-14 19:21:08 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-07-18 13:55:06 | 001,640,216 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Resources.dll MOD - [2011-07-18 13:54:58 | 000,256,424 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2009-07-03 16:49:08 | 000,168,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\unrar.dll MOD - [2008-06-19 21:53:03 | 000,060,416 | ---- | M] () -- C:\WINDOWS\system32\antiwpa.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012-01-23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011-07-18 13:54:36 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-01-31 13:52:48 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2010-01-31 13:25:26 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010-01-31 13:26:07 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010-01-31 13:26:07 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010-01-31 13:25:54 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009-07-03 16:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2008-09-26 18:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007-07-04 17:27:24 | 000,065,604 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WrKPoETNic2000.sys -- (WRSWanDD) DRV - [2007-05-02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007-05-02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007-05-02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005-03-04 12:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005-02-11 01:52:00 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005-01-11 16:13:00 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA) DRV - [2005-01-11 16:12:12 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD) DRV - [2004-12-17 00:00:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004-12-17 00:00:00 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004-12-17 00:00:00 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {489A9904-DD11-4256-AA4E-8C8A68281132} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{489A9904-DD11-4256-AA4E-8C8A68281132}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {489A9904-DD11-4256-AA4E-8C8A68281132} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{489A9904-DD11-4256-AA4E-8C8A68281132}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_pl IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [2010-06-05 07:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Extensions [2010-06-05 07:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com [2010-05-03 07:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\zqj9k1rb.default\extensions O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\ServicePackFiles\i386\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe () O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC1428D7-A4BE-49AE-AB26-906AF918E73F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll () O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-05 11:37:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{375e65de-9ed9-11de-97d4-00c09fccd5d6}\Shell - "" = AutoRun O33 - MountPoints2\{375e65de-9ed9-11de-97d4-00c09fccd5d6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{375e65e1-9ed9-11de-97d4-00c09fccd5d6}\Shell - "" = AutoRun O33 - MountPoints2\{375e65e1-9ed9-11de-97d4-00c09fccd5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ccbbebb4-a21d-11de-97e9-00c09fccd5d6}\Shell - "" = AutoRun O33 - MountPoints2\{ccbbebb4-a21d-11de-97e9-00c09fccd5d6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ccfdc446-7402-11df-9b6a-00c09fccd5d6}\Shell - "" = AutoRun O33 - MountPoints2\{ccfdc446-7402-11df-9b6a-00c09fccd5d6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d1dc0934-6a1c-11e1-9ee0-00c09fccd5d6}\Shell - "" = AutoRun O33 - MountPoints2\{d1dc0934-6a1c-11e1-9ee0-00c09fccd5d6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{eca06474-acdf-11de-9824-00c09fccd5d6}\Shell - "" = AutoRun O33 - MountPoints2\{eca06474-acdf-11de-9824-00c09fccd5d6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-04 19:38:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012-06-14 13:41:45 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-04 21:51:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-04 21:50:49 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-07-04 19:59:31 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2012-07-04 19:49:05 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2012-07-04 19:49:04 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-07-04 18:31:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-06-29 14:30:42 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-06-29 13:54:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012-06-27 14:17:18 | 061,064,349 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2012-06-14 14:15:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-05-09 09:32:22 | 000,015,984 | ---- | C] () -- C:\Documents and Settings\Paweł\Menu Start.rar [2009-10-26 08:25:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2009-05-04 21:34:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Paweł\Dane aplikacji\Themes [2009-03-05 12:42:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6 < End of report >