OTL logfile created on: 2012-07-30 13:39:30 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Moje dokumenty\Pobieranie Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502,11 Mb Total Physical Memory | 222,61 Mb Available Physical Memory | 44,33% Memory free 1,20 Gb Paging File | 1,01 Gb Available in Paging File | 84,16% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69,99 Gb Total Space | 24,66 Gb Free Space | 35,24% Space Free | Partition Type: NTFS Computer Name: LENOVO-F221E1BC | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-30 13:34:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Moje dokumenty\Pobieranie\OTL.exe PRC - [2012-06-26 21:14:23 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-26 21:14:22 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-12-30 19:10:46 | 006,276,768 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012-06-26 21:14:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2010-04-07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-06-12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2007-12-12 01:05:04 | 001,531,989 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2007-12-12 01:05:04 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Stopped] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2007-09-26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006-10-05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006-05-19 10:39:16 | 000,057,344 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\WINDOWS\system32\PMSveH.exe -- (PMSveH) SRV - [2006-04-17 13:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2006-04-17 13:12:26 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2005-12-21 18:20:56 | 001,384,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2005-12-14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Disabled | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.LEN\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (btkrnl) DRV - File not found [File_System | Boot | Stopped] -- System32\drivers\ANCSQ.sys -- (ANCSQ) DRV - [2011-08-09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2011-08-04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2011-08-04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-03-15 18:20:16 | 000,007,936 | ---- | M] (IBM) [Kernel | On_Demand | Stopped] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\WAM.sys -- (WAM) DRV - [2010-03-06 01:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews) DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/09/17 16:50:56] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009-03-17 16:18:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007-04-17 05:25:12 | 000,035,328 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS) DRV - [2007-04-17 05:25:12 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER) DRV - [2007-02-19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006-11-28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-02-27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006-01-13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2005-12-21 17:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter) DRV - [2005-12-21 14:09:50 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler) DRV - [2005-12-14 23:10:10 | 000,425,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005-11-08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005-11-01 17:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005-03-29 18:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) DRV - [2005-01-07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2003-08-04 14:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852 IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-353784301-4226475055-3958437928-500\..\SearchScopes,DefaultScope = Google IE - HKU\S-1-5-21-353784301-4226475055-3958437928-500\..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s IE - HKU\S-1-5-21-353784301-4226475055-3958437928-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer10: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-26 21:14:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-18 13:37:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012-01-13 17:28:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-05-12 11:11:36 | 000,000,000 | ---D | M] [2012-07-25 22:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Dane aplikacji\Mozilla\Extensions [2012-07-30 13:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Dane aplikacji\Mozilla\Firefox\Profiles\f9h8nuq8.default\extensions [2012-05-06 14:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-06-26 21:14:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-04-17 22:38:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-06-26 21:14:17 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-12-30 15:32:22 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-06-26 21:14:17 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-26 21:14:17 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-26 21:14:17 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-26 21:14:17 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-26 21:14:17 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-07-25 22:32:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKU\S-1-5-21-353784301-4226475055-3958437928-500\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-353784301-4226475055-3958437928-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-353784301-4226475055-3958437928-500\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [cssauthe] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe (Lenovo) O4 - HKLM..\Run: [recdisc] C:\Documents and Settings\Ambaradan\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3298\recdisc.exe () O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Skrót do strony właściwości High Definition Audio] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NewShortcut2.lnk = C:\Program Files\USB Camera\Driver\emSwapAp2.exe (eMPIA Technology, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-353784301-4226475055-3958437928-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-353784301-4226475055-3958437928-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-353784301-4226475055-3958437928-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-353784301-4226475055-3958437928-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class) O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.195.232.112 91.195.232.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1E4EA2F-1278-413E-8BA5-DE9A719D054A}: DhcpNameServer = 91.195.232.112 91.195.232.126 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-02 23:28:17 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-25 22:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012-07-25 22:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Dane aplikacji\Windows Search [2012-07-25 22:19:22 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-07-25 22:15:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-07-25 22:15:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-07-25 22:15:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-07-25 22:15:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-07-25 22:14:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-07-25 22:14:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Menu Start\Programy\Narzędzia administracyjne [2012-07-25 22:14:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Moje dokumenty\Moje wideo [2012-07-25 22:14:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012-07-25 22:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Moje dokumenty\Pobieranie [2012-07-25 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Dane aplikacji\Macromedia [2012-07-25 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Dane aplikacji\Adobe [2012-07-13 13:48:19 | 000,282,624 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll [2012-07-13 13:48:01 | 000,254,026 | R--- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\hpovst09.dll [2012-07-13 13:47:59 | 000,598,016 | R--- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\hpotscl2.dll [2012-07-13 13:47:58 | 000,659,456 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax2.dll [2012-07-13 13:18:22 | 000,048,128 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll054.dll [2012-07-11 09:51:52 | 000,000,000 | ---D | C] -- C:\Config.Msi [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-30 13:39:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-30 13:36:04 | 000,461,550 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-07-30 13:36:04 | 000,077,276 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-07-30 13:36:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-07-30 13:36:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-07-30 13:32:02 | 000,000,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2012-07-30 13:31:45 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-07-30 13:31:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-25 22:32:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012-07-25 22:19:28 | 000,000,300 | RHS- | M] () -- C:\BOOT.INI [2012-07-13 13:21:20 | 000,119,611 | ---- | M] () -- C:\WINDOWS\hpoins11.dat [2012-07-11 09:57:58 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-07-11 09:53:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-25 22:19:28 | 000,000,184 | ---- | C] () -- C:\Boot.bak [2012-07-25 22:19:24 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-07-25 22:15:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-07-25 22:15:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-07-25 22:15:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-07-25 22:15:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-07-25 22:15:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-07-18 17:40:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-13 13:18:40 | 000,119,611 | ---- | C] () -- C:\WINDOWS\hpoins11.dat [2012-07-13 13:18:40 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat [2012-07-13 13:18:26 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2012-05-13 19:40:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2012-02-16 11:48:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011-12-30 15:38:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-12-30 15:38:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2011-12-30 15:38:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-12-30 15:38:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-12-30 15:38:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-11-22 17:16:04 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE [2011-11-22 17:16:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL [2011-11-22 17:15:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll [2011-11-22 17:15:03 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll [2011-11-22 17:14:33 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll [2011-01-30 22:18:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010-08-09 14:43:05 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\MagicPlayDVD.ini [2009-11-23 17:35:55 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [color=#E56717]========== LOP Check ==========[/color] [2009-06-02 23:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Dane aplikacji\IBM [2009-11-23 18:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Dane aplikacji\iPlus [2012-07-25 22:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LENOVO-F221E1BC\Dane aplikacji\Windows Search [2012-04-17 22:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ask [2011-12-30 15:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2012-05-12 11:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2012-02-29 14:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-02-16 21:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail [2011-12-30 22:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate [2010-07-04 14:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2009-06-02 23:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo [2011-12-30 22:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Premium [2012-05-13 19:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SafeNet Sentinel [2012-05-13 19:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SPSS [2009-06-02 23:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ThinkVantage [2011-12-30 15:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\Babylon [2012-04-21 13:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\BabylonToolbar [2010-05-09 20:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\BESTplayer [2009-10-03 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\Codeton [2010-01-01 21:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\DC++ [2009-10-03 15:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\Gadu-Gadu [2012-02-29 15:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\Gadu-Gadu 10 [2012-07-25 21:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\hellomoto [2009-06-02 23:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\IBM [2011-10-13 22:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\ipla [2011-09-22 22:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\iPlus [2009-10-16 20:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\Stellarium [2009-06-02 23:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\ThinkVantage [2012-01-13 17:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\Thunderbird [2009-06-14 20:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\Windows Desktop Search [2009-09-01 21:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ambaradan\Dane aplikacji\Windows Search [2009-06-02 23:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\IBM [2009-06-02 23:27:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Przypomnienie o rejestracji 3.job [color=#E56717]========== Purity Check ==========[/color] < End of report >