OTL logfile created on: 2012-12-12 19:21:35 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Paweł\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,37 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 64,47% Memory free 2,99 Gb Paging File | 2,32 Gb Available in Paging File | 77,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 0,92 Gb Free Space | 4,69% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 0,80 Gb Free Space | 2,72% Space Free | Partition Type: NTFS Drive E: | 25,69 Gb Total Space | 10,42 Gb Free Space | 40,57% Space Free | Partition Type: NTFS Drive G: | 7,47 Gb Total Space | 0,20 Gb Free Space | 2,62% Space Free | Partition Type: NTFS Computer Name: PAWEŁ-PC | User Name: Paweł | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-08 13:33:14 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012-11-08 13:33:14 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012-09-21 12:27:03 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Paweł\Desktop\OTL.exe PRC - [2012-01-24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Nowy folder\avgtray.exe PRC - [2011-11-28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Nowy folder\avgnsx.exe PRC - [2011-11-23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Nowy folder\avgfws.exe PRC - [2011-08-09 11:36:31 | 001,598,392 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe PRC - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Nowy folder\avgwdsvc.exe PRC - [2011-05-07 21:43:25 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-01-19 08:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe PRC - [2007-01-26 09:10:48 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006-12-29 04:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-11-08 13:33:14 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012-11-08 13:33:14 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012-11-08 13:33:14 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2007-01-08 05:08:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2006-12-19 18:16:04 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-11-08 13:33:14 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2011-11-23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Nowy folder\avgfws.exe -- (avgfws) SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- E:\Nowy folder\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Nowy folder\avgwdsvc.exe -- (avgwd) SRV - [2007-01-26 09:10:48 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012-11-08 13:33:14 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2011-10-07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011-10-04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011-09-13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011-08-08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011-07-11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011-07-11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011-07-11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011-07-11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010-05-28 07:25:04 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2007-01-26 09:10:48 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007-01-08 05:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006-12-12 16:51:20 | 000,147,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006-11-10 13:38:22 | 000,506,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006-11-06 03:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2003-04-03 00:54:16 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netrcacm.sys -- (netrcacm) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1BD3FE87-EBD0-4A44-96DD-0869D764064D} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No CLSID value found IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\SearchScopes,DefaultScope = {61F8A19B-ED92-4011-9CE8-55307FC43032} IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ111YYPL&apn_uid=D4936399-048F-44BA-85DD-2533338C821F&apn_sauid=EBF3A071-E748-430F-BA03-6DDE0C468997 IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\SearchScopes\{61F8A19B-ED92-4011-9CE8-55307FC43032}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={EB13930C-2F76-4E9D-9A58-60FB91EC25BA}&mid=623cee8a51b147d18285d15f7034e27f-a58ee0bfdcf8548aae8c1dea2ad3a55bfb15fcdd&lang=pl&ds=AVG&pr=pr&d=2012-02-26 21:35:33&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1BD3FE87-EBD0-4A44-96DD-0869D764064D} IE - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?barid={1BD3FE87-EBD0-4A44-96DD-0869D764064D}" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "www.wp.pl" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: E:\Nowy folder\Firefox4\ [2012-02-26 21:35:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012-11-08 13:33:38 | 000,000,000 | ---D | M] [2012-01-07 17:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paweł\AppData\Roaming\mozilla\Extensions [2012-02-25 14:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paweł\AppData\Roaming\mozilla\Firefox\Profiles\1yv75vxm.default\extensions [2012-02-25 14:11:13 | 000,162,686 | ---- | M] () (No name found) -- C:\Users\Paweł\AppData\Roaming\mozilla\firefox\profiles\1yv75vxm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-02-25 14:12:29 | 000,003,915 | ---- | M] () -- C:\Users\Paweł\AppData\Roaming\mozilla\firefox\profiles\1yv75vxm.default\searchplugins\SweetIM Search.xml [2012-02-25 14:11:10 | 000,003,915 | ---- | M] () -- C:\Users\Paweł\AppData\Roaming\mozilla\firefox\profiles\1yv75vxm.default\searchplugins\sweetim.xml [2012-03-07 17:58:14 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Nowy folder\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\Toolbar\WebBrowser: (no name) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - No CLSID value found. O3 - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] E:\Nowy folder\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000..\Run: [] File not found O7 - HKU\S-1-5-21-2629612488-1178707905-1192735613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {CAFCF48D-8E34-4490-8154-026191D73924} http://195.93.142.232:5555/codebase/NetVideoActiveX_V23.cab (NetVideoActiveX23 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.231.1.206 217.172.224.160 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59CE1243-3184-4F45-8732-C76C828571B9}: DhcpNameServer = 89.231.1.206 217.172.224.160 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7FF0184-B512-489F-9FCA-EBF71713E3F6}: DhcpNameServer = 192.168.2.1 194.204.159.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Nowy folder\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Paweł\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Paweł\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8d2d3011-7813-11e0-912b-001636d00b8c}\Shell - "" = AutoRun O33 - MountPoints2\{8d2d3011-7813-11e0-912b-001636d00b8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8d2d3c90-7813-11e0-912b-001636d00b8c}\Shell - "" = AutoRun O33 - MountPoints2\{8d2d3c90-7813-11e0-912b-001636d00b8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-12-12 19:20:35 | 000,662,112 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-12-12 19:20:35 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-12-12 19:20:35 | 000,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-12-12 19:20:35 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-12-12 19:16:21 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-12 19:16:21 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-12 19:15:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-12 19:15:50 | 1474,412,544 | -HS- | M] () -- C:\hiberfil.sys [2012-12-12 19:05:36 | 095,023,320 | ---- | M] () -- C:\ProgramData\netdislw.pad [2012-12-07 16:43:30 | 052,217,344 | ---- | M] () -- C:\Users\Paweł\Desktop\eav_nt32_plk.msi [2012-12-07 11:17:21 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012-12-05 11:13:43 | 000,000,914 | ---- | M] () -- C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [5 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== LOP Check ==========[/color] [2011-09-06 08:33:05 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\Ashampoo [2012-02-26 21:37:15 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\AVG2012 [2012-07-30 19:55:04 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\BESTplayer [2012-01-02 13:47:36 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\Cream Software [2012-02-06 12:38:31 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\e-pity [2012-02-12 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\gtk-2.0 [2011-12-06 20:46:15 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\MusicNet [2012-01-07 18:08:27 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\OpenCandy [2012-01-02 13:53:06 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\Samsung [2012-12-07 11:25:11 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >