OTL logfile created on: 30/01/2013 12:40:03 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Agata\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Wielka Brytania | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.22% Memory free 3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.49% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.78 Gb Total Space | 5.34 Gb Free Space | 4.78% Space Free | Partition Type: NTFS Computer Name: KURT-FAMILY | User Name: Agata | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/01/30 11:21:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Agata\Pulpit\OTL.exe PRC - [2012/12/05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.2.1.22\ccsvchst.exe PRC - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011/04/22 12:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008/08/26 13:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/04/14 17:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/10 08:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\stacsv.exe PRC - [2004/05/21 18:11:22 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/30 14:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.2.1.22\wincfi39.dll MOD - [2007/10/09 17:17:44 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll MOD - [2007/10/09 17:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/01/08 23:32:11 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/05 01:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360) SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2011/04/22 12:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2008/08/26 13:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2008/04/29 09:04:58 | 000,572,928 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007/05/10 08:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\stacsv.exe -- (STacSV) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/01/17 20:17:16 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130129.032\NAVEX15.SYS -- (NAVEX15) DRV - [2013/01/17 20:17:16 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130129.032\NAVENG.SYS -- (NAVENG) DRV - [2013/01/16 02:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/10/11 15:55:35 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/10/09 01:00:02 | 000,586,400 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1402010.016\srtsp.sys -- (SRTSP) DRV - [2012/10/04 01:40:35 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1402010.016\symefa.sys -- (SymEFA) DRV - [2012/10/04 01:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1402010.016\symds.sys -- (SymDS) DRV - [2012/09/29 20:10:11 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/09/28 11:32:14 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130129.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012/09/07 02:05:14 | 000,394,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1402010.016\symtdi.sys -- (SYMTDI) DRV - [2012/09/07 01:48:08 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1402010.016\ironx86.sys -- (SymIRON) DRV - [2012/08/20 19:49:49 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1402010.016\ccsetx86.sys -- (ccSet_N360) DRV - [2012/08/18 09:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/05/25 05:36:56 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1402010.016\srtspx.sys -- (SRTSPX) DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/08/22 11:07:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/12/26 18:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/10/09 17:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2007/09/17 08:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007/08/02 15:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/08/02 15:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/08/02 15:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/05/10 08:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/05/04 21:00:00 | 000,105,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2007/03/21 20:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/02/24 12:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/01/23 14:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/06/12 15:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2005/08/12 14:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) DRV - [2004/05/27 15:47:16 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2004/05/21 19:16:14 | 000,471,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\..\SearchScopes\{2D28B31C-1DEC-4572-9321-43CDA6357A93}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8 IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\..\SearchScopes\{EB03EC51-E581-429C-899C-FF00B33645DA}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\..\SearchScopes\{EE16FE80-522B-4054-9F23-F0CFECA663CA}: "URL" = http://rover.ebay.com/rover/1/710-61977-23097-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-823518204-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012/09/29 20:10:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/01/30 12:35:55 | 000,000,000 | ---D | M] [2012/01/24 19:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Agata\Application Data\Mozilla\Extensions [2012/01/24 19:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Agata\Application Data\Mozilla\Extensions\home2@tomtom.com [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com O1 HOSTS File: ([2006/03/02 12:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-823518204-436374069-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-823518204-436374069-682003330-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-823518204-436374069-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222991482734 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kaplanprofessional.webex.com/client/T27LD/nbr/ieatgpc.cab (GpcContainer Class) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6CA0334-9078-4926-8ACC-0F187CCE0EA8}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Agata\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Agata\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/02 22:04:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{110e9e84-0cd1-11de-a8d9-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{110e9e84-0cd1-11de-a8d9-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{110e9e8d-0cd1-11de-a8d9-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{110e9e8d-0cd1-11de-a8d9-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{526cd6a8-63ba-11de-a95a-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{526cd6a8-63ba-11de-a95a-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{5ee6088c-22dc-11df-aa78-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{5ee6088c-22dc-11df-aa78-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{5ee6088d-22dc-11df-aa78-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{5ee6088d-22dc-11df-aa78-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{988af74c-3e61-11de-a91e-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{988af74c-3e61-11de-a91e-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{a5184c6a-40a2-11de-a924-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{a5184c6a-40a2-11de-a924-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{bc5e151a-8a4b-11de-a98d-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{bc5e151a-8a4b-11de-a98d-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{dcc809a6-3266-11de-a90c-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{dcc809a6-3266-11de-a90c-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{e96f9c1e-72f3-11de-a96e-00164489041d}\Shell - "" = AutoRun O33 - MountPoints2\{e96f9c1e-72f3-11de-a96e-00164489041d}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE O33 - MountPoints2\{fcb91184-0d7a-11df-aa55-00164489041d}\Shell\AutoRun\command - "" = E:\web'n'walk_Helper.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/01/30 12:05:55 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/30 11:29:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Agata\Pulpit\OTL.exe [2013/01/30 10:50:28 | 000,000,000 | ---D | C] -- C:\N360_BACKUP [2013/01/25 19:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\VideoLAN [2013/01/22 18:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/01/22 18:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Skype [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/30 12:37:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/30 12:35:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/30 12:31:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/30 12:06:04 | 000,501,338 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2013/01/30 12:06:04 | 000,442,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/30 12:06:04 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2013/01/30 12:06:04 | 000,072,174 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/30 11:21:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Agata\Pulpit\OTL.exe [2013/01/29 12:12:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{73ED7AF8-4F1B-4290-AE52-4FE7B337006E}.job [2013/01/28 14:18:44 | 000,833,844 | ---- | M] () -- C:\Documents and Settings\Agata\Pulpit\BPP.EXEL.2003.zip [2013/01/25 19:13:56 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\VLC media player.lnk [2013/01/25 18:55:45 | 000,201,728 | ---- | M] () -- C:\Documents and Settings\Agata\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/24 09:48:08 | 000,630,879 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1402010.016\Cat.DB [2013/01/24 09:47:41 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1402010.016\VT20130115.021 [2013/01/10 07:46:06 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1402010.016\isolate.ini [2013/01/08 23:32:03 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/08 23:32:03 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/08 23:31:57 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/28 14:18:38 | 000,833,844 | ---- | C] () -- C:\Documents and Settings\Agata\Pulpit\BPP.EXEL.2003.zip [2013/01/25 19:13:55 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\VLC media player.lnk [2012/01/05 08:12:27 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe [2012/01/05 08:12:17 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys [2012/01/05 08:12:17 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2012/01/05 08:12:16 | 000,471,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys [2011/11/17 13:07:17 | 000,000,520 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2011/08/04 17:57:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2011/03/11 19:02:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/02/23 23:06:46 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys [2011/02/23 23:06:46 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\D1E37594F6.sys [2011/02/22 22:55:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache [2011/02/22 22:13:34 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011/01/05 08:23:34 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Agata\Ustawienia lokalne\Dane aplikacji\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/01/05 08:18:31 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/07/18 12:15:14 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Agata\Cache.db [2010/01/13 11:01:16 | 018,030,130 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\vlc-1.0.3-win32.exe [2009/10/13 13:08:33 | 018,527,244 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\vlc-1.0.2-win32.exe [2008/10/05 11:50:05 | 000,201,728 | ---- | C] () -- C:\Documents and Settings\Agata\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/03 00:57:03 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Agata\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2008/10/03 00:37:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 17:20:47 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 10:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 17:20:57 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011/07/01 09:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Agata\Application Data\DAEMON Tools Lite [2012/01/05 08:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Agata\Application Data\FotoWire [2011/06/16 18:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Agata\Application Data\Registry Mechanic [2011/06/17 06:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Agata\Application Data\Softland [2012/01/24 19:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Agata\Application Data\TomTom [2010/07/12 08:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D287FACF @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D1B5B4F1 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report >