OTL logfile created on: 2012-06-02 08:49:06 - Run 2 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\IT\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,97 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 50,13% Memory free 15,95 Gb Paging File | 11,46 Gb Available in Paging File | 71,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444,98 Gb Total Space | 270,81 Gb Free Space | 60,86% Space Free | Partition Type: NTFS Drive E: | 15,49 Gb Total Space | 2,32 Gb Free Space | 14,97% Space Free | Partition Type: NTFS Drive F: | 4,98 Gb Total Space | 2,13 Gb Free Space | 42,69% Space Free | Partition Type: FAT32 Computer Name: ITHD | User Name: IT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-02 08:47:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Downloads\OTL (1).exe PRC - [2012-05-21 08:51:53 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-04-04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-05-06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011-04-05 20:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011-03-29 02:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011-02-11 02:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011-02-09 20:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe PRC - [2011-02-09 20:28:12 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2011-02-07 21:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2011-02-07 21:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2011-01-29 01:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011-01-28 18:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe PRC - [2011-01-26 19:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011-01-26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-01-18 23:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011-01-18 23:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2011-01-12 21:48:48 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2011-01-04 00:16:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011-01-04 00:16:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010-12-17 07:56:10 | 003,707,808 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE PRC - [2010-11-29 21:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010-11-20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010-11-11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe PRC - [2010-07-30 04:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2005-02-25 11:29:40 | 000,135,168 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe PRC - [2005-02-24 09:20:06 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-05-23 03:56:50 | 000,441,880 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll MOD - [2012-05-23 03:56:49 | 003,922,456 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll MOD - [2012-05-23 03:55:35 | 000,553,496 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll MOD - [2012-05-23 03:55:33 | 000,117,784 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll MOD - [2012-05-23 03:55:24 | 000,134,696 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll MOD - [2012-05-23 03:55:23 | 000,250,408 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll MOD - [2012-05-23 03:55:21 | 002,375,720 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll MOD - [2012-05-23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll MOD - [2012-05-23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Users\IT\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll MOD - [2012-05-10 03:38:43 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012-05-10 03:38:43 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b81e3e084d74df5d723dd33d6b9a2dff\IAStorCommon.ni.dll MOD - [2012-05-10 03:38:42 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\741f032e98c1f5fc85e87dc68ded6e88\IAStorUtil.ni.dll MOD - [2012-05-10 03:29:02 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll MOD - [2012-05-10 03:28:57 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012-05-10 03:28:37 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012-05-10 03:28:31 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012-05-10 03:28:22 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012-05-10 03:28:18 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012-05-10 03:28:15 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012-05-10 03:28:15 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012-05-10 03:28:05 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011-03-09 21:48:35 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011-03-09 21:28:50 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2011-02-09 20:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe MOD - [2011-01-12 21:48:48 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010-12-21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010-12-17 07:56:10 | 000,165,376 | ---- | M] () -- C:\totalcmd\UNRAR.DLL MOD - [2010-12-17 07:56:10 | 000,123,536 | ---- | M] () -- C:\totalcmd\WCMZIP32.DLL MOD - [2010-11-25 08:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll MOD - [2010-11-13 04:37:37 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-05-19 20:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010-05-19 20:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010-05-19 20:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2005-02-24 09:20:26 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\win32\jsyblib142.dll MOD - [2005-02-24 09:20:08 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjlgen.dll MOD - [2005-02-24 09:20:06 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe MOD - [2003-09-16 18:23:36 | 000,122,992 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\jpeg.dll MOD - [2003-09-16 18:21:36 | 000,327,811 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\fontmanager.dll MOD - [2003-09-16 18:19:32 | 000,139,375 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\dcpr.dll MOD - [2003-09-16 18:15:10 | 000,970,862 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\awt.dll MOD - [2003-09-16 17:58:48 | 000,057,455 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\net.dll MOD - [2003-09-16 17:51:14 | 000,053,364 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\zip.dll MOD - [2003-09-16 17:50:20 | 000,102,515 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\java.dll MOD - [2003-09-16 17:46:24 | 000,057,453 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\verify.dll MOD - [2003-09-16 17:46:06 | 001,212,546 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\client\jvm.dll MOD - [2003-09-16 17:45:54 | 000,028,791 | ---- | M] () -- C:\Program Files (x86)\Sybase\Shared\Sun\jre142\bin\hpi.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-03-26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2012-03-26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2011-07-25 06:07:00 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc) SRV:[b]64bit:[/b] - [2011-05-13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:[b]64bit:[/b] - [2011-02-12 06:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:[b]64bit:[/b] - [2011-02-09 20:28:12 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:[b]64bit:[/b] - [2011-02-06 09:39:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011-01-28 18:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:[b]64bit:[/b] - [2011-01-27 11:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2011-01-27 04:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:[b]64bit:[/b] - [2011-01-22 04:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:[b]64bit:[/b] - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2010-11-20 15:27:23 | 000,187,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:[b]64bit:[/b] - [2010-11-20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:[b]64bit:[/b] - [2010-11-20 15:26:46 | 000,232,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:[b]64bit:[/b] - [2010-11-20 15:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:[b]64bit:[/b] - [2010-07-30 04:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009-12-04 01:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009-07-14 03:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC) SRV:[b]64bit:[/b] - [2009-03-03 12:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-05-06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011-04-05 20:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011-03-29 02:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011-02-07 21:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2011-02-04 01:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2011-01-29 01:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011-01-26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011-01-22 04:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2011-01-18 23:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2011-01-15 14:32:30 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2011-01-12 21:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Disabled | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2011-01-04 00:16:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011-01-04 00:16:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010-11-29 21:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R) SRV - [2010-11-20 14:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2010-11-11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-07-14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012-03-20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:[b]64bit:[/b] - [2012-02-16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:[b]64bit:[/b] - [2011-09-16 02:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2011-07-25 06:06:59 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:[b]64bit:[/b] - [2011-07-25 06:06:58 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2011-05-13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:[b]64bit:[/b] - [2011-05-13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-09 20:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:[b]64bit:[/b] - [2011-02-08 19:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:[b]64bit:[/b] - [2011-02-07 17:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:[b]64bit:[/b] - [2011-02-06 10:22:40 | 009,090,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011-02-06 09:01:44 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011-01-30 21:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:[b]64bit:[/b] - [2011-01-27 11:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2011-01-13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010-12-21 19:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2010-12-21 11:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:[b]64bit:[/b] - [2010-12-03 03:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:[b]64bit:[/b] - [2010-11-20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:[b]64bit:[/b] - [2010-11-20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:[b]64bit:[/b] - [2010-11-20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-11-20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:[b]64bit:[/b] - [2010-11-17 03:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2010-11-15 12:52:08 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2010-11-15 12:52:08 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2010-11-11 09:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:[b]64bit:[/b] - [2010-10-20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:[b]64bit:[/b] - [2010-08-10 18:56:30 | 000,137,728 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:[b]64bit:[/b] - [2010-08-10 18:56:30 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:[b]64bit:[/b] - [2010-08-10 18:56:30 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:[b]64bit:[/b] - [2010-08-10 18:56:30 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:[b]64bit:[/b] - [2010-08-10 18:56:30 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:[b]64bit:[/b] - [2010-07-20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2010-07-20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2010-07-20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2010-07-14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:[b]64bit:[/b] - [2010-03-19 13:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2010-03-03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2010-01-26 22:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2009-07-14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2009-07-14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0C691661-94E6-4BE3-9D6E-9DD674D109D9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=55554fbb-f237-11e0-94ff-cc52afcb2a58&q={searchTerms} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9SE_ENUS/110 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes,DefaultScope = {0C691661-94E6-4BE3-9D6E-9DD674D109D9} IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes\{0C691661-94E6-4BE3-9D6E-9DD674D109D9}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7ADRA_plPL448 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes\{3F71E710-AD64-4297-B988-BC7225ACC86C}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7ADRA_pl IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes\{516D1782-EDA8-4D4E-9322-202113941D4C}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7ADRA_plPL448 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes\{6CFB7CF7-B5C7-49CA-A110-4AAE079C7BAD}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7ADRA_plPL448 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes\{8A895F61-7BB3-4610-A197-BF9350EFE07E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYPL&apn_uid=d49fc04c-37a0-488a-bfd9-f61da0730220&apn_sauid=CF17AF56-C7AA-4858-8AA1-F4CB50AE7365 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\SearchScopes\{B510B1ED-3F03-487A-ABF3-630819138B62}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 IE - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IT\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IT\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-03-09 21:36:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-21 08:52:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-09-10 13:08:45 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\IT\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\IT\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Cortona3D Viewer (Enabled) = C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\IT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\IT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\IT\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Users\IT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\IT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011-12-22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.52\npchrome_frame.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe () O4:[b]64bit:[/b] - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001..\Run: [DBISQL9] C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.) O4 - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001..\Run: [SybaseCentral43] C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe () O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3254880603-2455394732-3917470795-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D531E5E-8910-45F0-AA95-570359A870C8}: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D82E59-F5C4-4FAA-8958-E3F709C338AB}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32A96ADE-8C05-43B4-A7CA-6A9426844CF1}: DhcpNameServer = 192.168.160.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48367208-F649-44BB-83D8-E1584F4DF26E}: DhcpNameServer = 192.168.0.1 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\gcf - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.52\npchrome_frame.dll (Google Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-02 08:23:33 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit [2012-06-02 08:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit [2012-06-02 08:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2012-06-02 08:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64) [2012-06-02 08:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64) [2012-06-02 08:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier [2012-06-02 08:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64) [2012-06-02 08:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier [2012-06-02 08:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier (x64) [2012-06-02 08:17:54 | 000,000,000 | ---D | C] -- C:\windows\symbols [2012-06-02 08:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2012-06-02 08:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1 [2012-06-02 08:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2012-06-02 07:58:42 | 000,000,000 | ---D | C] -- C:\e955c678ac586b9a24c4 [2012-06-02 07:38:20 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\Malwarebytes [2012-06-02 07:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-06-02 07:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-06-02 07:38:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012-06-02 07:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-06-01 13:17:29 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair [2012-06-01 13:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair [2012-06-01 13:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair [2012-06-01 12:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012-06-01 12:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012-06-01 11:29:25 | 000,000,000 | ---D | C] -- C:\AULOGS [2012-05-31 17:15:55 | 000,000,000 | ---D | C] -- C:\Parkhotel [2012-05-30 08:24:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-05-30 06:02:23 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth [2012-05-30 04:05:19 | 055,656,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe [2012-05-30 00:39:51 | 000,000,000 | ---D | C] -- C:\windows\temp [2012-05-30 00:25:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012-05-30 00:25:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012-05-30 00:25:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012-05-30 00:25:09 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012-05-30 00:24:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-05-29 23:04:17 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\ArcVCapRender [2012-05-29 23:04:02 | 000,032,192 | ---- | C] (ArcSoft, Inc.) -- C:\windows\SysNative\drivers\ArcSoftVCapture.sys [2012-05-29 23:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arcsoft [2012-05-29 23:02:54 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\InstallShield [2012-05-29 21:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2 [2012-05-29 21:23:10 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Roaming\ArcaVirMicroScan [2012-05-29 14:32:42 | 000,000,000 | ---D | C] -- C:\Users\IT\Desktop\SuperAdmin.{ED7BA470-8E54-465E-825C-99712043E01C} [2012-05-29 11:15:50 | 000,000,000 | ---D | C] -- C:\Diament (DAX) [2012-05-29 11:15:10 | 000,000,000 | ---D | C] -- C:\nowe [2012-05-29 08:33:59 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\BestPractices [2012-05-29 08:33:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\BestPractices [2012-05-29 08:33:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\0415 [2012-05-29 08:33:56 | 000,000,000 | ---D | C] -- C:\inetpub [2012-05-27 11:40:16 | 000,212,992 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u2fxls.dll [2012-05-27 11:40:16 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Vb6de.dll [2012-05-27 11:40:16 | 000,106,496 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u2fwordw.dll [2012-05-27 11:40:16 | 000,102,400 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\u2dpost.dll [2012-05-27 11:40:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Vb6stkit.dll [2012-05-27 11:40:16 | 000,090,112 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u2ftext.dll [2012-05-27 11:40:16 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Vb5db.dll [2012-05-27 11:40:16 | 000,057,344 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\u2dvim.dll [2012-05-27 11:40:16 | 000,053,248 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\u2dnotes.dll [2012-05-27 11:40:16 | 000,049,152 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u2fodbc.dll [2012-05-27 11:40:16 | 000,045,056 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u2fhtml.dll [2012-05-27 11:40:16 | 000,040,960 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\u2fwks.dll [2012-05-27 11:40:16 | 000,040,960 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\u2dmapi.dll [2012-05-27 11:40:16 | 000,036,864 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u2frec.dll [2012-05-27 11:40:16 | 000,036,864 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\u2fsepv.dll [2012-05-27 11:40:16 | 000,030,749 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.024 [2012-05-27 11:40:16 | 000,028,672 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u2fcr.dll [2012-05-27 11:40:16 | 000,024,576 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\x3fxlde.dll [2012-05-27 11:40:16 | 000,024,576 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\x3ftxde.dll [2012-05-27 11:40:16 | 000,024,576 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\x3fhtde.dll [2012-05-27 11:40:16 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\x3dvmde.dll [2012-05-27 11:40:16 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\x3dptde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\x3fwdde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\x3frcde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\x3fodde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\x3fcrde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\x3ddkde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u3ls1de.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u3l20de.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u3520de.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\x3fwkde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\x3fsvde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\x3dntde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\x3dmpde.dll [2012-05-27 11:40:16 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\x3dapde.dll [2012-05-27 11:40:15 | 000,568,832 | ---- | C] (Apex Software Corporation) -- C:\windows\SysWow64\Tdbg32.ocx [2012-05-27 11:40:15 | 000,485,112 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\windows\SysWow64\Sscala32.ocx [2012-05-27 11:40:15 | 000,258,840 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\windows\SysWow64\SSLstBar.ocx [2012-05-27 11:40:15 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\windows\SysWow64\Threed32.ocx [2012-05-27 11:40:15 | 000,174,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.022 [2012-05-27 11:40:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\St6unst.exe [2012-05-27 11:40:15 | 000,071,136 | ---- | C] (Sheridan) -- C:\windows\SysWow64\SSPng2.dll [2012-05-27 11:40:15 | 000,028,672 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\u2ddisk.dll [2012-05-27 11:40:15 | 000,028,672 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\u2dapp.dll [2012-05-27 11:40:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.023 [2012-05-27 11:40:14 | 000,168,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p2ssql.dll [2012-05-27 11:40:14 | 000,167,936 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\windows\SysWow64\p2sifmx.dll [2012-05-27 11:40:14 | 000,167,936 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p2sora7.dll [2012-05-27 11:40:14 | 000,159,744 | ---- | C] (Seagate Software Inc.) -- C:\windows\SysWow64\p2ssyb10.dll [2012-05-27 11:40:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Rdo20de.dll [2012-05-27 11:40:14 | 000,045,056 | ---- | C] (Seagate Software, Inc) -- C:\windows\SysWow64\p3solde.dll [2012-05-27 11:40:14 | 000,040,960 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p3ssqde.dll [2012-05-27 11:40:14 | 000,040,960 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p3so7de.dll [2012-05-27 11:40:14 | 000,040,960 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p3dbede.dll [2012-05-27 11:40:14 | 000,036,864 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\windows\SysWow64\p3sifde.dll [2012-05-27 11:40:14 | 000,036,864 | ---- | C] (Seagate Software, Inc) -- C:\windows\SysWow64\p3smnde.dll [2012-05-27 11:40:14 | 000,036,864 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p3sodde.dll [2012-05-27 11:40:14 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Rchtxde.dll [2012-05-27 11:40:14 | 000,028,672 | ---- | C] (Seagate Software, Inc.) -- C:\windows\SysWow64\p3dxbde.dll [2012-05-27 11:40:14 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p3rdode.dll [2012-05-27 11:40:14 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p3ddode.dll [2012-05-27 11:40:14 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p3tdode.dll [2012-05-27 11:40:14 | 000,004,096 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p3dbdde.dll [2012-05-27 11:40:13 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.020 [2012-05-27 11:40:13 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.01F [2012-05-27 11:40:13 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.01E [2012-05-27 11:40:13 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.021 [2012-05-27 11:40:13 | 000,094,208 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p2bdao.dll [2012-05-27 11:40:13 | 000,077,824 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p2bbde.dll [2012-05-27 11:40:13 | 000,065,536 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p2irdao.dll [2012-05-27 11:40:13 | 000,053,248 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\p2ctdao.dll [2012-05-27 11:40:13 | 000,023,040 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\P2bbnd.dll [2012-05-27 11:40:12 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.01D [2012-05-27 11:40:12 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Msrepl35.dll [2012-05-27 11:40:12 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Msrd2x35.dll [2012-05-27 11:40:12 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Msjter35.dll [2012-05-27 11:40:11 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.01C [2012-05-27 11:40:11 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Mscmcde.dll [2012-05-27 11:40:11 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.01A [2012-05-27 11:40:11 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.01B [2012-05-27 11:40:11 | 000,091,648 | ---- | C] (MEYSOFT) -- C:\windows\SysWow64\KVKRead.ocx [2012-05-27 11:40:10 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.019 [2012-05-27 11:40:10 | 000,102,400 | ---- | C] (Cherry GmbH, Auerbach, Germany) -- C:\windows\SysWow64\G8015012.dll [2012-05-27 11:40:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.018 [2012-05-27 11:40:09 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Dao350.dll [2012-05-27 11:40:09 | 000,380,957 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.017 [2012-05-27 11:40:09 | 000,270,336 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\crxf_pdf.dll [2012-05-27 11:40:09 | 000,200,755 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\crxf_rtf.dll [2012-05-27 11:40:09 | 000,035,328 | ---- | C] (Apex Software Corporation) -- C:\windows\SysWow64\Dbgrdde.dll [2012-05-27 11:40:09 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\crxf_rtf_res_de.dll [2012-05-27 11:40:09 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\SysWow64\crxf_pdf_res_de.dll [2012-05-27 11:40:07 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.015 [2012-05-27 11:40:07 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Cmctlde.dll [2012-05-27 11:40:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Cmdlgde.dll [2012-05-27 11:40:07 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.016 [2012-05-27 11:40:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Msmpide.dll [2012-05-27 11:40:00 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\temp.014 [2012-05-27 11:40:00 | 000,107,784 | ---- | C] (Catalyst Development Corporation) -- C:\windows\SysWow64\Cswsk32.ocx [2012-05-27 11:39:58 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dao360.dll [2012-05-25 16:12:22 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012-05-21 08:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012-05-21 08:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012-05-16 19:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SKIDATA [2012-05-14 19:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1 [2012-05-14 19:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2012-05-11 11:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012-05-11 11:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012-05-11 11:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012-05-09 21:01:27 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2012-05-09 21:01:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012-05-09 21:01:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012-05-09 21:01:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012-05-07 10:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012-05-04 07:49:02 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\APN [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-02 08:50:58 | 006,815,744 | -HS- | M] () -- C:\Users\IT\NTUSER.DAT [2012-06-02 08:23:01 | 000,001,040 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012-06-02 08:16:21 | 000,367,956 | ---- | M] () -- C:\haslo.png [2012-06-02 08:12:04 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3254880603-2455394732-3917470795-1001UA.job [2012-06-02 07:43:39 | 000,002,054 | -H-- | M] () -- C:\Users\IT\Documents\Default.rdp [2012-06-02 07:38:15 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-06-02 06:23:00 | 000,001,036 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012-06-01 21:11:48 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-06-01 21:11:48 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-06-01 21:03:29 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012-06-01 21:03:22 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2012-06-01 21:03:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012-06-01 21:03:05 | 4268,081,151 | -HS- | M] () -- C:\hiberfil.sys [2012-06-01 14:23:41 | 000,005,204 | ---- | M] () -- C:\Revenue+Tender.zip [2012-06-01 13:33:09 | 000,040,807 | ---- | M] () -- C:\_HP00300.pdf [2012-06-01 13:17:29 | 000,001,007 | ---- | M] () -- C:\Users\IT\Desktop\Free Window Registry Repair.lnk [2012-06-01 12:13:37 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif [2012-06-01 12:13:30 | 001,937,184 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012-06-01 12:13:30 | 000,829,056 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2012-06-01 12:13:30 | 000,736,904 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012-06-01 12:13:30 | 000,194,882 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2012-06-01 12:13:30 | 000,153,600 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012-06-01 12:12:02 | 000,000,994 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3254880603-2455394732-3917470795-1001Core.job [2012-05-31 22:10:38 | 000,082,851 | ---- | M] () -- C:\garfield_8.jpg [2012-05-31 22:06:10 | 000,007,563 | ---- | M] () -- C:\klej-kropelka-2ml-88620.jpg [2012-05-31 19:44:36 | 000,118,006 | ---- | M] () -- C:\presentaciones_transp.png [2012-05-31 19:30:30 | 000,000,111 | -H-- | M] () -- C:\sys3478.bin [2012-05-30 03:23:19 | 000,000,640 | RHS- | M] () -- C:\Users\IT\ntuser.pol [2012-05-30 00:34:11 | 000,000,215 | ---- | M] () -- C:\windows\system.ini [2012-05-30 00:33:40 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.old [2012-05-29 23:04:26 | 000,002,200 | ---- | M] () -- C:\windows\SysNative\arcVCapture.pfg [2012-05-29 22:37:01 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\S4H Chef.lnk [2012-05-29 22:37:01 | 000,002,577 | ---- | M] () -- C:\Users\Public\Desktop\S4H POS.lnk [2012-05-29 10:14:01 | 002,117,284 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012-05-28 12:13:09 | 001,362,443 | ---- | M] () -- C:\CurrentCertifiedInterfacesListExternal.pdf [2012-05-27 11:55:24 | 000,000,077 | ---- | M] () -- C:\windows\EXP.INI [2012-05-27 11:48:29 | 000,000,461 | ---- | M] () -- C:\windows\ODBC.INI [2012-05-25 16:23:29 | 000,002,791 | ---- | M] () -- C:\windows\_isenv31.ini [2012-05-25 16:20:43 | 000,001,795 | ---- | M] () -- C:\windows\sql.mif [2012-05-25 16:15:30 | 000,001,271 | ---- | M] () -- C:\windows\setup~0.iss [2012-05-24 02:13:11 | 000,002,394 | ---- | M] () -- C:\Users\IT\Desktop\Google Chrome.lnk [2012-05-23 10:44:44 | 000,755,554 | ---- | M] () -- C:\fmot.png [2012-05-21 08:52:24 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk [2012-05-21 08:52:24 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012-05-21 08:52:09 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll [2012-05-21 08:51:58 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll [2012-05-21 08:51:58 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll [2012-05-21 08:51:56 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll [2012-05-16 19:22:15 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\SKIDATA OPOS.Cash.lnk [2012-05-14 19:41:34 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2012-05-10 21:39:12 | 005,579,147 | ---- | M] () -- C:\20GB.pdf [2012-05-10 03:26:53 | 000,391,912 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012-05-08 19:30:06 | 000,000,334 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForITHD$.job [2012-05-07 10:57:13 | 001,766,849 | ---- | M] () -- C:\cz4.pdf [2012-05-07 10:56:58 | 002,532,731 | ---- | M] () -- C:\cz3.pdf [2012-05-07 10:56:30 | 002,429,786 | ---- | M] () -- C:\cz2.pdf [2012-05-07 10:56:04 | 001,617,175 | ---- | M] () -- C:\cz1.pdf [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-02 08:16:21 | 000,367,956 | ---- | C] () -- C:\haslo.png [2012-06-02 07:38:15 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-06-01 14:23:41 | 000,005,204 | ---- | C] () -- C:\Revenue+Tender.zip [2012-06-01 13:33:03 | 000,040,807 | ---- | C] () -- C:\_HP00300.pdf [2012-06-01 13:17:29 | 000,001,007 | ---- | C] () -- C:\Users\IT\Desktop\Free Window Registry Repair.lnk [2012-06-01 12:13:37 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif [2012-06-01 12:13:33 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012-05-31 22:10:40 | 000,082,851 | ---- | C] () -- C:\garfield_8.jpg [2012-05-31 22:06:12 | 000,007,563 | ---- | C] () -- C:\klej-kropelka-2ml-88620.jpg [2012-05-31 19:44:43 | 000,118,006 | ---- | C] () -- C:\presentaciones_transp.png [2012-05-30 03:23:19 | 000,000,640 | RHS- | C] () -- C:\Users\IT\ntuser.pol [2012-05-30 00:25:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012-05-30 00:25:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012-05-30 00:25:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012-05-30 00:25:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012-05-30 00:25:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012-05-29 23:04:26 | 000,002,200 | ---- | C] () -- C:\windows\SysNative\arcVCapture.pfg [2012-05-28 12:13:16 | 001,362,443 | ---- | C] () -- C:\CurrentCertifiedInterfacesListExternal.pdf [2012-05-27 11:55:24 | 000,000,077 | ---- | C] () -- C:\windows\EXP.INI [2012-05-27 11:40:16 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\u2lbar.dll [2012-05-27 11:40:15 | 000,099,328 | ---- | C] () -- C:\windows\SysWow64\threed32.oca [2012-05-27 11:40:15 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\u25store.dll [2012-05-27 11:40:15 | 000,002,243 | ---- | C] () -- C:\windows\SysWow64\TPlan_SE.DDF [2012-05-27 11:40:00 | 000,018,432 | ---- | C] () -- C:\windows\SysWow64\CSWSK32.oca [2012-05-27 11:40:00 | 000,000,724 | ---- | C] () -- C:\windows\SysWow64\Cswsk32.dep [2012-05-25 16:23:29 | 000,002,791 | ---- | C] () -- C:\windows\_isenv31.ini [2012-05-25 16:20:26 | 000,001,795 | ---- | C] () -- C:\windows\sql.mif [2012-05-23 10:44:43 | 000,755,554 | ---- | C] () -- C:\fmot.png [2012-05-21 08:52:24 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk [2012-05-21 08:52:24 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012-05-14 19:41:34 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2012-05-10 21:39:20 | 005,579,147 | ---- | C] () -- C:\20GB.pdf [2012-05-07 10:57:15 | 001,766,849 | ---- | C] () -- C:\cz4.pdf [2012-05-07 10:57:00 | 002,532,731 | ---- | C] () -- C:\cz3.pdf [2012-05-07 10:56:33 | 002,429,786 | ---- | C] () -- C:\cz2.pdf [2012-05-07 10:56:11 | 001,617,175 | ---- | C] () -- C:\cz1.pdf [2012-01-31 19:15:42 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2012-01-31 19:15:42 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012-01-31 19:15:42 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012-01-31 19:15:42 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011-12-29 16:22:28 | 000,075,776 | ---- | C] () -- C:\windows\cadkasdeinst01e.exe [2011-12-01 23:01:13 | 000,000,461 | ---- | C] () -- C:\windows\ODBC.INI [2011-12-01 22:26:59 | 000,000,777 | ---- | C] () -- C:\windows\ODBCINST.INI [2011-12-01 22:26:57 | 000,100,352 | ---- | C] () -- C:\windows\SysWow64\pg32conv.dll [2011-12-01 22:26:57 | 000,018,944 | ---- | C] ( ) -- C:\windows\SysWow64\Implode.dll [2011-12-01 22:26:55 | 003,673,360 | ---- | C] () -- C:\windows\SysWow64\MSO97RT.DLL [2011-09-24 15:59:41 | 000,000,000 | ---- | C] () -- C:\windows\MM3DVR.INI [2011-09-16 00:10:12 | 000,000,147 | ---- | C] () -- C:\windows\oesp_response.ini [2011-09-16 00:04:05 | 000,000,021 | ---- | C] () -- C:\windows\vb.ini [2011-09-10 00:05:38 | 000,102,240 | ---- | C] () -- C:\Users\IT\AppData\Local\GDIPFONTCACHEV1.DAT [2011-07-25 06:36:51 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbeie.sys [2011-07-25 06:17:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011-07-25 06:14:55 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011-07-25 06:14:55 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2011-03-09 21:52:40 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbgfc.sys [2011-03-09 21:41:46 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini [2011-03-09 21:36:33 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbgee.sys [2011-03-09 21:08:11 | 001,937,184 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011-02-26 00:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll [2011-02-12 06:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign [2011-02-12 06:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign [2011-02-12 06:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign [2011-02-12 06:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign [2011-02-04 01:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll [2011-02-03 06:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign [2011-02-03 06:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign [2011-02-03 06:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign [2011-01-30 01:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe [2011-01-22 21:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign [2011-01-11 05:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat [2010-12-20 17:27:22 | 000,003,113 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2010-12-07 07:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll [2010-12-07 07:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign [color=#E56717]========== LOP Check ==========[/color] [2012-05-29 18:22:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DigitalPersona [2012-05-30 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER [2012-05-29 18:22:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Infineon [2012-05-29 18:23:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synaptics [2012-05-29 21:39:26 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\ArcaVirMicroScan [2011-12-29 16:22:36 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\CAD-KAS [2011-09-10 00:01:51 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\DigitalPersona [2012-05-29 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Dropbox [2012-02-20 10:44:46 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Expert PDF 7 [2012-02-14 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Expert PDF Editor [2012-01-11 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Foxit Software [2011-09-10 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\GHISLER [2011-09-10 00:02:12 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Infineon [2012-03-14 05:50:51 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\ipla [2011-10-24 02:02:02 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\MotelMateDemo For Windows [2012-02-15 13:01:17 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Samsung [2012-03-23 10:33:11 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Smart PC Solutions [2011-12-08 10:58:20 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Softland [2011-09-10 00:07:23 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Synaptics [2012-04-23 15:59:54 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Temp [2012-05-22 20:15:14 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7311BB85 < End of report >