OTL logfile created on: 2012-06-29 12:02:22 - Run 5 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\z00269rd\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,86 Gb Total Physical Memory | 0,37 Gb Available Physical Memory | 20,01% Memory free 3,71 Gb Paging File | 2,02 Gb Available in Paging File | 54,48% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 308,29 Gb Free Space | 66,19% Space Free | Partition Type: NTFS Drive D: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 465,76 Gb Total Space | 308,29 Gb Free Space | 66,19% Space Free | Partition Type: *NT5CSC Drive Q: | 2136,84 Gb Total Space | 18,29 Gb Free Space | 0,86% Space Free | Partition Type: NTFS Drive U: | 465,76 Gb Total Space | 308,29 Gb Free Space | 66,19% Space Free | Partition Type: NTFS Drive V: | 14,00 Gb Total Space | 4,51 Gb Free Space | 32,20% Space Free | Partition Type: NTFS Computer Name: WAW010158NB | User Name: z00269rd | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-27 01:50:07 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe PRC - [2012-06-26 22:17:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\z00269rd\Desktop\OTL.exe PRC - [2012-05-05 03:43:08 | 000,335,496 | ---- | M] (Juniper Networks") -- C:\Documents and Settings\z00269rd\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe PRC - [2012-05-05 03:16:40 | 001,089,160 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Network Connect 7.1.9\dsNetworkConnect.exe PRC - [2012-05-05 03:16:38 | 000,671,368 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe PRC - [2011-12-12 14:55:22 | 000,277,440 | ---- | M] (SolarWinds) -- C:\WINNT\dwrcs\DWRCST.EXE PRC - [2011-12-12 14:54:56 | 000,588,736 | ---- | M] (SolarWinds) -- C:\WINNT\dwrcs\DWRCS.EXE PRC - [2011-11-02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011-05-11 15:00:38 | 000,180,224 | ---- | M] (Siemens Sp. z o.o.) -- C:\Documents and Settings\z00269rd\Local Settings\Siemens_HS\hs_run.exe PRC - [2010-10-16 07:54:20 | 000,866,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe PRC - [2010-10-15 03:40:16 | 001,349,920 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe PRC - [2010-10-15 03:30:20 | 001,418,672 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe PRC - [2010-09-27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010-07-23 16:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe PRC - [2010-05-25 16:13:34 | 000,131,072 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\CardOS API\bin\siecacst.exe PRC - [2010-01-12 03:57:08 | 000,316,880 | ---- | M] () -- C:\Program Files\OneClickInternet\WTGService.exe PRC - [2009-10-15 19:59:26 | 000,138,088 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe PRC - [2009-10-15 19:59:26 | 000,033,640 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe PRC - [2009-10-15 19:59:26 | 000,017,256 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe PRC - [2009-10-01 15:23:44 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe PRC - [2009-09-18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\CCM\CcmExec.exe PRC - [2009-09-03 11:50:16 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-08-01 00:11:24 | 000,128,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe PRC - [2009-08-01 00:11:22 | 001,807,608 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2009-07-21 01:00:00 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2009-07-13 11:32:42 | 002,676,064 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2009-07-07 11:44:22 | 000,341,320 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2009-07-06 15:38:24 | 000,349,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe PRC - [2009-06-26 22:17:14 | 002,651,512 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2009-06-19 22:21:22 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009-06-16 21:19:32 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009-06-08 15:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2009-06-03 16:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2009-04-03 01:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2008-12-11 15:19:32 | 000,024,653 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe PRC - [2008-12-11 15:13:00 | 000,163,931 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe PRC - [2008-12-11 15:12:24 | 000,114,773 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe PRC - [2008-07-24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2008-07-02 14:25:52 | 000,607,744 | ---- | M] (Siemens AG) -- C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe PRC - [2007-05-11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2006-04-20 15:23:46 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2006-03-26 23:44:08 | 000,221,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe PRC - [2006-03-26 23:44:06 | 000,159,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe PRC - [2005-09-12 14:18:39 | 000,077,824 | ---- | M] (Siemens Sp. z o.o.) -- C:\Program Files\Siemens\AdminSeal\AdminSeal_service.exe PRC - [2004-12-17 10:00:00 | 002,822,144 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WINZIP32.EXE PRC - [2003-11-14 16:58:30 | 000,253,952 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe PRC - [2002-06-20 19:52:30 | 000,065,536 | ---- | M] () -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-25 16:15:34 | 000,843,776 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_fa2062ed\system.drawing.dll MOD - [2012-06-25 16:15:28 | 003,035,136 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_39463c4e\system.windows.forms.dll MOD - [2012-06-25 16:15:16 | 000,471,040 | ---- | M] () -- c:\winnt\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012-02-01 09:12:10 | 003,391,488 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_be302b20\mscorlib.dll MOD - [2012-02-01 09:11:58 | 002,088,960 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4f907e23\system.xml.dll MOD - [2012-02-01 09:11:50 | 001,966,080 | ---- | M] () -- c:\winnt\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_fa669f0d\system.dll MOD - [2012-02-01 09:11:43 | 001,232,896 | ---- | M] () -- c:\winnt\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012-02-01 09:11:41 | 002,064,384 | ---- | M] () -- c:\winnt\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011-03-13 15:03:36 | 000,051,716 | ---- | M] () -- C:\WINNT\system32\pdf995mon.dll MOD - [2011-01-26 12:43:19 | 001,339,392 | ---- | M] () -- c:\winnt\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2011-01-26 12:43:19 | 001,294,336 | ---- | M] () -- c:\winnt\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll MOD - [2011-01-26 12:43:19 | 000,372,736 | ---- | M] () -- c:\winnt\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2011-01-26 12:43:18 | 000,241,664 | ---- | M] () -- c:\winnt\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll MOD - [2011-01-26 12:43:18 | 000,066,560 | ---- | M] () -- c:\winnt\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.thunk.dll MOD - [2010-09-27 12:03:08 | 000,201,512 | ---- | M] () -- C:\WINNT\system32\vpnapi.dll MOD - [2010-01-12 03:57:08 | 000,316,880 | ---- | M] () -- C:\Program Files\OneClickInternet\WTGService.exe MOD - [2009-09-03 11:50:16 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe MOD - [2008-12-11 15:18:54 | 000,016,477 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SgUicl.msg MOD - [2008-12-11 15:13:00 | 000,024,576 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrvps.dll MOD - [2008-12-11 15:12:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtlps.Dll MOD - [2008-12-11 15:11:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SecClassFactoryPs.dll MOD - [2008-12-11 15:11:20 | 000,016,482 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SGE_INFO0409.dll MOD - [2008-12-11 15:10:30 | 000,082,016 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SGE_ERR0409.dll MOD - [2008-12-11 15:10:30 | 000,053,344 | ---- | M] () -- C:\Program Files\Utimaco\SafeGuard Easy\SGE_MSG0409.dll MOD - [2008-06-12 09:23:16 | 000,297,984 | ---- | M] () -- C:\WINNT\CATPC\CATSYS\CatSystem2.dll MOD - [2008-04-18 16:56:18 | 000,311,296 | ---- | M] () -- C:\WINNT\system32\siecaces.dll MOD - [2007-04-16 14:01:06 | 000,184,320 | ---- | M] () -- C:\WINNT\system32\gmp4_2_1.dll MOD - [2007-03-17 17:02:02 | 000,491,520 | ---- | M] () -- C:\WINNT\CATPC\CATSYS\boost_regex-vc80-mt-1_34.dll MOD - [2007-03-17 16:11:42 | 000,184,320 | ---- | M] () -- C:\WINNT\CATPC\CATSYS\boost_serialization-vc80-mt-1_34.dll MOD - [2007-01-13 04:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll MOD - [2007-01-13 04:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll MOD - [2002-06-20 19:52:30 | 000,065,536 | ---- | M] () -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-06-27 01:50:07 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2012-05-05 03:16:38 | 000,671,368 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2011-12-12 14:54:56 | 000,588,736 | ---- | M] (SolarWinds) [Auto | Running] -- C:\WINNT\dwrcs\DWRCS.EXE -- (dwmrcs) SRV - [2010-10-15 03:40:16 | 001,349,920 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2010-10-15 03:30:20 | 001,418,672 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2010-09-27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010-07-23 16:34:26 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2010-01-12 03:57:08 | 000,316,880 | ---- | M] () [Auto | Running] -- C:\Program Files\OneClickInternet\WTGService.exe -- (WTGService) SRV - [2010-01-07 21:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2009-10-01 15:23:44 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe -- (QDLService2kSierra) Qualcomm Gobi 2000 Download Service (Sierra) SRV - [2009-09-18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec) SRV - [2009-09-18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\CCM\TSManager.exe -- (smstsmgr) SRV - [2009-09-03 11:50:16 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009-08-01 00:11:22 | 001,807,608 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2009-07-21 01:00:00 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009-06-19 22:21:22 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008-12-11 15:13:00 | 000,163,931 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv) SRV - [2008-12-11 15:12:24 | 000,114,773 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl) SRV - [2008-07-02 14:25:52 | 000,607,744 | ---- | M] (Siemens AG) [Auto | Running] -- C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe -- (CatSystemSvc) SRV - [2005-09-12 14:18:39 | 000,077,824 | ---- | M] (Siemens Sp. z o.o.) [Auto | Running] -- C:\Program Files\Siemens\AdminSeal\AdminSeal_service.exe -- (AdminSeal) SRV - [2002-06-20 19:52:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe -- (CBBS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\z00269rd\LOCALS~1\Temp\pwrcrpog.sys -- (pwrcrpog) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-05-05 02:50:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2012-03-29 07:46:45 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF) DRV - [2011-07-12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter) DRV - [2011-07-12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter) DRV - [2011-07-12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2010-11-09 05:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010-09-27 11:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010-07-23 16:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2010-07-23 16:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2010-07-23 16:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2010-03-01 15:41:57 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2010-01-07 08:32:26 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Impcd.sys -- (Impcd) DRV - [2009-11-27 16:16:48 | 000,215,040 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009-10-28 01:00:00 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-10-28 01:00:00 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-10-28 01:00:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-10-16 01:00:00 | 000,101,848 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ozscr.sys -- (O2SCBUS) DRV - [2009-09-23 01:00:00 | 000,160,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R) DRV - [2009-09-18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009-09-15 12:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2009-08-01 01:10:26 | 000,659,328 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009-07-27 01:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\o2media.sys -- (O2MDRDR) DRV - [2009-07-27 01:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2009-07-21 01:00:00 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009-07-07 22:38:34 | 000,168,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009-06-23 17:21:20 | 000,069,352 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2009-06-19 10:57:56 | 000,048,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2009-06-19 10:57:42 | 000,059,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2009-06-18 14:43:26 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009-06-17 12:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte) DRV - [2009-06-11 15:05:00 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2009-05-20 17:15:32 | 003,485,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009-05-20 11:23:36 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008-12-11 15:20:14 | 000,019,712 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\AES256.sys -- (AES-256) DRV - [2008-12-11 15:20:08 | 000,063,488 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SGEFLT.sys -- (SgeFlt) DRV - [2008-11-16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\dne2000.sys -- (DNE) DRV - [2008-10-20 21:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smsmdm.sys -- (smsmdd) DRV - [2008-04-14 05:51:44 | 000,187,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\acpi.sys -- (ACPI) DRV - [2008-03-14 17:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\DamewareMini.sys -- (DwMirror) DRV - [2008-03-13 15:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINNT\system32\drivers\dwvkbd.sys -- (dwvkbd) DRV - [2007-12-14 01:00:00 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007-01-18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2004-01-17 01:00:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2001-08-01 22:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\fuj02b1.sys -- (FUJ02B1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.siemens.pl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\SearchScopes,DefaultScope = {34457E82-8AB6-4930-BBC5-172592CE241C} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf.siemens.pl/proxyconf.pac [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINNT\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2012-06-29 12:03:20 | 000,013,614 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 165.226.210.247 qacrm.onedb.net # Changed/controlled by mosaic O1 - Hosts: 165.226.210.157 usdfswdsm1 usdfswdsm1.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.158 usdfswdsm2 usdfswdsm2.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.187 usdfswdsw1 usdfswdsw1.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.188 usdfswdsw2 usdfswdsw2.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.156 usdfswdsd1 usdfswdsd1.corp-am.corp.dom # Changed/controlled by mosaic O1 - Hosts: 165.226.210.246 crm.onedb.net O1 - Hosts: 165.226.210.167 usdfswpsm1 usdfswpsm1.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 165.226.210.171 usdfswpsm2 usdfswpsm2.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 165.226.210.189 usdfswpsw1 usdfswpsw1.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 165.226.210.190 usdfswpsw2 usdfswpsw2.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 165.226.210.166 usdfswpsd1 usdfswpsd1.corp-am.corp.dom # Changed/controlled by CRM-team O1 - Hosts: 146.254.237.49 fthw9gia O1 - Hosts: 146.254.237.50 fthw9gja O1 - Hosts: 146.254.237.51 fthw9h0a O1 - Hosts: 146.254.237.97 pkgn3p0d O1 - Hosts: 146.254.237.5 by2z89 O1 - Hosts: 146.254.237.5 by2z89.diag.local O1 - Hosts: 146.254.237.6 by3z23 O1 - Hosts: 146.254.237.6 by3z23.diag.local O1 - Hosts: 146.254.237.8 byzp0v O1 - Hosts: 146.254.237.8 byzp0v.diag.local O1 - Hosts: 146.254.237.54 DS-DCN3P O1 - Hosts: 140.231.111.201 au-diagmapps01.diag.local au-diagmapps01 O1 - Hosts: 139 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINNT\dwrcs\DWRCST.EXE (SolarWinds) O4 - HKLM..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SGEBackup] C:\Program Files\Utimaco\SafeGuard Easy\CALLSGEBACKUP.VBS () O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [SIECAST] C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG) O4 - HKLM..\Run: [snp2uvc] C:\WINNT\System32\csnp2uvc.dll ( ) O4 - HKLM..\Run: [USM] C:\Program Files\Siemens\USM\USM.exe (Siemens AG) O4 - HKCU..\Run: [CatUserRun] C:\Program Files\CatPC\bin\exec32.exe () O4 - HKCU..\Run: [Siemens_HS] C:\Documents and Settings\z00269rd\Local Settings\Siemens_HS\hs.exe (Siemens Sp. z o.o.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Siebel TrickleSync.lnk = C:\SIEBEL77\WEB CLIENT\BIN\autosync.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINNT\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nointernetopenwith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableBkGndGroupPolicy = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483644 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O9 - Extra Button: eBRITE Desktop - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\eBRITE Desktop\eBRITE Desktop File not found O9 - Extra 'Tools' menuitem : &eBRITE Desktop - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\eBRITE Desktop\eBRITE Desktop File not found O15 - HKLM\..Trusted Domains: microsoft.com ([]* in Zaufane witryny) O15 - HKLM\..Trusted Domains: sap.com ([]* in Zaufane witryny) O15 - HKLM\..Trusted Domains: sap-ag.de ([]* in Zaufane witryny) O15 - HKLM\..Trusted Domains: siemens.net ([]* in Local intranet) O15 - HKLM\..Trusted Domains: sitest.net ([]* in Local intranet) O16 - DPF: {3DC87637-DE84-4C2C-A75F-7F5398F15670} http://crm.onedb.net/eMedical_deu/18393/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework) O16 - DPF: {7066F4E2-EABF-4F73-90E6-F01D18000F56} http://cs.med.siemens.de/Product_Information/DX_Systems/CAI/Chemistry/Dimension_Vista/CB-DOC/swservice/plugins/Annotation.cab (Annotation Control) O16 - DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} https://documentum-us.corp-am.corp.dom/dcm/wdk/native/WdkPluginCab.CAB (DmDragDrop Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura.siemens.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 10.10.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pl001.siemens.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1CBE5EB-2FAF-45C8-A8FF-C2BAAF9EB973}: DhcpNameServer = 192.168.1.1 10.10.10.1 O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (CatUInit) - C:\WINNT\System32\CatUInit.exe (Siemens AG) O20 - Winlogon\Notify\MRCNotify: DllName - (C:\WINNT\dwrcs\DWRCWXL.dll) - C:\WINNT\dwrcs\DWRCWXL.dll (SolarWinds) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-01-26 11:59:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012-04-05 14:41:26 | 000,000,317 | R--- | M] () - D:\AUTOEXE1.BAT -- [ CDFS ] O32 - AutoRun File - [2012-04-05 14:41:26 | 000,000,049 | R--- | M] () - D:\AUTOEXEC.BAT -- [ CDFS ] O33 - MountPoints2\{4897f6cf-c31e-11e0-81c5-d857b3aefad4}\Shell - "" = AutoRun O33 - MountPoints2\{4897f6cf-c31e-11e0-81c5-d857b3aefad4}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-28 19:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Start Menu\Programs\Juniper Networks [2012-06-27 09:29:46 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\z00269rd\Desktop\tdsskiller.exe [2012-06-27 08:37:23 | 000,000,000 | ---D | C] -- C:\Avenger [2012-06-27 02:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Desktop\Pulpit [2012-06-27 01:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro [2012-06-27 01:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012-06-27 01:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2012-06-27 01:49:12 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\z00269rd\Desktop\HitmanPro36.exe [2012-06-27 00:32:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\z00269rd\Desktop\aswMBR.exe [2012-06-26 23:59:47 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\z00269rd\Desktop\BlitzBlank.exe [2012-06-26 22:17:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\z00269rd\Desktop\OTL.exe [2012-06-25 16:10:46 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\jsdbgui.dll [2012-06-24 17:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Local Settings\Application Data\Research In Motion [2012-06-24 14:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2012-06-24 14:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM [2012-06-22 23:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012-06-22 23:02:55 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\npdeployJava1.dll [2012-06-22 23:02:55 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe [2012-06-22 23:02:55 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe [2012-06-22 23:02:55 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe [2012-06-22 23:02:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javacpl.cpl [2012-06-22 11:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Application Data\Research In Motion [2012-06-22 11:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2012-06-22 11:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic [2012-06-22 11:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio [2012-06-22 11:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared [2012-06-22 11:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry [2012-06-22 11:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion [2012-06-22 11:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion [2012-06-22 11:07:14 | 000,000,000 | -HSD | C] -- C:\WINNT\ftpcache [2012-05-31 15:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Application Data\Siemens [2012-05-31 15:43:47 | 000,000,000 | ---D | C] -- C:\MEDSPC [2012-05-31 15:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Siemens EPO [2012-05-31 15:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Siemens Healthcare Diagnostics [2012-05-31 15:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects [2012-05-31 15:11:58 | 000,033,340 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dbmsqlgc.dll [2012-05-31 15:11:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dbmsgnet.dll [2012-05-31 15:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2012-05-31 15:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\z00269rd\Local Settings\Application Data\Downloaded Installations [2012-05-31 15:04:14 | 000,000,000 | ---D | C] -- C:\WINNT\dwrcs [2012-05-31 14:44:39 | 000,000,000 | ---D | C] -- C:\EPO - Installation Kit - Universal [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-29 12:06:36 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\z00269rd\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk [2012-06-29 11:51:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\settings.dat [2012-06-29 11:49:52 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\RootRepeal.zip [2012-06-29 11:17:02 | 000,000,890 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job [2012-06-29 10:26:08 | 000,016,823 | ---- | M] () -- C:\WINNT\cfgall.ini [2012-06-28 22:17:00 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job [2012-06-28 20:13:04 | 000,372,866 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\10493988B_FRT_PL.pdf [2012-06-28 20:08:42 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2012-06-28 20:07:50 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\z00269rd\Desktop\WAW010158NB z00269rd.lnk [2012-06-28 20:07:39 | 000,000,002 | -HS- | M] () -- C:\Documents and Settings\z00269rd\RECYCLER [2012-06-28 20:07:34 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\z00269rd\ntuser.ok [2012-06-28 20:07:26 | 000,000,509 | ---- | M] () -- C:\WINNT\SMSCFG.ini [2012-06-28 20:05:49 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat [2012-06-28 20:05:47 | 2000,072,704 | -HS- | M] () -- C:\hiberfil.sys [2012-06-27 08:36:32 | 000,135,168 | ---- | M] () -- C:\zip.exe [2012-06-27 08:36:32 | 000,019,286 | ---- | M] () -- C:\cleanup.exe [2012-06-27 08:36:32 | 000,000,574 | ---- | M] () -- C:\cleanup.bat [2012-06-27 01:30:34 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat [2012-06-27 01:23:35 | 000,069,632 | ---- | M] () -- C:\WINNT\System32\blzblk.exe [2012-06-27 01:23:35 | 000,001,744 | ---- | M] () -- C:\WINNT\System32\blzblk.dat [2012-06-27 00:13:05 | 000,228,800 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2012-06-26 23:55:38 | 000,000,228 | ---- | M] () -- C:\fix.bat [2012-06-26 19:35:27 | 000,056,950 | RHS- | M] () -- C:\Documents and Settings\z00269rd\ntuser.pol [2012-06-26 19:29:06 | 000,170,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2012-06-26 19:28:35 | 000,000,882 | ---- | M] () -- C:\WINNT\DCEBOOT.RST [2012-06-26 17:23:15 | 000,102,400 | ---- | M] () -- C:\WINNT\RegBootClean.exe [2012-06-26 17:23:15 | 000,022,032 | ---- | M] () -- C:\WINNT\DCEBoot.exe [2012-06-25 16:38:05 | 000,536,678 | ---- | M] () -- C:\WINNT\System32\perfh009.dat [2012-06-25 16:38:05 | 000,100,998 | ---- | M] () -- C:\WINNT\System32\perfc009.dat [2012-06-25 16:35:29 | 000,001,809 | ---- | M] () -- C:\WINNT\imsins.BAK [2012-06-25 10:31:40 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\z00269rd\Application Data\Microsoft\Internet Explorer\Quick Launch\eBRITE AutoSync.lnk [2012-06-24 17:30:33 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl [2012-06-24 14:35:21 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf [2012-06-22 23:02:39 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\npdeployJava1.dll [2012-06-22 23:02:39 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\deployJava1.dll [2012-06-22 23:02:39 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe [2012-06-22 23:02:39 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe [2012-06-22 23:02:39 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe [2012-06-22 23:02:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javacpl.cpl [2012-06-22 21:28:05 | 000,000,256 | ---- | M] () -- C:\WINNT\System32\pool.bin [2012-05-31 15:19:37 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\crypt32.dll [2012-05-31 15:11:59 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk [2012-05-31 15:03:55 | 000,000,117 | ---- | M] () -- C:\WINNT\System32\DWRCCMDError.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-29 11:51:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\settings.dat [2012-06-29 11:49:48 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\RootRepeal.zip [2012-06-28 20:13:04 | 000,372,866 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\10493988B_FRT_PL.pdf [2012-06-27 08:37:43 | 2000,072,704 | -HS- | C] () -- C:\hiberfil.sys [2012-06-27 08:36:32 | 000,135,168 | ---- | C] () -- C:\zip.exe [2012-06-27 08:36:32 | 000,019,286 | ---- | C] () -- C:\cleanup.exe [2012-06-27 08:36:32 | 000,000,574 | ---- | C] () -- C:\cleanup.bat [2012-06-27 08:30:43 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\avenger.exe [2012-06-27 08:27:57 | 000,100,753 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\test.zip [2012-06-27 02:34:03 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\WAW010158NB z00269rd.lnk [2012-06-27 02:18:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\MBR.dat [2012-06-27 01:58:23 | 000,122,243 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\HitmanPro.JPG [2012-06-27 01:50:07 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk [2012-06-27 00:31:38 | 000,340,645 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\FSS.exe [2012-06-27 00:18:35 | 000,114,445 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\BlitzBlank error.JPG [2012-06-27 00:03:50 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\blzblk.exe [2012-06-27 00:03:50 | 000,001,744 | ---- | C] () -- C:\WINNT\System32\blzblk.dat [2012-06-26 23:55:38 | 000,000,228 | ---- | C] () -- C:\fix.bat [2012-06-26 23:25:24 | 000,164,333 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\GMER komunikat.JPG [2012-06-26 23:23:28 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\SystemLook.exe [2012-06-26 23:11:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\z00269rd\Desktop\6yrsngx0.exe [2012-06-26 19:28:35 | 000,000,882 | ---- | C] () -- C:\WINNT\DCEBOOT.RST [2012-06-26 17:13:15 | 000,022,032 | ---- | C] () -- C:\WINNT\DCEBoot.exe [2012-06-24 14:35:21 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf [2012-06-22 11:54:48 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\pool.bin [2012-06-05 16:14:15 | 000,261,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012-05-31 15:11:59 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk [2012-05-31 15:03:55 | 000,000,117 | ---- | C] () -- C:\WINNT\System32\DWRCCMDError.ini [2012-05-02 17:39:28 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\z00269rd\RECYCLER [2012-05-02 17:31:55 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\z00269rd\ntuser.ok [2012-03-13 13:09:57 | 000,102,400 | ---- | C] () -- C:\WINNT\RegBootClean.exe [2012-03-01 16:01:58 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll [2012-01-17 12:31:28 | 000,004,764 | ---- | C] () -- C:\WINNT\System32\CcmFramework.ini [2012-01-14 19:35:17 | 000,000,068 | ---- | C] () -- C:\WINNT\Awpr.ini [2011-11-01 16:57:29 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini [2011-11-01 16:57:27 | 000,881,664 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll [2011-11-01 16:57:26 | 000,205,824 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll [2011-11-01 16:57:26 | 000,085,504 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll [2011-10-17 23:24:40 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\unrar.dll [2011-07-27 14:22:30 | 000,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll [2011-07-27 14:22:30 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll [2011-07-27 14:22:29 | 001,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll [2011-07-27 14:22:29 | 000,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll [2011-07-27 14:22:29 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll [2011-04-29 23:11:59 | 000,000,000 | ---- | C] () -- C:\WINNT\DevItem.INI [2011-04-25 15:28:39 | 000,001,324 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat [2011-04-24 21:21:46 | 000,153,418 | ---- | C] () -- C:\WINNT\hpoins14.dat [2011-04-24 21:21:46 | 000,002,000 | ---- | C] () -- C:\WINNT\hpomdl14.dat [2011-03-25 14:27:13 | 000,008,761 | ---- | C] () -- C:\WINNT\System32\DWRCS.INI [2011-03-20 20:55:53 | 000,000,000 | ---- | C] () -- C:\WINNT\winawsvr.INI [2011-03-20 12:37:18 | 000,000,000 | ---- | C] () -- C:\WINNT\AUTOSTRT.INI [2011-03-13 15:03:36 | 000,051,716 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll [2011-03-13 15:03:36 | 000,000,060 | ---- | C] () -- C:\WINNT\wpd99.drv [2011-03-13 13:36:12 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat [2011-03-09 19:27:52 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\z00269rd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-08 15:34:58 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\z00269rd\Local Settings\Application Data\fusioncache.dat [2011-03-08 14:02:18 | 000,056,950 | RHS- | C] () -- C:\Documents and Settings\z00269rd\ntuser.pol [2011-01-30 12:34:47 | 000,002,291 | ---- | C] () -- C:\WINNT\saplogon.ini [2011-01-30 12:34:47 | 000,000,749 | ---- | C] () -- C:\WINNT\sapmsg.ini [2011-01-26 19:49:47 | 000,874,032 | ---- | C] () -- C:\WINNT\System32\igkrng575.bin [2011-01-26 19:49:44 | 000,127,896 | ---- | C] () -- C:\WINNT\System32\igcompkrng575.bin [2011-01-26 19:49:44 | 000,004,096 | ---- | C] ( ) -- C:\WINNT\System32\IGFXDEVLib.dll [2011-01-26 19:47:31 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat [2011-01-26 19:47:24 | 000,536,678 | ---- | C] () -- C:\WINNT\System32\perfh009.dat [2011-01-26 19:47:24 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat [2011-01-26 19:47:24 | 000,100,998 | ---- | C] () -- C:\WINNT\System32\perfc009.dat [2011-01-26 19:47:24 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat [2011-01-26 19:47:22 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat [2011-01-26 19:47:20 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin [2011-01-26 19:47:17 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat [2011-01-26 19:47:05 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat [2011-01-26 19:47:05 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin [2011-01-26 19:47:00 | 000,028,327 | ---- | C] () -- C:\Documents and Settings\z00269rd\winlogon_17c4.VIR [2011-01-26 19:47:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\z00269rd\uidsave.dat [2011-01-26 19:46:45 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat [2011-01-26 19:46:33 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\Dcache.bin [2011-01-26 15:58:39 | 000,016,823 | ---- | C] () -- C:\WINNT\cfgall.ini [2011-01-26 14:50:25 | 003,485,952 | ---- | C] () -- C:\WINNT\System32\drivers\snp2uvc.sys [2011-01-26 14:50:25 | 000,196,608 | ---- | C] ( ) -- C:\WINNT\System32\csnp2uvc.dll [2011-01-26 14:50:25 | 000,028,544 | ---- | C] () -- C:\WINNT\System32\drivers\sncduvc.sys [2011-01-26 14:50:25 | 000,015,497 | ---- | C] () -- C:\WINNT\snp2uvc.ini [2011-01-26 14:50:23 | 000,239,616 | ---- | C] ( ) -- C:\WINNT\System32\rsnp2uvc.dll [2011-01-26 14:47:56 | 000,000,151 | ---- | C] () -- C:\WINNT\System32\GfxUI.exe.config [2011-01-26 12:53:17 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI [2011-01-26 12:52:46 | 000,228,800 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT [2011-01-26 12:11:55 | 000,000,509 | ---- | C] () -- C:\WINNT\SMSCFG.ini [2011-01-26 12:07:04 | 000,221,184 | ---- | C] () -- C:\WINNT\System32\zLibDll.dll [2011-01-26 12:07:04 | 000,122,880 | ---- | C] () -- C:\WINNT\System32\zLibDllA.dll [2011-01-26 12:05:54 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI [2011-01-26 12:02:25 | 000,170,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2011-01-26 12:01:16 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat [2011-01-26 11:57:41 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat [2010-09-27 12:03:08 | 000,201,512 | ---- | C] () -- C:\WINNT\System32\vpnapi.dll [2010-09-27 11:57:26 | 000,197,416 | ---- | C] () -- C:\WINNT\System32\CSGina.dll [color=#E56717]========== LOP Check ==========[/color] [2011-03-14 00:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2012-03-22 18:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2012-06-27 01:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2011-03-08 23:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2012-05-16 15:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2011-01-30 11:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM [2012-06-24 14:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2011-01-26 15:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA [2012-03-22 18:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Canneverbe_Limited [2011-03-13 21:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\CatPC [2011-04-01 01:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Copernic [2011-03-13 14:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Gadu-Gadu [2012-06-28 19:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Juniper Networks [2011-03-23 02:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\OneClickInternet [2011-03-20 16:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Pavtube [2012-06-24 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Research In Motion [2012-03-12 15:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\SAP [2011-03-12 20:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\SGE [2012-05-31 15:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Siemens [2011-03-23 01:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Toshiba [2011-11-02 19:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\z00269rd\Application Data\Windows Desktop Search [color=#E56717]========== Purity Check ==========[/color] < End of report >