(OTL logfile created on: 25-07-2012 16:52:38 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = I:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: dd-MM-yyyy 1,97 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 47,48% Memory free 4,77 Gb Paging File | 4,00 Gb Available in Paging File | 83,90% Paging File free Paging file location(s): C:\pagefile.sys 3019 3019 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,50 Gb Total Space | 26,68 Gb Free Space | 35,81% Space Free | Partition Type: NTFS Drive I: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,88% Space Free | Partition Type: FAT32 Computer Name: PPPP | User Name: Domek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-25 16:49:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- I:\OTL.exe PRC - [2012-07-25 16:41:01 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files\Ściągnięte programy\Opera\pluginwrapper\opera_plugin_wrapper.exe PRC - [2012-07-25 16:41:00 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files\Ściągnięte programy\Opera\opera.exe PRC - [2012-07-24 02:11:14 | 000,225,280 | ---- | M] (BMC Software) -- C:\WINDOWS\.marimba\USEndpoint\ch.2\data\sum.exe PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011-05-31 13:47:54 | 000,138,584 | ---- | M] () -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\UIExec.exe PRC - [2011-05-31 13:45:56 | 000,260,976 | ---- | M] () -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\AssistantServices.exe PRC - [2010-12-10 02:13:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Marimba\Marimba US EndPoint Tuner\lib\jre\bin\java.exe PRC - [2010-12-10 02:13:12 | 000,036,957 | ---- | M] (BMC Software, Inc.) -- C:\Program Files\Marimba\Marimba US EndPoint Tuner\Tuner.exe PRC - [2009-07-09 14:21:36 | 005,732,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe PRC - [2008-11-14 13:56:48 | 000,240,899 | ---- | M] () -- C:\Program Files\BC-Identify\IDENTIFY.EXE PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-02-26 10:48:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2007-05-10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2006-09-25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005-12-20 15:39:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe PRC - [2005-09-05 16:55:08 | 000,339,968 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2002-07-08 16:49:33 | 000,886,272 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-25 16:26:45 | 000,041,055 | ---- | M] () -- C:\WINDOWS\.marimba\USEndpoint\ch.14\data\dllcache\mrbsubscription2975286_0.dll MOD - [2012-07-25 10:48:57 | 000,172,032 | ---- | M] () -- C:\WINDOWS\.marimba\USEndpoint\ch.2\data\dllcache\mrba-sysconfig18107012_0.dll MOD - [2012-07-15 00:39:28 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012-06-14 07:42:04 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_866ac85e\system.drawing.dll MOD - [2012-06-14 07:41:45 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_250e68f9\system.windows.forms.dll MOD - [2012-06-14 07:41:15 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012-06-13 08:12:15 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012-06-10 17:12:18 | 001,279,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll MOD - [2012-06-07 08:39:27 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7f323aec\mscorlib.dll MOD - [2012-06-07 08:39:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d1d10d0c\system.xml.dll MOD - [2012-06-07 08:39:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0aa208bb\system.dll MOD - [2012-06-07 08:38:49 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2012-06-07 08:38:49 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012-06-07 08:38:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2012-06-07 08:31:36 | 000,423,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\office.dll MOD - [2011-11-03 17:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011-10-05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2011-06-22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll MOD - [2011-05-31 13:47:54 | 000,138,584 | ---- | M] () -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\UIExec.exe MOD - [2011-05-31 13:45:56 | 000,260,976 | ---- | M] () -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\AssistantServices.exe MOD - [2011-05-26 20:18:44 | 000,136,536 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL MOD - [2010-12-10 02:13:01 | 001,032,192 | ---- | M] () -- C:\Program Files\Marimba\Marimba US EndPoint Tuner\lib\jre\bin\mrbamt.dll MOD - [2009-02-26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll MOD - [2009-02-25 22:15:52 | 000,631,128 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Proof\MSSTKO32.DLL MOD - [2009-02-17 18:38:13 | 000,004,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll MOD - [2009-02-17 18:38:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll MOD - [2008-11-29 16:15:40 | 002,633,216 | ---- | M] () -- C:\Program Files\Ściągnięte programy\SubEdit-Player\codec\ffdshow\ffdshow.ax MOD - [2008-11-14 13:56:48 | 000,240,899 | ---- | M] () -- C:\Program Files\BC-Identify\IDENTIFY.EXE MOD - [2008-04-14 05:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll MOD - [2008-04-14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008-04-14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008-03-29 16:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Ściągnięte programy\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll MOD - [2008-03-29 16:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Ściągnięte programy\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll MOD - [2007-05-10 23:25:20 | 002,469,888 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll MOD - [2006-07-31 19:39:32 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006-07-31 19:39:31 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006-07-31 19:39:30 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2005-12-20 15:39:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe MOD - [2005-09-05 16:55:08 | 000,339,968 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe MOD - [2002-07-08 16:49:31 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LXAKICUR.DLL MOD - [2002-07-08 16:49:30 | 000,126,464 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LXAKFC5C.DLL MOD - [2001-10-28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe /ServiceStart -- (McAfeeFramework) SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Ściągnięte programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011-05-31 13:45:56 | 000,260,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\AssistantServices.exe -- (UI Assistant Service) SRV - [2010-12-10 02:13:12 | 000,036,957 | ---- | M] (BMC Software, Inc.) [Auto | Running] -- C:\Program Files\Marimba\Marimba US EndPoint Tuner\Tuner.exe -- (USEndpoint) SRV - [2010-03-11 00:18:04 | 000,041,368 | ---- | M] (Preo) [Auto | Stopped] -- C:\Program Files\xerox\XPEA\prprncs.exe -- (PrintelligenceClientService) SRV - [2010-03-11 00:17:56 | 000,045,464 | ---- | M] (Preo) [Auto | Stopped] -- C:\Program Files\xerox\XPEA\prprn.exe -- (Printelligence) SRV - [2008-02-26 10:48:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007-03-07 06:40:00 | 000,061,489 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011-03-26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2010-01-30 01:13:11 | 000,077,760 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\SvcDellhost_.sys -- (SvcDellhost_) DRV - [2007-09-15 05:04:46 | 002,455,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-06-13 00:05:50 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) DRV - [2006-03-18 01:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2006-01-27 18:26:58 | 000,093,056 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) DRV - [2005-12-08 12:09:32 | 008,718,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2004-08-19 15:53:48 | 000,047,496 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aac.sys -- (aac) DRV - [2004-08-04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004-08-04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004-08-04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004-08-04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004-08-04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004-08-04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004-08-04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004-08-04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004-08-04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004-08-04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004-08-04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004-08-04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004-08-04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004-08-04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004-08-04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110 IE - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012-07-10 15:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Domek\Application Data\Mozilla\Extensions O1 HOSTS File: ([2004-08-04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKLM..\Run: [UIExec] C:\Program Files\Ściągnięte programy\PLAY ONLINE\UIExec.exe () O4 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011..\Run: [ALLUpdate] "C:\Program Files\Ściągnięte programy\ALLPlayer\ALLUpdate.exe" "sleep" File not found O4 - HKU\.DEFAULT..\RunOnce: [] File not found O4 - HKU\.DEFAULT..\RunOnce: [ESB SIP PowerCfg] C:\WINDOWS\BAXTER\SCRIPTS\ESBPWRCFG.EXE (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [] File not found O4 - HKU\S-1-5-18..\RunOnce: [ESB SIP PowerCfg] C:\WINDOWS\BAXTER\SCRIPTS\ESBPWRCFG.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BC-Identify.lnk = C:\Program Files\BC-Identify\IDENTIFY.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O15 - HKLM\..Trusted Domains: actiantcommerce.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: airgas.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: appliedbiosystems.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: ariba.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: asap.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: at.vwr.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: barnesandnoble.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: baxter.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: baxterlearning.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: baxterrewards.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: baxterstore.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: bcu.org ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: benefitcenter.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: biosciencealliance.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: buerohandel.at ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: buerohandel.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: carlton-bates.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cdw.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cexp.ca ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: ch.vwr.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cnsndbs01.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cnsndbs02.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: confarchives.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: conferencing.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: csplans.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cvent.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dbaxhpa927.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dbaxhpa943.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dbaxhpa979.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: DELL.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: digikey.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: easygive.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hausfreund.at ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hermanmiller.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hubspan.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: iconf.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: inbaxter.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ingplans.com ([baxteriip] http in Trusted sites) O15 - HKLM\..Trusted Domains: invitrogen.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: kellyeorder.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: kinkos.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: lifeworks.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: localhost ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: lufthansa.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: lyreco.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: macromedia.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mcmaster.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites) O15 - HKLM\..Trusted Domains: millipore.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mmmarket.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mmstamp.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: moorestamps.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: moorewallace.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mscdirect.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mybenefitsatbaxter.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: pbaxhpa349.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pbaxhpa364.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pbaxhpa387.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pbaxhpa393.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: psteering.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: resx.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: rs-components.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: rshughes.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: sial.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: sigmaaldrich.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: spiral.at ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: sprial.at ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: staples.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: stapleslink.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: szabo-scandic.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: tbaxhpa848.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: tbaxhpa875.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: tbaxhpa885.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: tbaxhpa886.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: theworknumber.com ([secure] https in Trusted sites) O15 - HKLM\..Trusted Domains: ubs.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: unisys.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: verizonwireless.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: vwr.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: vwrsp.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: worldtravel.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: xerox.com ([*.office.services] * in Trusted sites) O15 - HKLM\..Trusted Domains: yahoo.com ([finance] * in Trusted sites) O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: baxter.com ([]* in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: baxterlearning.com ([]https in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: crmondemand.com ([]http in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: crmondemand.com ([]https in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: csplans.com ([baxteriip] https in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: inbaxter.com ([]* in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: studionorth.com ([nform] http in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: studionorth.com ([nform] https in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: yahoo.com ([finance] * in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([*] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: baxter.com ([]* in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: baxterlearning.com ([]https in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: crmondemand.com ([]http in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: crmondemand.com ([]https in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: csplans.com ([baxteriip] https in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: inbaxter.com ([]* in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: studionorth.com ([nform] http in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: studionorth.com ([nform] https in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: yahoo.com ([finance] * in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([*] in Local intranet) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: baxter.com ([]* in Local intranet) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: baxterlearning.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: crmondemand.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: crmondemand.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: csplans.com ([baxteriip] https in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: inbaxter.com ([]* in Local intranet) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: macromedia.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: studionorth.com ([nform] http in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: studionorth.com ([nform] https in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Domains: yahoo.com ([finance] * in Trusted sites) O15 - HKU\S-1-5-21-182796528-2258286168-1954960723-1011\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190304300468 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342303315062 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.34.50 212.76.34.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB057F8F-5969-4148-B5B4-D3E04919BEFA}: DhcpNameServer = 212.76.34.50 212.76.34.49 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (SSOGina.DLL) - C:\WINDOWS\System32\ssogina.dll (Please see product documentation) O24 - Desktop WallPaper: C:\Documents and Settings\Domek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Domek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-07-31 18:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7fc841dc-524c-11e0-8e45-001aa08047d0}\Shell - "" = AutoRun O33 - MountPoints2\{7fc841dc-524c-11e0-8e45-001aa08047d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7fc841dc-524c-11e0-8e45-001aa08047d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c85fe886-08a0-11e1-8ea8-001aa08047d0}\Shell - "" = AutoRun O33 - MountPoints2\{c85fe886-08a0-11e1-8ea8-001aa08047d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c85fe886-08a0-11e1-8ea8-001aa08047d0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-16 13:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Local Settings\Application Data\Temp [2012-07-16 12:29:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-07-16 12:23:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Domek\PrivacIE [2012-07-16 12:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help [2012-07-16 12:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help [2012-07-15 12:19:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012-07-15 12:05:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2012-07-15 12:05:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll [2012-07-15 12:05:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll [2012-07-15 11:27:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Domek\IETldCache [2012-07-15 11:18:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2012-07-15 11:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012-07-15 11:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2012-07-15 11:15:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2012-07-15 11:13:18 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012-07-15 11:13:00 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2012-07-15 11:13:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2012-07-15 11:12:59 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2012-07-15 11:12:59 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2012-07-15 11:12:57 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2012-07-15 10:50:35 | 000,000,000 | ---D | C] -- C:\MATS [2012-07-15 00:39:28 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-07-15 00:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Application Data\Sun [2012-07-15 00:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\jdk1.7.0_05_combo [2012-07-10 16:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Start Menu\Programs\Microsoft Office [2012-07-10 15:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Local Settings\Application Data\Mozilla [2012-07-10 15:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Application Data\Mozilla [2012-07-10 14:08:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012-07-10 13:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Application Data\ElevatedDiagnostics [2012-07-10 13:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0 [2012-07-10 13:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2012-07-10 11:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Application Data\Malwarebytes [2012-07-10 11:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-07-10 11:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012-07-10 11:11:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012-07-06 13:10:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2012-07-04 17:56:05 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys [2012-07-04 17:56:05 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys [2012-07-04 17:56:05 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys [2012-07-04 17:56:05 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys [2012-07-04 17:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB [2012-07-04 17:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PLAY ONLINE [2012-06-28 10:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Local Settings\Application Data\Identities [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-25 15:43:48 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012-07-24 12:32:58 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Domek\Desktop\Microsoft Office Outlook 2007.lnk [2012-07-24 02:20:25 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012-07-24 02:10:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012-07-24 02:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-23 23:21:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-07-17 01:01:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-07-15 14:06:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Domek\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012-07-15 12:42:38 | 000,444,258 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-07-15 12:42:38 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-07-15 12:35:04 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2012-07-15 11:27:48 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Domek\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012-07-15 00:43:17 | 000,206,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-07-15 00:39:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-07-15 00:39:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-07-14 23:41:14 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\Domek\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2012-07-14 23:41:14 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2012-07-12 12:03:44 | 000,000,980 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-11 10:14:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Domek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-09 13:39:41 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-07-04 17:55:58 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PLAY ONLINE.lnk [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-15 12:35:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk [2012-07-15 12:35:04 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2012-07-14 23:41:14 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\Domek\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2012-07-14 23:41:14 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk [2012-07-14 23:41:14 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2012-07-10 12:59:43 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Domek\Desktop\Microsoft Office Outlook 2007.lnk [2012-07-10 11:11:38 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-09 13:39:41 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS.lnk [2012-07-09 13:39:41 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS.lnk [2012-07-09 13:29:57 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Domek\Start Menu\Programs\Outlook Express.lnk [2012-07-04 17:55:58 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PLAY ONLINE.lnk [2012-06-06 17:04:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-03-15 16:21:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxakih.exe [2012-03-15 16:21:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE [2012-03-15 16:21:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaklcnp.dll [2012-03-15 16:21:38 | 000,298,496 | ---- | C] () -- C:\WINDOWS\unin0415.exe [2011-12-05 11:46:47 | 000,339,968 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2011-12-05 11:46:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe [2011-12-05 11:46:46 | 008,718,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys [2011-12-05 11:46:46 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2011-12-05 11:46:45 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2011-12-05 11:46:45 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2011-12-05 11:46:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll [2011-12-05 11:46:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2011-12-05 11:46:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe [2011-06-26 01:13:22 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Domek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-18 17:25:48 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Domek\Local Settings\Application Data\fusioncache.dat [2010-08-25 15:16:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-06-01 12:36:32 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008-02-25 12:24:17 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [color=#E56717]========== LOP Check ==========[/color] [2009-01-06 16:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Baxter [2007-08-05 16:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12 [2010-09-23 16:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2009-10-07 11:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus [2011-02-18 17:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\Baxter [2012-06-06 16:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\blueconnect [2012-02-01 13:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\DVDVideoSoft [2012-02-01 12:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\DVDVideoSoftIEHelpers [2012-07-10 13:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\ElevatedDiagnostics [2012-02-17 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\GHISLER [2012-02-03 09:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\Opera [2012-07-05 09:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\uTorrent [2008-12-17 08:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Baxter [2007-06-04 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WinBatch [2010-02-18 11:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xerox [2010-08-18 16:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\WinBatch [2010-08-16 10:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xerox [2012-07-25 15:43:48 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2012-07-24 02:10:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] < End of report >