OTL logfile created on: 2012-08-03 15:58:26 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Download Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,44 Gb Available Physical Memory | 21,83% Memory free 4,23 Gb Paging File | 1,80 Gb Available in Paging File | 42,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,43 Gb Total Space | 9,97 Gb Free Space | 7,31% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,04 Gb Free Space | 50,40% Space Free | Partition Type: NTFS Computer Name: R2D2 | User Name: Michal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2012-08-03 15:57:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Download\OTL.exe PRC - [2012-08-03 14:29:26 | 000,302,592 | ---- | M] () -- C:\Download\r5gxdeop.exe PRC - [2012-08-03 13:50:08 | 000,421,888 | ---- | M] () -- C:\Users\Michal\AppData\Local\Temp\40F9.tmp PRC - [2012-07-30 22:30:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-07-15 15:49:44 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012-06-28 15:51:04 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012-06-01 22:51:48 | 003,369,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe PRC - [2012-04-30 16:18:00 | 005,235,608 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe PRC - [2012-04-24 09:31:34 | 001,150,368 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe PRC - [2012-04-11 12:09:14 | 001,177,496 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe PRC - [2012-04-11 12:01:46 | 000,247,704 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe PRC - [2011-10-12 09:49:20 | 001,934,336 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-02-18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2010-12-19 22:47:32 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe PRC - [2010-12-19 22:45:04 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe PRC - [2010-06-14 00:21:14 | 000,696,320 | ---- | M] (COMARCH S.A.) -- C:\Windows\System32\HASPSrv.exe PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009-04-11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009-03-29 11:30:38 | 002,058,240 | ---- | M] () -- C:\Program Files\FeedReader30\feedreader.exe PRC - [2008-06-27 12:00:00 | 003,768,320 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\WIBUKEY\Server\WkSvMgr.exe PRC - [2008-06-11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-01-16 00:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2007-12-10 14:59:40 | 000,122,880 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2007-12-10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2007-12-10 11:12:22 | 000,695,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe PRC - [2007-12-03 08:05:22 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM04Mon.exe PRC - [2007-11-01 17:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe PRC - [2007-10-24 09:11:52 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2007-09-13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007-09-13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2007-08-29 23:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007-07-27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe PRC - [2007-07-24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007-05-01 11:12:10 | 000,075,336 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe PRC - [2007-05-01 11:12:10 | 000,058,952 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe PRC - [2007-05-01 11:11:48 | 006,395,464 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe PRC - [2007-04-27 10:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2007-04-17 01:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe PRC - [2007-04-17 00:55:00 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe PRC - [2006-11-28 07:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006-11-28 07:34:28 | 000,075,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe PRC - [2006-11-28 07:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006-11-28 07:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006-11-22 18:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006-11-22 18:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006-11-05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006-11-05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe PRC - [2006-11-03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006-11-03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-08-03 14:29:26 | 000,302,592 | ---- | M] () -- C:\Download\r5gxdeop.exe MOD - [2012-08-03 13:50:08 | 000,421,888 | ---- | M] () -- C:\Users\Michal\AppData\Local\Temp\40F9.tmp MOD - [2012-08-03 13:50:05 | 000,187,392 | -HS- | M] () -- C:\Users\Michal\AppData\Local\Temp\MSIMG32.dll MOD - [2012-07-30 22:30:55 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-06-28 15:51:03 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2012-04-04 18:47:24 | 000,015,760 | ---- | M] () -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll MOD - [2011-03-11 10:47:04 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll MOD - [2011-03-11 10:46:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll MOD - [2011-03-10 22:06:10 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll MOD - [2011-03-10 22:04:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll MOD - [2011-03-10 16:14:20 | 000,888,832 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\KOAZ8J_O.DLL MOD - [2010-12-19 22:47:44 | 000,071,464 | ---- | M] () -- C:\Program Files\Steam\avutil-50.dll MOD - [2010-12-19 22:47:31 | 013,363,496 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll MOD - [2010-12-19 22:47:30 | 000,896,808 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll MOD - [2010-12-19 22:47:30 | 000,138,536 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll MOD - [2010-12-19 22:47:30 | 000,071,464 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll MOD - [2009-03-29 11:30:38 | 002,058,240 | ---- | M] () -- C:\Program Files\FeedReader30\feedreader.exe MOD - [2008-02-06 18:21:20 | 000,038,424 | ---- | M] () -- C:\Program Files\EditPlus 3\eppshell.dll MOD - [2008-01-16 00:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe MOD - [2007-12-10 11:12:22 | 000,695,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe MOD - [2007-10-24 09:11:52 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe MOD - [2007-08-27 13:35:54 | 001,581,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\QtCore4.dll MOD - [2007-08-02 18:16:58 | 000,131,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\Imageformats\qjpeg4.dll MOD - [2007-08-02 18:05:42 | 006,402,048 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\QtGui4.dll MOD - [2007-08-02 17:51:54 | 000,356,352 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\QtXml4.dll MOD - [2007-04-27 10:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll MOD - [2007-03-21 21:33:50 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll MOD - [2006-11-05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll MOD - [2006-11-05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll MOD - [2006-11-03 19:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2006-11-03 19:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2006-09-20 12:15:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\VCUPermits9.dll MOD - [2006-09-20 12:15:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\VCUError9.dll MOD - [2006-09-14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-07-30 22:30:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-06-01 22:51:48 | 003,369,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer) SRV - [2012-04-24 09:31:34 | 001,150,368 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup) SRV - [2012-04-11 12:09:14 | 001,177,496 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV - [2012-04-11 12:01:46 | 000,247,704 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010-12-19 22:47:32 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-06-14 00:21:14 | 000,696,320 | ---- | M] (COMARCH S.A.) [Auto | Running] -- C:\Windows\System32\HASPSrv.exe -- (HASPSrv) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-06-17 23:41:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-12-10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-09-13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007-08-29 23:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007-07-24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006-11-28 07:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006-11-28 07:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006-11-28 07:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006-11-22 18:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006-11-22 18:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006-10-31 11:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Michal\AppData\Local\Temp\fxldrpob.sys -- (fxldrpob) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012-06-18 10:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012-05-16 10:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120728.009\NAVEX15.SYS -- (NAVEX15) DRV - [2012-05-16 10:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120728.009\NAVENG.SYS -- (NAVENG) DRV - [2012-05-16 06:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012-04-11 12:09:48 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2010-03-31 10:00:48 | 000,031,696 | ---- | M] (DrayTek, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VPPP.sys -- (VPPP) DRV - [2009-06-16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008-06-27 12:00:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY) DRV - [2008-02-16 09:47:29 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008-02-16 00:53:04 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2007-12-03 08:05:32 | 000,234,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vid.sys -- (OEM04Vid) DRV - [2007-12-03 08:05:28 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM04Vfx.sys -- (OEM04Vfx) DRV - [2007-09-13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007-02-28 13:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-02-28 13:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007-02-28 13:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-02-22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007-02-22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006-11-22 17:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2006-11-22 17:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2006-11-22 17:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2006-11-02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006-11-02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2006-10-26 13:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2006-10-26 13:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2006-10-06 15:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gazeta.hit.gemius.pl/hitredir/id=d2OQy8dDI0IfRTN6xZdPC6ScDtYi9CbcoCUM9I5Fdvv.d7/stparam=qfikkmiuem/url=http://www.gazeta.pl/0,0.html?utm_source=rozne&utm_medium=AutopromoHP&utm_content=strona_glowna1_IE90311&utm_campaign=a_IE90311 IE - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gazeta.hit.gemius.pl/hitredir/id=1_2aoau32zKrY2K8AzHtuKPMXfaG5wd126fPuctBzrP.67/stparam=loptipgnqn/url=http://www.gazeta.pl/0,0.html?promocja=pit2011_wyb01&utm_campaign=p_124 IE - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000\..\SearchScopes\{A9C6DBF9-BA08-4205-AF8A-06463E462741}: "URL" = http://szukaj.gazeta.pl IE - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michal\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michal\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010-11-05 00:44:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-30 22:30:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-17 14:08:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012-03-20 22:27:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-30 22:30:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-17 14:08:10 | 000,000,000 | ---D | M] [2011-03-22 23:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\mozilla\Extensions [2011-03-14 00:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011-03-22 23:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a} [2012-08-02 09:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\mozilla\Firefox\Profiles\fmjvztjl.default\extensions [2010-07-22 13:33:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michal\AppData\Roaming\mozilla\Firefox\Profiles\fmjvztjl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-06-17 14:09:49 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Michal\AppData\Roaming\mozilla\Firefox\Profiles\fmjvztjl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2010-07-22 13:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008-09-04 21:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [2012-07-30 22:30:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-06-18 11:43:05 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-18 11:43:05 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-18 11:43:05 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-18 11:43:05 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-18 11:43:05 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-18 11:43:05 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Michal\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michal\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michal\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-07-19 14:10:14 | 000,000,817 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 192.168.1.149 NPI27FD35 O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe () O4 - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe () O4 - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000..\RunOnce: [036DFF8602DA36B60000FBEA2F3B6FDA] C:\ProgramData\036DFF8602DA36B60000FBEA2F3B6FDA\036DFF8602DA36B60000FBEA2F3B6FDA.exe () O4 - HKU\S-1-5-21-1165640812-3425906437-2361176363-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll () O9 - Extra 'Tools' menuitem : Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10DB4008-9668-44EA-A6AC-2A4E816AB655}: DhcpNameServer = 10.168.5.29 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CA8ABD6-A321-41E6-9EA8-5FB5B2811226}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{170776ea-58fe-11dd-a72b-001e4ce0e93b}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{45ba673e-a12f-11e1-985a-001e4ce0e93b}\Shell - "" = AutoRun O33 - MountPoints2\{45ba673e-a12f-11e1-985a-001e4ce0e93b}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-03 13:52:18 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012-08-03 13:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8602DA36B60000FBEA2F3B6FDA [2011-08-18 17:25:03 | 000,050,176 | ---- | C] (Digital Wired Limited) -- C:\Users\Michal\WolCmd.exe [9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\Windows\System32\ [2012-08-03 15:57:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1165640812-3425906437-2361176363-1000UA.job [2012-08-03 15:55:02 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-08-03 15:55:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-08-03 15:39:27 | 000,312,142 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-08-03 14:57:03 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1165640812-3425906437-2361176363-1000Core.job [2012-08-03 14:40:57 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-03 14:40:57 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-03 13:52:18 | 000,001,976 | ---- | M] () -- C:\Users\Michal\Desktop\Live Security Platinum.lnk [2012-08-03 12:57:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012-08-03 12:40:24 | 000,312,142 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-08-03 12:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-31 13:50:16 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012-07-27 10:22:43 | 000,738,286 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-07-27 10:22:42 | 000,655,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-07-27 10:22:42 | 000,164,056 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-07-27 10:22:42 | 000,128,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-07-27 10:14:56 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys [2012-07-25 11:11:09 | 000,010,652 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012-07-11 10:02:19 | 000,000,680 | ---- | M] () -- C:\Users\Michal\AppData\Local\d3d9caps.dat [9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] File not found -- C:\Windows\System32\ [2012-08-03 13:52:23 | 000,020,480 | ---- | C] () -- C:\Users\Michal\AppData\Local\{597b2101-d7e8-3e67-74e1-30d0328e90c6}\U\800000cb.@ [2012-08-03 13:52:21 | 000,001,712 | ---- | C] () -- C:\Users\Michal\AppData\Local\{597b2101-d7e8-3e67-74e1-30d0328e90c6}\U\00000001.@ [2012-08-03 13:52:18 | 000,001,976 | ---- | C] () -- C:\Users\Michal\Desktop\Live Security Platinum.lnk [2011-04-11 21:37:53 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WkDos.exe [2011-03-10 21:01:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-03-10 21:01:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011-03-10 20:59:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011-03-10 16:21:34 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{597b2101-d7e8-3e67-74e1-30d0328e90c6}\@ [2011-03-10 16:21:34 | 000,002,048 | -HS- | C] () -- C:\Users\Michal\AppData\Local\{597b2101-d7e8-3e67-74e1-30d0328e90c6}\@ [2011-03-10 16:14:20 | 000,011,264 | ---- | C] () -- C:\Windows\System32\KOAZ8J_L.DLL [2011-03-10 16:14:20 | 000,011,264 | ---- | C] () -- C:\Windows\System32\KOAZ8A_L.DLL [2010-10-28 12:26:06 | 000,000,151 | ---- | C] () -- C:\Windows\ODBC.INI [2010-10-28 12:12:22 | 000,098,304 | ---- | C] () -- C:\Windows\System32\getver.exe [2010-10-28 12:12:21 | 000,133,120 | ---- | C] () -- C:\Windows\System32\HASPXPx64.dll [2010-10-28 12:12:21 | 000,110,592 | ---- | C] () -- C:\Windows\System32\HASPXPx32.dll [2009-05-15 20:42:07 | 000,000,094 | ---- | C] () -- C:\Users\Michal\AppData\Local\fusioncache.dat [2009-01-13 00:06:31 | 000,004,232 | ---- | C] () -- C:\Users\Michal\.recently-used.xbel [2008-12-05 11:35:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008-11-25 22:28:04 | 000,312,142 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008-11-25 22:28:04 | 000,312,142 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008-11-22 13:58:52 | 000,022,328 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\PnkBstrK.sys [2008-04-05 15:19:20 | 000,000,680 | ---- | C] () -- C:\Users\Michal\AppData\Local\d3d9caps.dat [2008-03-17 21:55:58 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008-03-17 21:55:58 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DB15C07A39.sys [2008-02-17 10:34:56 | 000,026,340 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\UserTile.png [2008-02-16 01:44:17 | 000,000,600 | ---- | C] () -- C:\Users\Michal\AppData\Local\PUTTY.RND [2008-02-15 23:47:02 | 000,019,456 | ---- | C] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-02-15 23:12:08 | 000,102,182 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\nvModes.dat [2008-02-15 22:58:15 | 000,102,182 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\nvModes.001 [color=#E56717]========== LOP Check ==========[/color] [2008-04-05 14:12:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite [2008-09-13 17:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\PC Suite [2008-09-13 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\Thunderbird [2009-06-12 13:32:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Bullzip [2011-08-19 14:30:03 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Comarch [2011-08-19 14:26:51 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Comarch OPT!MA [2008-02-16 09:50:53 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools [2010-11-11 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\EditPlus 3 [2011-10-18 22:19:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Feedreader [2008-02-16 01:12:11 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Gadu-Gadu [2010-01-12 10:41:38 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Gadu-Gadu 10 [2008-02-24 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\GHISLER [2012-07-14 07:48:43 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\GoodSync [2011-04-11 21:54:22 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Graphisoft [2009-01-13 00:06:31 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\gtk-2.0 [2012-03-31 23:08:44 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\KeePass [2008-02-22 23:35:38 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Nokia [2009-08-04 23:57:13 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Nokia Multimedia Player [2009-08-10 13:20:39 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Nowe Gadu-Gadu [2011-01-31 13:24:21 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PC Suite [2008-02-17 10:34:56 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PeerNetworking [2011-04-22 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PITy2010 [2012-04-27 16:31:32 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PITy2011 [2011-07-16 23:26:59 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Research In Motion [2008-09-23 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TechSmith [2011-03-14 00:30:49 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Thunderbird [2008-12-16 23:54:10 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\WA-PRO [2012-07-14 08:07:04 | 000,000,000 | -H-D | M] -- C:\Users\Michal\AppData\Roaming\_gsdata_ [2008-08-15 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\Siakulak\AppData\Roaming\Nokia [2010-04-21 21:50:48 | 000,000,000 | ---D | M] -- C:\Users\Siakulak\AppData\Roaming\PC Suite [2011-06-26 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Siakulak\AppData\Roaming\Thunderbird [2012-07-25 11:11:14 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011-03-10 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CD62A6A-F3F3-425E-86CF-BB6B73D977F9}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Wordpress:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\The KMPlayer:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Snagit:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Snagit Stamps:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\SnagIt Catalog:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\my games:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Moje źródła danych:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Hotele:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Heca:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Foto:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Folder wymiany interfejsu Bluetooth:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Finanse:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\DVDVideoSoft:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Dell Webcam Center:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\Corel User Files:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\BlackBerry:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\_worek:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Documents\_Blanka:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Michal\Desktop\umowy:Roxio EMC Stream < End of report >