OTL logfile created on: 2012-10-02 21:42:10 - Run 2 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\win7\Downloads Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,26% Memory free 6,16 Gb Paging File | 4,67 Gb Available in Paging File | 75,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 37,42 Gb Free Space | 54,74% Space Free | Partition Type: NTFS Drive D: | 164,52 Gb Total Space | 42,23 Gb Free Space | 25,67% Space Free | Partition Type: NTFS Computer Name: DELL | User Name: win7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-10-02 16:05:01 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\win7\Downloads\OTL(2).exe PRC - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-09-07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-05-05 09:37:55 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-11-08 14:43:14 | 001,500,168 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2011-11-08 14:43:08 | 001,616,392 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2011-10-28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe PRC - [2011-10-28 03:40:14 | 001,554,184 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe PRC - [2011-09-05 00:55:05 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-08-10 14:20:28 | 001,613,424 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2011-06-17 16:43:56 | 000,409,608 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2011-06-17 16:43:46 | 000,921,608 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2011-04-08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2009-09-09 07:50:00 | 003,514,112 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE PRC - [2008-02-22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2007-09-20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007-09-13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007-09-13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007-07-27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe PRC - [2007-05-10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe PRC - [2006-12-19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2006-11-02 11:45:54 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-10 15:33:55 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll MOD - [2012-07-10 15:31:42 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll MOD - [2012-05-05 09:37:54 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-09-04 23:02:19 | 005,242,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2011-09-04 23:00:28 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2007-12-08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-05-05 09:37:56 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-11-08 14:43:14 | 001,500,168 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011-10-28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011-10-28 03:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2011-09-05 23:15:38 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011-08-10 14:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2011-06-17 16:43:56 | 000,409,608 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-09-20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007-09-13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007-05-31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2006-12-19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY) DRV - [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-07-08 12:10:47 | 000,052,600 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2012-05-06 19:45:37 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2012-03-28 20:22:11 | 000,039,800 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2012-03-28 20:22:10 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2012-03-28 20:22:10 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2012-03-28 20:22:10 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave) DRV - [2012-01-02 15:18:55 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2011-12-31 18:28:56 | 000,824,832 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB) DRV - [2010-05-12 12:14:58 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2010-05-12 12:14:56 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2010-05-12 12:14:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010-04-27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010-04-27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010-04-27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2009-03-31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2007-10-11 01:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007-09-17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-09-13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007-06-06 23:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2007-03-21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-03-05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007-02-24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-01-23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-02 10:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006-11-02 10:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2005-02-18 12:57:10 | 000,071,168 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GKUPRO2D.sys -- (GKUPRO2D) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No CLSID value found IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\SearchScopes\{BBC87F81-0117-450E-ADD1-534ABBEDAE53}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms} IE - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-05 09:37:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-04 21:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\win7\AppData\Roaming\mozilla\Extensions [2012-10-02 15:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\win7\AppData\Roaming\mozilla\Firefox\Profiles\69q6ef6g.default\extensions [2012-09-30 13:11:24 | 000,000,000 | ---D | M] (BPH Sign Plugin) -- C:\Users\win7\AppData\Roaming\mozilla\Firefox\Profiles\69q6ef6g.default\extensions\SignPlugin@bph(52).pl [2011-12-20 21:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-03-28 20:22:10 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012-03-28 20:22:10 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2012-05-05 09:37:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-03-28 21:48:04 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-28 21:48:04 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-03-28 21:48:04 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-03-28 21:48:04 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-03-28 21:48:04 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-03-28 21:48:04 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found. O3 - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found. O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-989666085-4185578678-2142005828-1000..\Run: [EPSON BX525WD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-989666085-4185578678-2142005828-1000..\Run: [Epson Stylus Office BX525WD(Sieć)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-989666085-4185578678-2142005828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 127.0.0.1 ([]http in Trusted sites) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51DDA3CC-756A-493A-80C8-78D2A90404EC}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D91550E-19BB-4358-B8FF-8B4D729F88C7}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\empbook - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\program files\g data\internetsecurity\avkkid\avkcks.exe) - c:\Program Files\G Data\InternetSecurity\AVKKid\AvkCKS.exe () O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-09-30 20:07:47 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\Malwarebytes [2012-09-30 20:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-09-30 20:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-09-30 20:07:35 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012-09-30 20:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012-09-24 23:02:46 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\ArcaBit [2012-09-24 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\win7\Start Menu [2012-09-24 17:18:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-09-24 17:17:44 | 000,000,000 | ---D | C] -- C:\ComboFix [2012-09-24 17:17:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-09-24 17:16:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-09-24 17:16:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012-09-23 17:55:17 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\ArcaVirMicroScan [2012-09-22 11:14:28 | 000,000,000 | ---D | C] -- C:\tmp [2012-09-15 15:23:48 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\Media Player Classic [2012-09-15 15:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012-09-09 10:50:55 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\Leadertech [2012-09-09 10:48:04 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\CRE [2012-09-09 10:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2012-09-09 10:44:54 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\uTorrent [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-10-02 21:39:15 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-10-02 21:39:15 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-10-02 20:39:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-10-02 20:39:05 | 250,095,838 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-10-02 16:30:05 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012-10-02 15:47:39 | 000,016,537 | ---- | M] () -- C:\Users\win7\Desktop\prefs.js [2012-10-02 15:26:39 | 000,813,153 | ---- | M] () -- C:\Windows\System32\sig.bin [2012-10-02 15:26:39 | 000,044,567 | ---- | M] () -- C:\Windows\System32\nmp.map [2012-10-01 17:07:56 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-10-01 17:07:56 | 000,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-10-01 17:07:56 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-10-01 17:07:56 | 000,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-09-30 21:38:57 | 000,002,527 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee 5.0.lnk [2012-09-30 20:07:39 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-09-24 17:22:24 | 000,000,694 | ---- | M] () -- C:\Users\win7\Desktop\ArcaVirMicroScan.lnk [2012-09-23 15:32:01 | 000,014,848 | ---- | M] () -- C:\Users\win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-09-22 11:14:29 | 001,474,133 | -H-- | M] () -- C:\treeinfo.wc [2012-09-15 15:23:16 | 000,000,688 | ---- | M] () -- C:\Users\Public\Desktop\MPC-HC.lnk [2012-09-09 10:46:31 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-10-02 16:24:19 | 250,095,838 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012-10-02 15:43:54 | 000,016,537 | ---- | C] () -- C:\Users\win7\Desktop\prefs.js [2012-09-30 20:07:39 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-09-24 17:22:24 | 000,000,694 | ---- | C] () -- C:\Users\win7\Desktop\ArcaVirMicroScan.lnk [2012-09-15 15:23:16 | 000,000,688 | ---- | C] () -- C:\Users\Public\Desktop\MPC-HC.lnk [2012-09-09 10:46:31 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-08-12 15:39:36 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat [2012-07-07 20:20:54 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012-05-06 19:22:13 | 000,014,848 | ---- | C] () -- C:\Users\win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-03-18 12:17:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2012-03-18 12:17:08 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2012-03-18 11:34:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012-03-18 11:27:33 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2012-01-06 23:04:30 | 000,000,401 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011-12-31 18:28:58 | 000,000,356 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2011-11-27 18:43:31 | 000,000,069 | ---- | C] () -- C:\Windows\sysstr32.ini [2011-11-20 21:23:30 | 000,000,212 | ---- | C] () -- C:\Users\win7\AppData\Roaming\burnaware.ini [2011-09-07 18:57:01 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4A0A34A524.sys [2011-09-07 18:57:00 | 000,004,704 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2011-09-07 18:44:45 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2011-09-07 18:44:45 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2011-09-07 18:44:45 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2011-09-07 18:44:45 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2011-09-07 18:44:45 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2011-09-07 18:44:45 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2011-09-06 22:57:04 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011-09-05 19:25:10 | 000,813,153 | ---- | C] () -- C:\Windows\System32\sig.bin [2011-09-02 14:05:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2011-09-02 14:05:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2011-09-02 14:05:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2011-09-02 14:05:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2011-09-02 14:05:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2011-09-02 14:01:06 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2011-09-02 13:48:02 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2011-09-02 13:48:00 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2011-09-02 11:53:17 | 000,000,680 | ---- | C] () -- C:\Users\win7\AppData\Local\d3d9caps.dat [2011-09-02 11:42:12 | 000,000,836 | ---- | C] () -- C:\Windows\bthservsdp.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011-09-05 22:35:32 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2011-09-05 00:28:58 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-02-29 22:35:04 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\.purple [2011-09-07 21:56:23 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ACD Systems [2012-09-24 23:02:46 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ArcaBit [2012-09-30 19:11:49 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ArcaVirMicroScan [2011-09-05 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Ashampoo [2011-09-06 22:56:06 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Epson [2012-06-17 16:29:26 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Generato [2012-09-30 19:11:49 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\GHISLER [2012-02-25 00:01:55 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\gtk-2.0 [2012-07-07 20:53:03 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ipla [2012-09-09 10:50:55 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Leadertech [2011-09-05 21:26:22 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\OpenOffice.org [2012-05-06 19:52:37 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\PC Suite [2012-06-23 23:11:25 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Rovio [2012-06-24 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Samsung [2011-09-02 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\TMP [2011-09-08 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Ulead Systems [2012-09-30 19:11:49 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\uTorrent [2012-03-24 10:34:24 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Youtube Downloader HD [color=#E56717]========== Purity Check ==========[/color] < End of report >