OTL logfile created on: 2012-03-05 10:48:27 - Run 10 OTL by OldTimer - Version 3.2.34.0 Folder = E:\tools\antywir 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 46,93% Memory free 6,20 Gb Paging File | 4,24 Gb Available in Paging File | 68,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 38,96 Gb Free Space | 26,14% Space Free | Partition Type: NTFS Drive E: | 139,28 Gb Total Space | 2,77 Gb Free Space | 1,99% Space Free | Partition Type: NTFS Drive F: | 3,44 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Unable to calculate disk information. Computer Name: PAWEL-LAPTOP | User Name: Pawel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-03-02 17:08:27 | 000,584,704 | ---- | M] (OldTimer Tools) -- E:\tools\antywir\OTL.exe PRC - [2012-02-16 16:14:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-01-13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010-05-18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2010-01-20 15:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2009-10-22 11:01:06 | 000,440,616 | ---- | M] (GFI Software Ltd.) -- C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe PRC - [2009-10-22 11:01:04 | 001,410,856 | ---- | M] (GFI Software Ltd.) -- C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE PRC - [2009-04-06 04:35:46 | 001,002,016 | ---- | M] (Packard Bell Services) -- C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe PRC - [2008-08-08 06:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files (x86)\TC UP\totalcmd.exe PRC - [2008-07-15 11:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2008-06-23 20:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008-06-17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2008-04-04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe PRC - [2008-01-23 10:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2007-11-30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007-11-28 15:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe PRC - [2007-11-20 13:44:30 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe PRC - [2007-10-02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2007-08-15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007-08-08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007-06-15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe PRC - [2007-05-18 02:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2006-12-19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe PRC - [2005-01-10 08:35:16 | 000,073,728 | ---- | M] (Computer Associates International) -- C:\Program Files (x86)\PestPatrol\CookiePatrol.exe PRC - [2004-11-15 10:49:54 | 000,098,304 | ---- | M] (Computer Associates International) -- C:\Program Files (x86)\PestPatrol\PPControl.exe PRC - [2003-04-19 06:53:08 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\PestPatrol\PPMemCheck.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-02-16 16:14:20 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011-07-04 07:34:27 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\15ae1e680b8a08768d1bfb5fb3dae559\System.Data.SqlServerCe.ni.dll MOD - [2011-07-04 07:34:04 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll MOD - [2011-07-04 07:34:03 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll MOD - [2011-07-04 07:33:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011-07-04 07:18:45 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011-07-04 07:18:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011-07-04 07:18:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011-07-04 07:18:04 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll MOD - [2011-07-04 07:17:14 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011-07-04 07:17:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009-03-12 13:16:12 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-03-12 13:13:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009-03-12 13:13:14 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008-07-22 10:46:08 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax MOD - [2007-11-30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe MOD - [2007-11-19 13:54:20 | 000,188,416 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll MOD - [2007-11-19 11:11:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswcore.dll MOD - [2007-09-06 14:05:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswobj.dll MOD - [2007-08-02 09:53:06 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll MOD - [2007-07-24 14:41:10 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ResItf.dll MOD - [2007-06-19 11:38:08 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswui.dll MOD - [2007-06-15 10:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007-06-01 17:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll MOD - [2007-05-14 14:07:14 | 000,009,728 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\LogonStartup.dll MOD - [2007-05-14 11:10:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswgblset.dll MOD - [2006-12-09 09:34:36 | 000,139,264 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll MOD - [2006-12-07 09:29:06 | 000,007,168 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\iphelper.dll MOD - [2006-12-06 16:55:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswhlp.dll MOD - [2006-12-06 16:55:22 | 000,086,016 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswds.dll MOD - [2006-12-06 16:42:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\cxcmrt.dll MOD - [2003-04-19 06:53:08 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\PestPatrol\PPMemCheck.exe MOD - [2003-01-26 10:07:42 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\PestPatrol\ppserver.dll MOD - [2003-01-26 10:07:40 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\PestPatrol\ppengine.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-07-20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2009-03-05 22:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc) SRV:[b]64bit:[/b] - [2008-08-07 13:45:14 | 001,449,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2008-08-07 13:08:46 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2008-03-18 05:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio) SRV:[b]64bit:[/b] - [2008-01-19 09:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2008-01-19 09:00:52 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2007-11-07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:[b]64bit:[/b] - [2007-08-08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV:[b]64bit:[/b] - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV:[b]64bit:[/b] - [2007-05-18 02:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010-07-16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare) SRV - [2010-05-18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010-04-20 17:13:21 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010-04-20 17:13:21 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-10-22 11:01:06 | 000,440,616 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe -- (GFIBckHAtt) SRV - [2009-10-22 11:01:04 | 001,410,856 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE -- (GFIBckHSched) SRV - [2009-06-17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld) SRV - [2009-04-06 04:35:46 | 001,002,016 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe -- (PowerSave) SRV - [2009-03-12 13:13:45 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-12-10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache) SRV - [2008-04-04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service) SRV - [2008-01-19 08:33:43 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2007-10-02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007-06-15 15:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-06-15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2007-05-31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006-12-19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2000-06-29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Stopped] -- C:\Windows\SysWow64\Crypserv.exe -- (Crypkey License) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-12-10 15:24:08 | 000,023,152 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011-05-10 07:06:14 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl) DRV:[b]64bit:[/b] - [2011-05-10 07:06:08 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011-03-18 04:46:20 | 000,074,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:[b]64bit:[/b] - [2011-03-18 04:46:06 | 000,085,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:[b]64bit:[/b] - [2010-02-08 21:28:10 | 000,148,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HRMPORTS.SYS -- (HRMPORTS) DRV:[b]64bit:[/b] - [2010-02-08 21:28:10 | 000,133,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HRMCFGSPC.SYS -- (HRMCFGSPC) DRV:[b]64bit:[/b] - [2010-02-08 21:28:10 | 000,128,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HRMINTS.SYS -- (HRMINTS) DRV:[b]64bit:[/b] - [2010-02-08 21:28:08 | 000,676,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\dsfksvcs.sys -- (DSFKSVCS) DRV:[b]64bit:[/b] - [2010-02-08 21:28:08 | 000,035,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\dsfroot.sys -- (dsfroot) DRV:[b]64bit:[/b] - [2009-09-02 09:45:38 | 000,254,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6) DRV:[b]64bit:[/b] - [2009-06-17 17:54:46 | 000,040,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt) DRV:[b]64bit:[/b] - [2009-06-17 17:54:30 | 000,057,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2009-06-17 17:54:22 | 000,055,312 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2009-06-17 17:54:14 | 000,013,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd) DRV:[b]64bit:[/b] - [2009-06-17 17:54:06 | 000,074,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb) DRV:[b]64bit:[/b] - [2009-05-18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009-03-12 13:53:41 | 000,140,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST) Sterownik protokołu RMCAST (Pgm) DRV:[b]64bit:[/b] - [2009-03-05 22:51:50 | 000,099,352 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SWIPsec.sys -- (SWIPsec) DRV:[b]64bit:[/b] - [2009-03-04 17:03:32 | 000,024,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swvnic.sys -- (SWVNIC) DRV:[b]64bit:[/b] - [2009-02-04 13:20:09 | 000,053,816 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp) DRV:[b]64bit:[/b] - [2009-01-14 18:55:38 | 000,092,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl) DRV:[b]64bit:[/b] - [2008-12-08 17:42:00 | 008,123,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nv4_mini.sys -- (nv) DRV:[b]64bit:[/b] - [2008-11-16 17:39:44 | 000,157,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dne64x.sys -- (DNE) DRV:[b]64bit:[/b] - [2008-07-08 14:03:00 | 000,055,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdusb2em.sys -- (sdusb2em) SD USB Emulator (sdusb2em.sys) DRV:[b]64bit:[/b] - [2008-07-03 09:30:20 | 000,325,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2008-06-27 06:51:10 | 000,088,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:[b]64bit:[/b] - [2008-06-25 15:59:00 | 000,055,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2008-06-24 13:50:00 | 000,065,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2008-06-03 22:41:50 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr) DRV:[b]64bit:[/b] - [2008-05-29 10:21:00 | 000,016,440 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby) DRV:[b]64bit:[/b] - [2008-05-13 21:02:12 | 000,121,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2008-05-07 10:40:38 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2008-04-27 23:38:12 | 004,730,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R) DRV:[b]64bit:[/b] - [2008-03-21 05:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2008-02-14 22:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:[b]64bit:[/b] - [2008-01-19 07:47:12 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:[b]64bit:[/b] - [2008-01-19 07:38:17 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:[b]64bit:[/b] - [2008-01-19 07:38:16 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2008-01-19 07:37:02 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2008-01-19 07:33:58 | 000,032,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2008-01-19 07:02:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2008-01-03 05:40:42 | 000,011,576 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT) DRV:[b]64bit:[/b] - [2007-12-18 17:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir) DRV:[b]64bit:[/b] - [2007-10-15 08:40:50 | 000,284,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\etFilter64.sys -- (FiltUSBET) DRV:[b]64bit:[/b] - [2007-09-06 19:52:52 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\etScan64.sys -- (ScanUSBET) DRV:[b]64bit:[/b] - [2007-09-06 09:44:40 | 000,530,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\etDevice64.sys -- (DCamUSBET) DRV:[b]64bit:[/b] - [2007-08-10 20:19:44 | 000,034,872 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:[b]64bit:[/b] - [2007-08-03 05:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV:[b]64bit:[/b] - [2007-07-27 19:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2007-07-26 20:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:[b]64bit:[/b] - [2007-07-24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV:[b]64bit:[/b] - [2007-04-24 10:33:30 | 000,123,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s125obex.sys -- (s125obex) DRV:[b]64bit:[/b] - [2007-04-24 10:33:28 | 000,126,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV:[b]64bit:[/b] - [2007-04-24 10:33:26 | 000,144,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s125mdm.sys -- (s125mdm) DRV:[b]64bit:[/b] - [2007-04-24 10:33:24 | 000,019,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s125mdfl.sys -- (s125mdfl) DRV:[b]64bit:[/b] - [2007-04-24 10:33:14 | 000,108,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV:[b]64bit:[/b] - [2007-02-22 10:19:08 | 000,173,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64) DRV:[b]64bit:[/b] - [2007-02-22 10:18:14 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcmx64.sys -- (nmwcdcmx64) DRV:[b]64bit:[/b] - [2007-02-22 10:18:14 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcjx64.sys -- (nmwcdcjx64) DRV:[b]64bit:[/b] - [2007-02-22 10:18:14 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcx64.sys -- (nmwcdcx64) DRV:[b]64bit:[/b] - [2006-10-27 14:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus) DRV - [2011-12-06 19:27:00 | 000,028,656 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- E:\_Biocontrol\_GSM\tools\Portmon\PORTMSYS.SYS -- (PORTMON) DRV - [2008-05-19 17:15:42 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2006-01-13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2004-10-22 06:57:40 | 000,006,112 | ---- | M] (Texas Instruments Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\xdsfast1.sys -- (xdsfast1) DRV - [2004-10-22 06:57:40 | 000,003,968 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drpkiont.sys -- (drpkiont) DRV - [2003-03-24 18:06:46 | 000,011,812 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SentEmul.sys -- (sentemul) DRV - [2002-07-17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI) DRV - [2000-02-03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\system32\ckldrv.sys -- (NetworkX) DRV - [1999-07-20 03:38:00 | 000,073,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Sentinel.sys -- (Sentinel) DRV - [1999-05-24 18:25:18 | 000,004,576 | ---- | M] (Spectrum Digital Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Sdiont.sys -- (sdiont) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\..\SearchScopes\{0AA0957A-23E9-43BC-9A2A-2EE2E74D9834}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\..\SearchScopes\{4A05E3AB-AE01-43F0-A5FC-61F6313D14FB}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\..\SearchScopes\{905E648B-266A-4EDF-87DC-44AD1298A979}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 IE - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll (RayV) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-03-03 12:38:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-03-02 14:25:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012-01-19 07:15:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011-10-31 09:23:43 | 000,000,000 | ---D | M] [2010-12-09 16:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pawel\AppData\Roaming\mozilla\Extensions [2010-12-09 16:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pawel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012-03-03 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pawel\AppData\Roaming\mozilla\Firefox\Profiles\9jdwq5ei.default\extensions [2010-04-28 06:29:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pawel\AppData\Roaming\mozilla\Firefox\Profiles\9jdwq5ei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-03-03 11:22:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pawel\AppData\Roaming\mozilla\Firefox\Profiles\9jdwq5ei.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009-07-09 08:38:55 | 000,000,000 | ---D | M] (MediaWrap) -- C:\Users\Pawel\AppData\Roaming\mozilla\Firefox\Profiles\9jdwq5ei.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48} [2011-05-08 21:01:53 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Pawel\AppData\Roaming\mozilla\Firefox\Profiles\9jdwq5ei.default\extensions\DTToolbar@toolbarnet.com [2010-12-12 20:05:04 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Pawel\AppData\Roaming\mozilla\Firefox\Profiles\9jdwq5ei.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009-04-02 17:44:13 | 000,000,000 | ---D | M] (Kompas - TĹ‚umacz i SĹ‚ownik JÄ™zyka Angielskiego 4.0 (Firefox 1.5-2.0)) -- C:\Users\Pawel\AppData\Roaming\mozilla\Firefox\Profiles\9jdwq5ei.default\extensions\trenpl4ff@kompas.info.pl [2011-01-15 20:38:52 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Pawel\AppData\Roaming\mozilla\Firefox\Profiles\9jdwq5ei.default\extensions\vshare@toolbar [2011-01-15 20:38:59 | 000,001,583 | ---- | M] () -- C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\9jdwq5ei.default\searchplugins\web-search.xml [2012-03-03 12:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011-12-27 07:51:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-16 16:14:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-02-16 12:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-02-16 12:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-16 12:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-16 12:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-16 12:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-16 12:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-03-03 11:50:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Pawel\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:[b]64bit:[/b] - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:[b]64bit:[/b] - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll () O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~2\PESTPA~1\CookiePatrol.exe (Computer Associates International) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~2\PESTPA~1\PPControl.exe (Computer Associates International) O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~2\PESTPA~1\PPMemCheck.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Download with Download Manager - C:\Program Files (x86)\Storage Server\Storage Server\DM\GetUrl.htm () O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm () O8:[b]64bit:[/b] - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm () O8:[b]64bit:[/b] - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm () O8:[b]64bit:[/b] - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll () O8:[b]64bit:[/b] - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download with Download Manager - C:\Program Files (x86)\Storage Server\Storage Server\DM\GetUrl.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll () O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2837773442-1628460784-2167171901-1000\..Trusted Domains: verisign.com ([securitycenter] https in Zaufane witryny) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E97097B-5E2C-45F1-96F6-70A31C2964E1}: DhcpNameServer = 194.204.152.34 194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E97097B-5E2C-45F1-96F6-70A31C2964E1}: NameServer = 192.168.1.80 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61650488-5BE3-4899-980A-8869506C8510}: DhcpNameServer = 213.158.199.1 213.158.199.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8BBA7A8-E8B6-4DAC-A190-09C414E7EF76}: DhcpNameServer = 194.204.152.34 194.204.159.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Pawel\Desktop\DSCN0900.jpg O24 - Desktop BackupWallPaper: C:\Users\Pawel\Desktop\DSCN0900.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-11-22 14:27:24 | 000,157,938 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2006-12-05 21:00:00 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-03-04 13:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-03-04 13:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-03-04 12:21:07 | 000,000,000 | ---D | C] -- C:\FRST [2012-03-03 12:10:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-03-03 11:43:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-03-03 11:43:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-03-03 11:43:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-03-03 11:43:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-03-03 11:38:27 | 004,420,481 | R--- | C] (Swearware) -- C:\Users\Pawel\Desktop\ComboFix.exe [2012-03-02 18:29:13 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-03-02 11:54:46 | 000,000,000 | ---D | C] -- C:\Users\Pawel\AppData\Local\PreEmptive Solutions [2012-03-02 11:46:20 | 000,000,000 | ---D | C] -- C:\Users\Pawel\AppData\Local\ElevatedDiagnostics [2012-03-02 10:59:17 | 002,345,472 | ---- | C] (Helge Klein) -- C:\Windows\SetACL.exe [2012-02-28 02:51:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-02-26 22:32:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012-02-26 21:37:30 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\tdsskiller.exe [2012-02-26 17:53:36 | 000,000,000 | ---D | C] -- C:\Users\Pawel\AppData\Roaming\Malwarebytes [2012-02-26 17:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-02-26 17:08:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012-02-26 12:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer [2012-02-26 12:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer [2012-02-25 15:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012-02-25 15:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012-02-25 15:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012-02-25 14:24:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012-02-19 22:36:21 | 000,000,000 | ---D | C] -- C:\Users\Pawel\Desktop\Podlodowe Białe [2012-02-17 10:02:01 | 000,000,000 | ---D | C] -- C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BusinessCards MX [2012-02-17 10:01:39 | 000,000,000 | ---D | C] -- C:\Users\Pawel\Documents\BusinessCardsMX templates [2012-02-17 10:01:38 | 000,000,000 | ---D | C] -- C:\Users\Pawel\AppData\Roaming\mojosoft [2012-02-17 10:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mojosoft [2012-02-14 20:34:15 | 000,000,000 | ---D | C] -- C:\Users\Pawel\Desktop\Podlodowe2012 [2012-02-10 12:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012-02-07 14:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STPViewer [2012-02-07 14:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STPViewer [2011-07-04 06:25:08 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\Pawel\AppData\Local\htmllite.dll [2011-07-04 06:25:07 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Pawel\AppData\Local\msvcr90.dll [2011-07-04 06:25:07 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Users\Pawel\AppData\Local\msvcp90.dll [2011-07-04 06:25:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Users\Pawel\AppData\Local\deletetemp.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-03-05 10:49:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED4041AE-0D6B-4689-B6A1-0F526AE20579}.job [2012-03-05 10:46:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-03-05 10:34:02 | 001,695,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-03-05 10:34:02 | 000,747,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-03-05 10:34:02 | 000,662,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-03-05 10:34:02 | 000,161,494 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-03-05 10:34:02 | 000,126,718 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-03-05 10:32:56 | 000,028,599 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-03-05 10:32:26 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012-03-05 10:32:22 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-03-05 10:28:21 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012-03-05 10:28:06 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-03-05 10:28:06 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-03-05 10:28:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-03-05 10:26:05 | 000,006,497 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012-03-05 07:58:21 | 000,028,599 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-03-04 13:24:01 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-03-03 12:38:19 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-03-03 11:50:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012-03-03 11:38:28 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Pawel\Desktop\ComboFix.exe [2012-03-03 11:29:04 | 000,000,000 | -HS- | M] () -- C:\Windows\muzuki.exc [2012-03-03 11:16:26 | 408,588,728 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-03-02 21:56:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-03-02 17:17:00 | 000,031,412 | ---- | M] () -- C:\Users\Pawel\Desktop\adobe.jpg [2012-02-25 15:03:30 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012-02-24 07:49:42 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\HH Manager COW.lnk [2012-02-24 07:42:06 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\HH Manager SG.lnk [2012-02-22 16:55:20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\tdsskiller.exe [2012-02-17 12:36:20 | 000,000,290 | ---- | M] () -- C:\Users\Pawel\Desktop\sheep.csv.zip [2012-02-13 20:32:08 | 002,345,472 | ---- | M] (Helge Klein) -- C:\Windows\SetACL.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-03-05 07:58:19 | 000,028,599 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012-03-05 07:58:19 | 000,028,599 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012-03-04 13:24:01 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-03-04 13:24:00 | 000,023,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2012-03-03 12:38:19 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-03-03 11:43:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-03-03 11:43:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-03-03 11:43:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-03-03 11:43:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-03-03 11:43:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-03-02 17:17:00 | 000,031,412 | ---- | C] () -- C:\Users\Pawel\Desktop\adobe.jpg [2012-02-26 17:08:31 | 000,000,000 | -HS- | C] () -- C:\Windows\muzuki.exc [2012-02-25 15:03:30 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012-02-24 07:49:42 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\HH Manager COW.lnk [2012-02-24 07:36:56 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\HH Manager SG.lnk [2012-02-17 12:36:19 | 000,000,290 | ---- | C] () -- C:\Users\Pawel\Desktop\sheep.csv.zip [2011-10-17 14:28:12 | 000,000,081 | ---- | C] () -- C:\Windows\USBtest.INI [2011-08-25 15:34:33 | 000,000,026 | ---- | C] () -- C:\Windows\Maxsea.ini [2011-07-04 06:25:08 | 000,104,914 | ---- | C] () -- C:\Users\Pawel\AppData\Local\baseline.dat [2011-07-04 06:25:08 | 000,082,848 | ---- | C] () -- C:\Users\Pawel\AppData\Local\setup.sdb [2011-07-04 06:25:08 | 000,048,311 | ---- | C] () -- C:\Users\Pawel\AppData\Local\readme.htm [2011-07-04 06:25:08 | 000,009,752 | ---- | C] () -- C:\Users\Pawel\AppData\Local\vs_setup.pdi [2011-07-04 06:25:07 | 000,000,110 | ---- | C] () -- C:\Users\Pawel\AppData\Local\LocData.ini [2011-05-04 08:39:22 | 000,000,687 | ---- | C] () -- C:\Windows\VaDia Manager.INI [2011-04-27 18:57:32 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\ctdll32.dll [2011-03-15 03:16:16 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011-03-15 03:16:16 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011-01-15 18:08:24 | 000,000,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010-12-28 16:11:53 | 000,000,406 | ---- | C] () -- C:\Windows\CAMDXP.INI [2010-12-14 08:28:35 | 000,011,131 | ---- | C] () -- C:\Users\Pawel\AppData\Roaming\SmarThruOptions.xml [2010-12-14 08:28:22 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe [2010-12-14 08:28:03 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll [2010-12-14 08:22:31 | 000,110,592 | R--- | C] () -- C:\Windows\WiaInst.exe [2010-08-11 13:29:03 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2010-08-11 13:29:03 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2010-08-11 13:29:03 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2010-08-11 13:29:03 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2010-08-11 13:29:03 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2010-08-11 13:29:03 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2010-08-11 13:29:03 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2010-08-11 13:29:03 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2010-08-11 13:29:03 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2010-08-11 13:29:03 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2010-08-11 13:29:03 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2010-08-11 13:29:03 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2010-08-11 13:29:03 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2010-08-11 13:29:03 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2010-08-11 13:29:03 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2010-08-11 13:29:03 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2010-08-11 13:29:03 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2010-08-11 13:29:03 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2010-08-11 13:29:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010-07-30 12:20:43 | 000,001,456 | ---- | C] () -- C:\Windows\SysWow64\RxSave.dat [2010-05-24 11:21:22 | 000,038,430 | ---- | C] () -- C:\Users\Pawel\AppData\Roaming\Microsoft Access 97-2003.ADR [2010-05-24 11:21:15 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI [color=#E56717]========== LOP Check ==========[/color] [2011-08-18 09:13:39 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\AcGasSynchro [2011-07-04 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Altium [2010-07-01 07:45:24 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\AltiumDesignerSummer08 [2011-09-04 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\AltiumDesignerWinter09 [2011-06-16 12:16:26 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\CD-LabelPrint [2010-04-11 11:33:07 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Cinterion [2010-11-30 14:39:04 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1 [2010-10-24 11:08:42 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Cream Software [2011-03-11 08:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\DAEMON Tools Lite [2010-09-28 13:03:28 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\foobar2000 [2009-03-30 11:12:37 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Foxit [2009-03-19 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\GHISLER [2009-04-13 17:06:59 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\HEXelon [2011-07-06 14:44:30 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\IcoFX [2011-07-27 11:41:43 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\ImageCraftCB [2010-01-14 08:02:09 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Leadertech [2012-02-17 10:01:38 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\mojosoft [2009-06-06 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\MySQL [2012-01-31 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Navi [2010-09-14 14:56:30 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Nokia [2009-12-30 14:21:55 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Notepad++ [2009-03-27 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Nowe Gadu-Gadu [2010-10-30 06:42:56 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\OpenFM [2009-05-07 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\OpenOffice.org [2009-07-26 15:30:28 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\PC Suite [2009-11-25 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Qrix [2011-01-15 18:40:12 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\RayV [2010-12-14 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\SmarThru4 [2011-03-07 20:48:53 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\svBuilder [2010-09-07 08:37:37 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\TeamViewer [2010-05-16 19:13:00 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Teleca [2010-12-09 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Thunderbird [2009-04-02 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\TransAng3 [2010-10-27 20:35:41 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\TransEngPol41 [2011-02-16 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Unigraphics Solutions [2011-12-17 13:27:23 | 000,000,000 | ---D | M] -- C:\Users\Pawel\AppData\Roaming\Xerox [2010-03-23 14:41:14 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\OpenOffice.org [2010-06-18 18:22:09 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Teleca [2012-03-05 10:26:06 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012-03-05 10:49:59 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ED4041AE-0D6B-4689-B6A1-0F526AE20579}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 265 bytes -> C:\ProgramData\TEMP:2E52E022 @Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:18F7B1B7 < End of report >