OTL logfile created on: 05-07-2012 22:28:01 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = I:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: dd-MM-yyyy 1,97 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 66,81% Memory free 4,77 Gb Paging File | 4,30 Gb Available in Paging File | 90,12% Paging File free Paging file location(s): C:\pagefile.sys 3019 3019 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,50 Gb Total Space | 29,94 Gb Free Space | 40,19% Space Free | Partition Type: NTFS Drive I: | 3,72 Gb Total Space | 3,65 Gb Free Space | 97,98% Space Free | Partition Type: FAT32 Computer Name: PPPP | User Name: Domek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 14 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-05 22:21:22 | 000,225,280 | ---- | M] (BMC Software) -- C:\WINDOWS\.marimba\USEndpoint\ch.2\data\sum.exe PRC - [2012-07-05 12:55:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- I:\OTL.exe PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011-05-31 13:47:54 | 000,138,584 | ---- | M] () -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\UIExec.exe PRC - [2011-05-31 13:45:56 | 000,260,976 | ---- | M] () -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\AssistantServices.exe PRC - [2010-12-10 02:13:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Marimba\Marimba US EndPoint Tuner\lib\jre\bin\java.exe PRC - [2010-12-10 02:13:12 | 000,036,957 | ---- | M] (BMC Software, Inc.) -- C:\Program Files\Marimba\Marimba US EndPoint Tuner\Tuner.exe PRC - [2010-10-15 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2010-10-15 17:05:00 | 000,140,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2010-10-15 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2010-10-15 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2010-03-25 13:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe PRC - [2009-07-09 14:21:36 | 005,732,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe PRC - [2008-11-14 13:56:48 | 000,240,899 | ---- | M] () -- C:\Program Files\BC-Identify\IDENTIFY.EXE PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-02-26 10:48:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2007-05-10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2006-09-25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2006-08-17 10:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe PRC - [2006-01-27 13:53:40 | 000,061,952 | ---- | M] ( Optimize Your PC ) -- C:\Program Files\Ściągnięte programy\PC Cleaner Trial\trayicon.exe PRC - [2005-12-20 15:39:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe PRC - [2005-09-05 16:55:08 | 000,339,968 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2005-04-27 21:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe PRC - [2005-03-28 06:49:12 | 000,057,393 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\notes\ntmulti.exe PRC - [2005-03-28 06:48:48 | 000,028,717 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nsl.exe PRC - [2005-03-28 06:48:48 | 000,020,530 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nslsvice.exe PRC - [2002-07-08 16:49:33 | 000,886,272 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-14 07:42:04 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_866ac85e\system.drawing.dll MOD - [2012-06-14 07:41:45 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_250e68f9\system.windows.forms.dll MOD - [2012-06-14 07:41:15 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012-06-07 08:39:27 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7f323aec\mscorlib.dll MOD - [2012-06-07 08:39:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d1d10d0c\system.xml.dll MOD - [2012-06-07 08:39:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0aa208bb\system.dll MOD - [2012-06-07 08:38:49 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2012-06-07 08:38:49 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012-06-07 08:38:48 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011-11-03 17:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011-05-31 13:47:54 | 000,138,584 | ---- | M] () -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\UIExec.exe MOD - [2011-05-31 13:45:56 | 000,260,976 | ---- | M] () -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\AssistantServices.exe MOD - [2010-12-10 02:13:01 | 001,032,192 | ---- | M] () -- C:\Program Files\Marimba\Marimba US EndPoint Tuner\lib\jre\bin\mrbamt.dll MOD - [2010-10-15 17:05:00 | 000,065,536 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll MOD - [2008-11-14 13:56:48 | 000,240,899 | ---- | M] () -- C:\Program Files\BC-Identify\IDENTIFY.EXE MOD - [2008-04-14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008-04-14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008-03-29 16:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Ściągnięte programy\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll MOD - [2008-03-29 16:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Ściągnięte programy\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll MOD - [2007-04-18 21:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll MOD - [2007-04-18 21:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll MOD - [2006-08-18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL MOD - [2006-07-31 19:39:32 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006-07-31 19:39:31 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006-07-31 19:39:30 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2005-12-20 15:39:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe MOD - [2005-09-05 16:55:08 | 000,339,968 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe MOD - [2001-10-28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011-05-31 13:45:56 | 000,260,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Ściągnięte programy\PLAY ONLINE\AssistantServices.exe -- (UI Assistant Service) SRV - [2010-12-10 02:13:12 | 000,036,957 | ---- | M] (BMC Software, Inc.) [Auto | Running] -- C:\Program Files\Marimba\Marimba US EndPoint Tuner\Tuner.exe -- (USEndpoint) SRV - [2010-10-15 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010-03-25 13:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service) SRV - [2010-03-11 00:18:04 | 000,041,368 | ---- | M] (Preo) [Auto | Stopped] -- C:\Program Files\xerox\XPEA\prprncs.exe -- (PrintelligenceClientService) SRV - [2010-03-11 00:17:56 | 000,045,464 | ---- | M] (Preo) [Auto | Stopped] -- C:\Program Files\xerox\XPEA\prprn.exe -- (Printelligence) SRV - [2008-02-26 10:48:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007-03-07 06:40:00 | 000,061,489 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd) SRV - [2005-04-27 21:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean) SRV - [2005-03-28 06:49:12 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2005-03-28 06:48:48 | 000,020,530 | ---- | M] (IBM Corp) [Auto | Running] -- C:\WINDOWS\system32\nslsvice.exe -- (Lotus Notes Single Logon) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-07-04 17:59:00 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{011BD835-BD74-4F01-A4F9-8F832D0FD22B}\MpKslfc288e88.sys -- (MpKslfc288e88) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011-03-26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2010-01-30 01:13:11 | 000,077,760 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\SvcDellhost_.sys -- (SvcDellhost_) DRV - [2007-09-15 05:04:46 | 002,455,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-06-13 00:05:50 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2006-08-18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006-08-18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006-08-18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006-08-18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006-08-18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006-08-18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006-08-18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006-08-18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006-08-11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2006-08-11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2006-03-18 01:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2006-01-27 18:26:58 | 000,093,056 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) DRV - [2005-12-08 12:09:32 | 008,718,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2004-08-19 15:53:48 | 000,047,496 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aac.sys -- (aac) DRV - [2004-08-04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004-08-04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004-08-04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004-08-04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004-08-04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004-08-04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004-08-04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004-08-04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004-08-04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004-08-04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004-08-04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004-08-04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004-08-04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004-08-04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004-08-04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2012-07-05 22:25:52 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004-08-04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKLM..\Run: [UIExec] C:\Program Files\Ściągnięte programy\PLAY ONLINE\UIExec.exe () O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files\Ściągnięte programy\ALLPlayer\ALLUpdate.exe" "sleep" File not found O4 - HKCU..\Run: [PC_CLEAN] C:\Program Files\Ściągnięte programy\PC Cleaner Trial\trayicon.exe ( Optimize Your PC ) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BC-Identify.lnk = C:\Program Files\BC-Identify\IDENTIFY.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O15 - HKLM\..Trusted Domains: actiantcommerce.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: airgas.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: appliedbiosystems.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: ariba.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: asap.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: at.vwr.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: barnesandnoble.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: baxter.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: baxterlearning.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: baxterrewards.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: baxterstore.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: bcu.org ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: benefitcenter.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: biosciencealliance.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: buerohandel.at ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: buerohandel.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: carlton-bates.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cdw.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cexp.ca ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: ch.vwr.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cnsndbs01.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cnsndbs02.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: confarchives.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: conferencing.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: csplans.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cvent.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dbaxhpa927.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dbaxhpa943.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dbaxhpa979.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: DELL.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: digikey.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: easygive.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hausfreund.at ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hermanmiller.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hubspan.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: iconf.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: inbaxter.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ingplans.com ([baxteriip] http in Trusted sites) O15 - HKLM\..Trusted Domains: invitrogen.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: kellyeorder.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: kinkos.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: lifeworks.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: localhost ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: lufthansa.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: lyreco.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: macromedia.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mcmaster.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites) O15 - HKLM\..Trusted Domains: millipore.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mmmarket.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mmstamp.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: moorestamps.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: moorewallace.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mscdirect.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mybenefitsatbaxter.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: pbaxhpa349.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pbaxhpa364.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pbaxhpa387.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pbaxhpa393.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: psteering.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: resx.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: rs-components.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: rshughes.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: sial.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: sigmaaldrich.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: spiral.at ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: sprial.at ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: staples.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: stapleslink.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: szabo-scandic.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: tbaxhpa848.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: tbaxhpa875.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: tbaxhpa885.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: tbaxhpa886.global.baxter.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: theworknumber.com ([secure] https in Trusted sites) O15 - HKLM\..Trusted Domains: ubs.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: unisys.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: verizonwireless.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: vwr.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: vwrsp.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: worldtravel.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: xerox.com ([*.office.services] * in Trusted sites) O15 - HKLM\..Trusted Domains: yahoo.com ([finance] * in Trusted sites) O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet) O15 - HKCU\..Trusted Domains: baxter.com ([]* in Local intranet) O15 - HKCU\..Trusted Domains: baxterlearning.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: crmondemand.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: crmondemand.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: csplans.com ([baxteriip] https in Trusted sites) O15 - HKCU\..Trusted Domains: inbaxter.com ([]* in Local intranet) O15 - HKCU\..Trusted Domains: macromedia.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: studionorth.com ([nform] http in Trusted sites) O15 - HKCU\..Trusted Domains: studionorth.com ([nform] https in Trusted sites) O15 - HKCU\..Trusted Domains: yahoo.com ([finance] * in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190304300468 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190304285265 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (SSOGina.DLL) - C:\WINDOWS\System32\ssogina.dll (Please see product documentation) O24 - Desktop WallPaper: C:\Documents and Settings\Domek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Domek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-07-31 18:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7fc841dc-524c-11e0-8e45-001aa08047d0}\Shell - "" = AutoRun O33 - MountPoints2\{7fc841dc-524c-11e0-8e45-001aa08047d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7fc841dc-524c-11e0-8e45-001aa08047d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c85fe886-08a0-11e1-8ea8-001aa08047d0}\Shell - "" = AutoRun O33 - MountPoints2\{c85fe886-08a0-11e1-8ea8-001aa08047d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c85fe886-08a0-11e1-8ea8-001aa08047d0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2012-07-05 12:48:18 | 000,000,000 | -HSD | C] -- C:\found.001 [2012-07-04 17:56:05 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys [2012-07-04 17:56:05 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys [2012-07-04 17:56:05 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys [2012-07-04 17:56:05 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys [2012-07-04 17:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB [2012-07-04 17:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PLAY ONLINE [2012-07-04 16:09:51 | 000,000,000 | -HSD | C] -- C:\found.000 [2012-07-03 23:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Application Data\hellomoto [2012-06-28 10:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Domek\Local Settings\Application Data\Identities [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2012-07-05 22:23:09 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012-07-05 22:22:36 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012-07-05 22:14:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012-07-05 22:12:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2012-07-05 22:12:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-05 22:11:32 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Domek\ntuser.dat [2012-07-05 22:11:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Domek\ntuser.ini [2012-07-05 12:34:28 | 004,240,744 | -H-- | M] () -- C:\Documents and Settings\Domek\Local Settings\Application Data\IconCache.db [2012-07-04 17:55:58 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PLAY ONLINE.lnk [2012-07-04 00:21:34 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Domek\Desktop\Microsoft Office Outlook 2007.lnk [2012-07-04 00:01:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-04 17:55:58 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PLAY ONLINE.lnk [2012-06-06 17:04:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-03-15 16:21:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxakih.exe [2012-03-15 16:21:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE [2012-03-15 16:21:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaklcnp.dll [2012-03-15 16:21:38 | 000,298,496 | ---- | C] () -- C:\WINDOWS\unin0415.exe [2011-12-05 11:46:47 | 000,339,968 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2011-12-05 11:46:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe [2011-12-05 11:46:46 | 008,718,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys [2011-12-05 11:46:46 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2011-12-05 11:46:45 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2011-12-05 11:46:45 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2011-12-05 11:46:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll [2011-12-05 11:46:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2011-12-05 11:46:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe [2011-06-26 01:13:22 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Domek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-18 17:35:29 | 004,240,744 | -H-- | C] () -- C:\Documents and Settings\Domek\Local Settings\Application Data\IconCache.db [2011-02-18 17:26:30 | 000,054,464 | ---- | C] () -- C:\Documents and Settings\Domek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2011-02-18 17:25:48 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Domek\Local Settings\Application Data\fusioncache.dat [2011-02-18 17:24:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Domek\ntuser.ini [2011-02-18 17:24:49 | 005,505,024 | -H-- | C] () -- C:\Documents and Settings\Domek\ntuser.dat [2010-08-25 15:16:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-06-01 12:36:32 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008-02-25 12:24:17 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2006-12-14 23:07:14 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat [color=#E56717]========== LOP Check ==========[/color] [2010-09-23 16:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2009-10-07 11:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus [2011-02-18 17:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\Baxter [2012-06-06 16:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\blueconnect [2012-02-01 13:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\DVDVideoSoft [2012-02-01 12:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\DVDVideoSoftIEHelpers [2012-02-17 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\GHISLER [2012-07-03 23:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\hellomoto [2012-02-03 09:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\Opera [2012-07-05 09:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Application Data\uTorrent [2012-07-05 22:22:36 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2012-07-05 22:14:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] < End of report >