OTL logfile created on: 2010-05-27 20:43:36 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\oem.oem-PC\Documents\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 70,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 17,29 Gb Free Space | 17,29% Space Free | Partition Type: NTFS Drive D: | 365,76 Gb Total Space | 244,53 Gb Free Space | 66,86% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ARTIE-COMP Current User Name: oem Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-05-27 20:43:15 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\oem.oem-PC\Documents\Downloads\OTL.exe PRC - [2010-05-23 21:04:42 | 003,262,464 | ---- | M] (Stunlock Studios) -- D:\Program Files (x86)\Bloodline Champions\Binary\BloodlineChampions.exe PRC - [2010-05-22 12:33:49 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2010-04-26 19:13:25 | 000,531,440 | ---- | M] (Google Inc.) -- C:\Users\oem.oem-PC\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010-03-18 14:02:13 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\oem.oem-PC\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe PRC - [2009-09-28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009-08-22 09:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009-04-11 08:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe PRC - [2009-01-09 10:59:34 | 000,299,008 | ---- | M] (ArcSoft, Inc.) -- D:\Program Files (x86)\TVBOX\TotalMedia.exe PRC - [2008-10-28 14:01:02 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- D:\Program Files (x86)\TVBOX\TMMonitor.exe PRC - [2007-12-18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) -- C:\Program Files (x86)\ERA\GlobeTrotter Connect\GtDetectSc.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-05-27 20:43:15 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\oem.oem-PC\Documents\Downloads\OTL.exe MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2008-01-21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-09-25 03:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009-05-16 05:24:09 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2008-01-21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-10-29 13:27:56 | 001,767,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2009-09-28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009-08-22 09:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009-03-30 06:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007-12-18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files (x86)\ERA\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc) SRV - [2006-11-02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2006-11-02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2006-11-02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010-02-01 08:22:05 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys -- (ccHP) DRV:[b]64bit:[/b] - [2009-10-01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:[b]64bit:[/b] - [2009-09-23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2009-09-11 10:31:54 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2009-08-22 09:21:19 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS -- (SRTSP) DRV:[b]64bit:[/b] - [2009-08-22 09:21:19 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS -- (SymEFA) DRV:[b]64bit:[/b] - [2009-08-22 09:21:19 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64) DRV:[b]64bit:[/b] - [2009-08-22 09:21:19 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS -- (SYMTDI) DRV:[b]64bit:[/b] - [2009-08-22 09:21:19 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMFW.SYS -- (SYMFW) DRV:[b]64bit:[/b] - [2009-08-22 09:21:19 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMNDISV.SYS -- (SYMNDISV) DRV:[b]64bit:[/b] - [2009-08-22 09:21:19 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:[b]64bit:[/b] - [2009-08-22 09:21:19 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM) DRV:[b]64bit:[/b] - [2009-05-16 06:02:02 | 005,957,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-04-24 07:43:18 | 000,110,904 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009-04-11 07:39:35 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WinUSB.sys -- (WinUsb) DRV:[b]64bit:[/b] - [2009-04-11 07:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) Sterownik audio USB (WDM) DRV:[b]64bit:[/b] - [2008-11-10 17:23:48 | 000,831,744 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\TridVid6010.sys -- (TridVid6010) DRV:[b]64bit:[/b] - [2008-11-09 23:06:38 | 000,020,992 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tridhid6010.sys -- (tridhid) DRV:[b]64bit:[/b] - [2008-11-04 04:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - [2008-10-16 09:08:08 | 000,183,296 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:[b]64bit:[/b] - [2008-04-22 08:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64) DRV:[b]64bit:[/b] - [2008-01-21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2007-07-09 14:17:44 | 000,110,592 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys -- (GT72NDISIPXP) DRV:[b]64bit:[/b] - [2007-06-26 13:39:10 | 000,070,656 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys -- (GT72UBUS) DRV:[b]64bit:[/b] - [2007-06-26 09:45:14 | 000,362,496 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WMP54Gv41x64.sys -- (rt61x64) DRV:[b]64bit:[/b] - [2007-03-30 13:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtptser.sys -- (GTPTSER) DRV:[b]64bit:[/b] - [2006-11-02 07:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV - [2010-05-26 10:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010-05-13 19:52:18 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100526.039\EX64.SYS -- (NAVEX15) DRV - [2010-05-13 19:52:18 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010-05-13 19:52:18 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100526.039\ENG64.SYS -- (NAVENG) DRV - [2009-10-29 00:37:22 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSviA64.sys -- (IDSVia64) DRV - [2009-06-16 15:41:52 | 000,024,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2008-01-21 04:49:57 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb) DRV - [2007-08-06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2006-09-18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2006-09-18 23:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2004-06-22 15:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010-04-27 12:39:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-02-02 23:01:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-02-02 23:01:13 | 000,000,000 | ---D | M] [2009-07-02 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\oem.oem-PC\AppData\Roaming\mozilla\Extensions [2010-02-02 23:11:29 | 000,000,000 | ---D | M] -- C:\Users\oem.oem-PC\AppData\Roaming\mozilla\Firefox\Profiles\bhjkndti.default\extensions [2010-01-24 12:58:35 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\oem.oem-PC\AppData\Roaming\mozilla\Firefox\Profiles\bhjkndti.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-08-11 09:18:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\oem.oem-PC\AppData\Roaming\mozilla\Firefox\Profiles\bhjkndti.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-09-26 12:57:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\oem.oem-PC\AppData\Roaming\mozilla\Firefox\Profiles\bhjkndti.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-24 12:58:46 | 000,001,201 | ---- | M] () -- C:\Users\oem.oem-PC\AppData\Roaming\Mozilla\FireFox\Profiles\bhjkndti.default\searchplugins\winamp-search.xml [2010-05-27 20:40:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-02-02 23:00:56 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-02-02 23:00:56 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-02-02 23:00:56 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-02-02 23:00:56 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-02-02 23:00:56 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-02-02 23:00:57 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\oem.oem-PC\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8:[b]64bit:[/b] - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.239.100.1 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\oem.oem-PC\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\oem.oem-PC\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{57983659-49fb-11df-8f12-00241d103d97}\Shell\AutoRun\command - "" = F:\ste8.bat -- File not found O33 - MountPoints2\{57983659-49fb-11df-8f12-00241d103d97}\Shell\open\Command - "" = F:\ste8.bat -- File not found O33 - MountPoints2\{bf65161b-8fe1-11de-bc80-00241d103d97}\Shell - "" = AutoRun O33 - MountPoints2\{bf65161b-8fe1-11de-bc80-00241d103d97}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-05-09 14:35:36 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2010-05-09 14:35:36 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010-05-09 14:35:35 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2010-05-09 14:35:35 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2010-05-09 14:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-05-27 20:47:01 | 000,691,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-05-27 20:47:01 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-05-27 20:47:01 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-05-27 20:47:01 | 000,012,980 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-05-27 20:47:01 | 000,004,414 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-05-27 20:45:38 | 002,621,440 | -HS- | M] () -- C:\Users\oem.oem-PC\NTUSER.DAT [2010-05-27 20:40:43 | 000,004,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-05-27 20:40:42 | 000,004,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-05-27 20:40:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-05-27 20:40:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-05-27 20:38:47 | 000,524,288 | -HS- | M] () -- C:\Users\oem.oem-PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010-05-27 20:38:47 | 000,065,536 | -HS- | M] () -- C:\Users\oem.oem-PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010-05-27 20:38:43 | 003,219,128 | -H-- | M] () -- C:\Users\oem.oem-PC\AppData\Local\IconCache.db [2010-05-27 20:07:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792590447-2585905357-1400467925-1001UA.job [2010-05-27 19:41:09 | 000,224,256 | ---- | M] () -- C:\Users\oem.oem-PC\Desktop\WI.ppt [2010-05-25 16:34:38 | 000,107,008 | ---- | M] () -- C:\Users\oem.oem-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-23 14:39:12 | 600,659,470 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010-05-23 13:51:15 | 000,000,036 | ---- | M] () -- C:\Users\oem.oem-PC\AppData\Roaming\TheHunterSettings.cfg [2010-05-23 13:50:50 | 000,118,489 | ---- | M] () -- C:\Users\oem.oem-PC\Desktop\WI.odp [2010-05-23 13:07:00 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792590447-2585905357-1400467925-1001Core.job [2010-05-22 12:33:04 | 000,035,905 | ---- | M] () -- C:\Users\oem.oem-PC\Desktop\Heroes+Season+4+[2009+-+2010]+HDTV+XviD-[ICEMAN][h33t].torrent [2010-05-17 21:36:25 | 000,408,127 | ---- | M] () -- C:\Users\oem.oem-PC\Desktop\Pierwsza gra.jpg [2010-05-17 21:35:55 | 000,665,687 | ---- | M] () -- C:\Users\oem.oem-PC\Desktop\Pierwsza Gra.w3g [2010-05-16 21:04:15 | 000,336,350 | ---- | M] () -- C:\Users\oem.oem-PC\Desktop\bnety 2.jpg [2010-05-16 20:11:48 | 000,427,694 | ---- | M] () -- C:\Users\oem.oem-PC\Desktop\Bnety.jpg [2010-05-09 14:36:56 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Bloodline Champions.lnk [2010-05-08 14:04:07 | 000,341,027 | ---- | M] () -- C:\Users\oem.oem-PC\Desktop\Puck.jpg [2010-04-30 16:06:42 | 000,403,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-05-24 16:43:04 | 000,224,256 | ---- | C] () -- C:\Users\oem.oem-PC\Desktop\WI.ppt [2010-05-22 15:02:14 | 000,118,489 | ---- | C] () -- C:\Users\oem.oem-PC\Desktop\WI.odp [2010-05-22 12:33:04 | 000,035,905 | ---- | C] () -- C:\Users\oem.oem-PC\Desktop\Heroes+Season+4+[2009+-+2010]+HDTV+XviD-[ICEMAN][h33t].torrent [2010-05-17 21:36:51 | 000,665,687 | ---- | C] () -- C:\Users\oem.oem-PC\Desktop\Pierwsza Gra.w3g [2010-05-17 21:36:25 | 000,408,127 | ---- | C] () -- C:\Users\oem.oem-PC\Desktop\Pierwsza gra.jpg [2010-05-16 21:04:15 | 000,336,350 | ---- | C] () -- C:\Users\oem.oem-PC\Desktop\bnety 2.jpg [2010-05-16 20:11:48 | 000,427,694 | ---- | C] () -- C:\Users\oem.oem-PC\Desktop\Bnety.jpg [2010-05-09 14:36:56 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\Bloodline Champions.lnk [2010-05-08 14:04:06 | 000,341,027 | ---- | C] () -- C:\Users\oem.oem-PC\Desktop\Puck.jpg [2010-04-16 19:48:47 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2010-03-28 19:25:50 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010-03-28 19:25:50 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010-03-28 19:25:50 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010-02-14 01:00:53 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009-09-17 18:02:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009-09-17 18:02:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-08-23 15:42:09 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009-06-27 23:30:19 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009-06-27 15:38:02 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2009-06-27 15:30:51 | 000,000,396 | ---- | C] () -- C:\Windows\lgfwup.ini [2009-06-17 08:18:19 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI [2009-06-16 15:34:34 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2008-01-21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007-07-23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007-07-23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007-07-23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007-07-23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007-04-21 00:38:16 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\imon.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2AD56BE7 < End of report >