OTL logfile created on: 8/12/2012 10:49:41 PM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = F:\ 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2.86 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 64.11% Memory free 5.72 Gb Paging File | 4.71 Gb Available in Paging File | 82.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58.22 Gb Total Space | 28.76 Gb Free Space | 49.40% Space Free | Partition Type: NTFS Drive D: | 174.56 Gb Total Space | 108.42 Gb Free Space | 62.11% Space Free | Partition Type: NTFS Drive F: | 3.72 Gb Total Space | 0.33 Gb Free Space | 8.82% Space Free | Partition Type: FAT32 Computer Name: LPLJELZ4814 | User Name: gayerba | NOT logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/08/12 21:06:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- F:\OTL.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012/03/01 08:47:28 | 000,408,408 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider) SRV:[b]64bit:[/b] - [2012/03/01 08:37:40 | 002,117,464 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient) SRV:[b]64bit:[/b] - [2012/03/01 08:31:49 | 000,265,048 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe -- (AeXAgentSrvHost) SRV:[b]64bit:[/b] - [2011/05/18 09:44:20 | 000,268,648 | ---- | M] () [On_Demand | Unknown] -- C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe -- (ConfigService) SRV:[b]64bit:[/b] - [2010/01/27 15:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:[b]64bit:[/b] - [2009/12/16 15:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:[b]64bit:[/b] - [2009/11/18 04:19:46 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (nsi) SRV:[b]64bit:[/b] - [2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (NlaSvc) SRV:[b]64bit:[/b] - [2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (lmhosts) SRV:[b]64bit:[/b] - [2009/07/08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:[b]64bit:[/b] - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Unknown] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe -- (AESTFilters) SRV:[b]64bit:[/b] - [2003/11/28 13:24:54 | 000,249,856 | ---- | M] (DameWare Development) [On_Demand | Unknown] -- C:\Windows\SysNative\DWRCS.EXE -- (DWMRCS) SRV - [2011/12/16 17:12:48 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2011/12/16 17:12:48 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2011/12/16 17:12:46 | 003,262,240 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2011/12/16 17:12:46 | 000,428,976 | ---- | M] (Symantec Corporation) [Disabled | Unknown] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2011/12/16 17:12:44 | 001,851,224 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Unknown] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/05/26 19:14:20 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2011/01/06 15:06:10 | 000,142,224 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe -- (awhost32) SRV - [2010/09/26 19:55:30 | 004,142,608 | ---- | M] (Check Point Software Technologies) [Auto | Unknown] -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe -- (TracSrvWrapper) SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Unknown] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/05/24 12:34:59 | 003,391,488 | ---- | M] (IBM Corp) [Auto | Unknown] -- C:\Program Files (x86)\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/12 20:27:18 | 000,082,760 | ---- | M] (Smith Micro Software, Inc.) [Auto | Unknown] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe -- (SMManager) SRV - [2010/03/05 00:38:02 | 000,071,096 | ---- | M] () [Auto | Unknown] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010/01/19 09:58:12 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Unknown] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe -- (QDLService2kHP) SRV - [2009/11/18 04:19:46 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe -- (STacSV) SRV - [2009/09/29 12:29:24 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Unknown] -- C:\Program Files (x86)\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Unknown] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe -- (AESTFilters) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/02/20 18:04:53 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2011/12/16 17:12:52 | 000,054,392 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS) DRV:[b]64bit:[/b] - [2011/12/16 17:12:50 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL) DRV:[b]64bit:[/b] - [2011/12/16 17:12:50 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Unknown] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2011/12/16 17:12:50 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX) DRV:[b]64bit:[/b] - [2011/08/18 12:14:04 | 000,053,880 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\Teefer3.sys -- (Teefer3) DRV:[b]64bit:[/b] - [2010/11/23 16:08:30 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper) DRV:[b]64bit:[/b] - [2010/09/21 11:56:12 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/08/31 12:03:21 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010/08/31 12:03:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2010/08/31 12:03:19 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2010/08/31 12:02:58 | 000,503,296 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2010/08/31 12:00:53 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2010/08/31 12:00:12 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2010/01/19 09:53:46 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\qcusbnethp2k.sys -- (qcusbnethp2k) DRV:[b]64bit:[/b] - [2010/01/19 09:53:46 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\qcusbserhp2k.sys -- (qcusbserhp2k) DRV:[b]64bit:[/b] - [2010/01/19 09:53:46 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\qcfilterhp2k.sys -- (qcfilterhp2k) DRV:[b]64bit:[/b] - [2010/01/07 10:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:[b]64bit:[/b] - [2009/12/30 17:25:54 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\vnaap.sys -- (vna_ap) DRV:[b]64bit:[/b] - [2009/10/10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2009/10/02 20:23:28 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:[b]64bit:[/b] - [2009/09/17 19:05:22 | 001,805,104 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2009/07/08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:[b]64bit:[/b] - [2009/07/08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:[b]64bit:[/b] - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:[b]64bit:[/b] - [2009/02/13 21:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:[b]64bit:[/b] - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012/08/09 09:16:49 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 09:16:49 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/07/26 08:56:22 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120809.033\ex64.sys -- (NAVEX15) DRV - [2012/07/26 08:56:22 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120809.033\eng64.sys -- (NAVENG) DRV - [2011/12/16 17:12:50 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2011/12/16 17:12:50 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Unknown] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2011/12/16 17:12:50 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2009/11/12 15:48:58 | 000,005,504 | ---- | M] () [File_System | On_Demand | Unknown] -- C:\Windows\SysWow64\StarOpen.sys -- (StarOpen) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 BD 48 46 B6 4D CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{92F24ACD-9131-41C9-B592-F12DEB456A03}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.numico.net;*.danweb.danet;*.numico.com;10.*;195.*;*.danet;172.*; IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: c:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011/04/28 20:24:12 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com) O4:[b]64bit:[/b] - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe (Hewlett-Packard) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4:[b]64bit:[/b] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IPCheckTool] C:\Program Files (x86)\IPCheckTool\IPCheck.exe (Microsoft) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Check Point Endpoint Security] C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Connection Manager.exe] File not found O4 - HKCU..\Run: [CUCore Agent] d:\users\gayerba\AppData\Local\Radvision\Conference Client\7.11.3.317\ConfAgent.exe (RADVISION Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = plwar.danet O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{887D5B73-A82D-4C75-813E-5ACB08B51056}: NameServer = 79.163.127.70 217.116.100.65 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED195F44-3C6E-46CC-80C0-B9AD1611C540}: DhcpNameServer = 10.30.74.10 10.30.74.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA170C4C-DC17-4CC1-A191-0DE5B802BD40}: DhcpNameServer = 192.168.1.254 O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\saphtmlp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\sapr3 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (AMINIT64.DLL) - C:\Windows\SysNative\AMInit64.dll (Altiris Inc) O20 - AppInit_DLLs: (AMINIT32.DLL) - C:\Windows\SysWow64\AMInit32.dll (Altiris Inc) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{65463897-f92f-11df-b971-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{65463897-f92f-11df-b971-00a0c6000000}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{a268585a-f93e-11df-802e-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{a268585a-f93e-11df-802e-00a0c6000000}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/08/09 08:44:03 | 000,000,000 | ---D | C] -- d:\users\gayerba\AppData\Roaming\smkits [2010/11/23 17:30:43 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll [2010/11/23 17:30:41 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll [2010/11/23 17:30:39 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll [2010/11/23 17:30:33 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/08/12 22:47:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/12 22:46:54 | 2304,094,208 | -HS- | M] () -- C:\hiberfil.sys [2012/08/12 22:09:46 | 000,614,903 | ---- | M] () -- d:\users\gayerba\Desktop\adwcleaner.exe [2012/08/12 21:43:48 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/12 21:43:48 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/12 21:43:48 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/09 09:35:09 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/09 09:35:09 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/01 12:28:05 | 000,047,307 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/07/26 13:03:04 | 000,339,147 | ---- | M] () -- d:\users\gayerba\Desktop\amalteaII_sw.pdf [2012/07/26 09:37:03 | 000,830,325 | ---- | M] () -- d:\users\gayerba\Desktop\oferta_cima_krakow-warszawa_jesien_2012.pdf [2012/07/26 08:51:01 | 000,003,094 | RHS- | M] () -- d:\users\gayerba\ntuser.pol [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/08/12 22:40:55 | 000,614,903 | ---- | C] () -- d:\users\gayerba\Desktop\adwcleaner.exe [2012/07/26 13:03:04 | 000,339,147 | ---- | C] () -- d:\users\gayerba\Desktop\amalteaII_sw.pdf [2012/07/26 09:37:03 | 000,830,325 | ---- | C] () -- d:\users\gayerba\Desktop\oferta_cima_krakow-warszawa_jesien_2012.pdf [2011/12/27 13:17:49 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/12/27 13:17:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/03/01 09:33:15 | 000,003,094 | RHS- | C] () -- d:\users\gayerba\ntuser.pol [2010/11/26 10:10:46 | 000,000,227 | ---- | C] () -- C:\Windows\WINCMD.INI [2010/11/26 10:00:00 | 000,003,769 | ---- | C] () -- C:\Windows\saplogon.ini [2010/11/23 18:09:28 | 000,000,000 | ---- | C] () -- C:\Windows\WINAWSVR.INI [2010/11/23 18:05:59 | 000,047,307 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/11/23 17:30:36 | 001,124,864 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt [2010/11/23 17:30:34 | 001,129,984 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt [2010/11/23 17:20:38 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll [2010/11/23 17:20:37 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll [2010/11/23 17:20:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll [2010/11/23 17:20:33 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll [2010/11/23 17:20:33 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll [2010/11/23 17:19:13 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\vtssm32.dll [2010/11/23 16:54:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/11/23 16:51:38 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010/11/23 16:04:20 | 000,000,161 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2010/11/23 16:01:37 | 000,000,155 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini [2010/11/23 14:46:29 | 000,256,560 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2010/11/23 14:46:29 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2010/11/23 14:46:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010/11/23 14:46:28 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010/11/23 14:46:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/11/23 14:46:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/11/23 14:46:25 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010/11/23 14:46:24 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010/11/23 18:06:25 | 000,000,052 | ---- | M] ()(C:\Windows\????) -- C:\Windows\瞝ƜɊ [2010/11/23 18:06:25 | 000,000,052 | ---- | C] ()(C:\Windows\????) -- C:\Windows\瞝ƜɊ [2010/11/23 18:01:39 | 000,000,052 | ---- | M] ()(C:\Windows\???L) -- C:\Windows\矐Ɯ£ [2010/11/23 18:01:39 | 000,000,052 | ---- | C] ()(C:\Windows\???L) -- C:\Windows\矐Ɯ£ [2010/11/23 16:36:50 | 000,000,052 | ---- | M] ()(C:\Windows\????) -- C:\Windows\睄Ɯɉ [2010/11/23 16:36:50 | 000,000,052 | ---- | C] ()(C:\Windows\????) -- C:\Windows\睄Ɯɉ [2010/11/23 16:19:25 | 000,000,052 | ---- | M] ()(C:\Windows\????) -- C:\Windows\相Ɯɐ [2010/11/23 16:19:25 | 000,000,052 | ---- | C] ()(C:\Windows\????) -- C:\Windows\相Ɯɐ [2010/11/23 15:56:31 | 000,000,052 | ---- | M] ()(C:\Windows\????) -- C:\Windows\睏Ɯɬ [2010/11/23 15:56:31 | 000,000,052 | ---- | C] ()(C:\Windows\????) -- C:\Windows\睏Ɯɬ [2010/09/14 15:46:46 | 000,000,104 | ---- | M] ()(C:\Windows\????) -- C:\Windows\矦Ɯɦ [2010/09/14 15:46:41 | 000,000,104 | ---- | C] ()(C:\Windows\????) -- C:\Windows\矦Ɯɦ < End of report >