OTL logfile created on: 2013-05-11 18:43:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 3,16 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 64,65% Memory free 6,33 Gb Paging File | 5,23 Gb Available in Paging File | 82,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 73,47 Gb Free Space | 31,55% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 189,57 Gb Free Space | 40,70% Space Free | Partition Type: NTFS Computer Name: GEGENER-E3NKTI3 | User Name: 100040110 | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-05-11 18:37:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Windows\system32\afasrv32.exe -- (AfaService) SRV - [2013-04-17 13:39:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-02-01 09:39:35 | 000,166,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2013-01-31 11:10:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-10-30 19:10:48 | 000,196,624 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe -- (NitroReaderDriverReadSpool3) SRV - [2012-07-03 17:57:20 | 000,489,120 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent) SRV - [2012-06-07 11:41:28 | 000,159,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2012-05-31 09:51:16 | 000,163,200 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2011-11-15 17:06:00 | 000,132,672 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2011-09-14 21:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2011-06-17 12:30:20 | 000,859,448 | ---- | M] (WebEx Communications Inc.) [Auto | Stopped] -- C:\Program Files\WebEx\Connect\apUpdate.exe -- (Cisco WebEx Connect Upgrade Service) SRV - [2011-01-24 19:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010-04-26 15:16:16 | 000,208,648 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\DSM\bin\caf.exe -- (caf) SRV - [2010-04-10 22:13:16 | 000,189,808 | ---- | M] (Juniper Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService) SRV - [2010-04-10 21:43:08 | 000,136,560 | ---- | M] (Juniper Networks) [On_Demand | Stopped] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService) SRV - [2010-03-23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010-03-17 08:40:14 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2010-03-09 18:25:30 | 000,181,512 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\SC\CAM\bin\cam.exe -- (CA-MessageQueuing) SRV - [2010-03-05 12:06:26 | 000,169,224 | ---- | M] (CA Inc.) [Auto | Stopped] -- C:\Program Files\CA\SC\Csam\SockAdapter\bin\CSAMPmux.exe -- (CA-SAM-Pmux) SRV - [2010-02-10 11:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) SRV - [2010-01-22 22:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2010-01-22 22:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010-01-22 22:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010-01-22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2009-10-12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2009-10-02 11:19:16 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager) SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-03-02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2013-04-04 03:09:38 | 000,042,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FireNfcp.sys -- (FireNfcp) DRV - [2013-02-01 09:39:35 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2013-02-01 09:39:35 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012-07-03 17:58:20 | 000,147,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2012-06-07 11:41:28 | 000,477,584 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012-06-07 11:41:28 | 000,348,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2012-06-07 11:41:28 | 000,215,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012-06-07 11:41:28 | 000,180,720 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2012-06-07 11:41:28 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012-06-07 11:41:28 | 000,065,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2012-02-03 15:11:50 | 000,345,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2011-03-23 07:51:56 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjxp.sys -- (O2SDJRDR) DRV - [2011-01-24 19:57:18 | 000,435,200 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011-01-04 08:41:58 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR) DRV - [2011-01-03 20:57:32 | 000,060,192 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdfxp.sys -- (O2MDFRDR) DRV - [2010-12-13 15:33:36 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler) DRV - [2010-12-03 04:02:06 | 000,078,712 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxpserx.sys -- (SNXPSERX) DRV - [2010-12-03 04:00:46 | 000,086,392 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX) DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010-11-20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010-11-20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-11-19 04:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010-11-19 04:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010-10-28 01:41:02 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) DRV - [2010-10-19 04:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2010-10-19 04:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2010-10-15 10:27:20 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010-10-01 03:07:44 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2010-08-24 08:46:02 | 000,022,736 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btpmw32.sys -- (BCMTPM) DRV - [2010-08-20 21:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn) DRV - [2010-07-16 22:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2010-07-16 22:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010-04-14 08:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010-04-10 21:27:08 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\odFIPS2.sys -- (odFips2) DRV - [2010-04-10 21:27:08 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\odFIPS.sys -- (odFips) DRV - [2010-03-23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010-03-13 03:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2010-02-25 02:11:06 | 000,420,336 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jnprna.sys -- (jnprna) DRV - [2010-02-25 02:11:06 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jnprvamgr.sys -- (JnprVaMgr) DRV - [2010-02-25 02:11:06 | 000,012,288 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jnprva.sys -- (jnprva) DRV - [2010-01-22 22:57:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2010-01-22 22:57:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2010-01-22 22:57:54 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2010-01-22 22:57:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2010-01-22 22:56:46 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport) DRV - [2010-01-22 22:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2010-01-22 18:13:00 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2010-01-22 18:13:00 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb) DRV - [2010-01-22 18:13:00 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2009-11-03 23:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2009-10-12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009-10-02 11:18:30 | 000,012,416 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SbRegFlt.sys -- (SbRegFlt) DRV - [2009-10-02 11:18:27 | 000,006,496 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009-10-02 11:18:23 | 000,033,328 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RsvLock.sys -- (RsvLock) DRV - [2009-10-02 11:18:16 | 000,034,480 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SbFlop.sys -- (SbFlop) DRV - [2009-10-02 11:17:57 | 000,103,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009-09-14 23:23:40 | 000,016,000 | ---- | M] (Panasonic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pantbtnh.sys -- (PANTBTNH) DRV - [2009-09-14 23:23:40 | 000,006,144 | ---- | M] (Panasonic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pantbfh.sys -- (PANTBFH) DRV - [2009-08-10 22:05:34 | 000,063,872 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser) DRV - [2009-08-10 22:05:34 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm) DRV - [2009-06-30 18:50:22 | 000,053,568 | ---- | M] (Panasonic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\newmisc.sys -- (NewMisc) DRV - [2009-06-22 20:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009-06-22 20:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009-06-18 05:53:40 | 000,011,176 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomhidfilter.sys -- (wacomhidfilter) DRV - [2009-06-09 18:29:44 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OSDACPI.SYS -- (ACPIService) DRV - [2009-04-17 00:50:16 | 000,012,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcm.sys -- (tcm) DRV - [2009-03-10 17:49:08 | 000,024,640 | ---- | M] (Panasonic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hotkey.sys -- (HOTKEY) DRV - [2008-11-16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008-08-13 19:51:42 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SBAlg) DRV - [2007-12-07 02:20:42 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HBtnKey.sys -- (HBtnKey) DRV - [2007-07-30 17:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-07-30 16:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007-02-24 20:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-01-18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://healthcare.home.ge.com IE - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://healthcare.home.ge.com IE - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\..\SearchScopes,DefaultScope = {718FD974-56B7-4315-B193-DBF59362A97C} IE - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\..\SearchScopes\{718FD974-56B7-4315-B193-DBF59362A97C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://gems.setpac.ge.com/pac.pac [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013-05-11 18:29:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-02 21:41:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-02 21:41:58 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130201083954.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (SupportCentral) - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\Windows\System32\SCToolBar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CAF_SystemTray] C:\Program Files\CA\DSM\bin\cfSysTray.exe (CA, Inc.) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DsmSxplog] C:\Program Files\CA\DSM\Bin\sxpstub.exe (CA, Inc.) O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (Juniper Networks, Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SafeBootTokenWatcher] C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe (McAfee, Inc.) O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe () O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [USBestCR] C:\Program Files\USIM Editor\iconcs749818.exe () O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\100040110\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = \\euro.med.ge.com\netlogon\Unicenter\DSMSDAMV3.EXE O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1 O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O7 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: ge.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = clients.em.health.ge.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4469D417-6467-472A-BE90-74D00ADFF268}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1962744943-1077359737-637696952-243816 Winlogon: Shell - (C:\Users\100040110\AppData\Roaming\skype.dat) - C:\Users\100040110\AppData\Roaming\skype.dat () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-02-02 14:03:59 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ] O33 - MountPoints2\{3803acee-8183-11e2-86da-68a3c44b437e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{6345cdf5-ac01-11e2-91b1-68a3c44b437e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{919ad8d0-7420-11e2-86e8-68a3c44b437e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bf26ed0e-7e32-11e2-8d7b-9825882da4e8}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d33c01aa-7dd4-11e2-9ccf-af000e48fdf8}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ea4066c5-6c0d-11e2-b39a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\prezentacja.exe O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-05-11 18:02:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013-05-11 16:58:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013-05-11 16:58:30 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2013-05-03 14:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2013-04-26 09:03:15 | 000,000,000 | ---D | C] -- C:\Users\100040110\AppData\Roaming\FileOpen [2013-04-26 09:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen [2013-04-21 17:44:28 | 000,000,000 | ---D | C] -- C:\Users\100040110\AppData\Local\M-Photo_Ltd [2013-04-21 14:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\M-Photo [2013-04-21 14:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Colorland.pl [2013-04-21 14:25:02 | 000,000,000 | ---D | C] -- C:\Colorland [2013-04-21 14:24:53 | 000,000,000 | ---D | C] -- C:\EasyColor_Basic_2_0 [2013-04-15 19:17:44 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013-04-15 19:17:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013-04-15 19:17:35 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013-04-15 19:17:35 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013-04-15 19:17:09 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013-04-15 19:17:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013-04-15 19:16:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013-04-15 19:16:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013-04-15 19:16:40 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013-04-15 19:16:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013-04-15 19:16:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013-04-14 11:07:44 | 000,027,152 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2013-04-14 11:07:44 | 000,018,448 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2013-04-14 11:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro [2013-04-14 11:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro [2013-04-14 11:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro [2013-04-14 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\100040110\AppData\Roaming\PDF Architect [2013-04-14 11:04:14 | 000,000,000 | ---D | C] -- C:\Users\100040110\AppData\Roaming\pdfforge [2013-04-14 11:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013-04-14 11:04:05 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2013-04-14 11:04:05 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2013-04-14 11:04:05 | 000,088,576 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2013-04-14 11:04:04 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2013-04-14 11:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013-04-14 11:04:03 | 000,000,000 | ---D | C] -- C:\Users\100040110\AppData\Roaming\OpenCandy [2013-04-14 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\100040110\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2013-04-14 10:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\e-Deklaracje [2013-04-14 10:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-05-11 18:43:11 | 000,654,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-05-11 18:43:11 | 000,121,814 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-05-11 18:39:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-05-11 18:29:03 | 000,000,004 | ---- | M] () -- C:\Users\100040110\AppData\Roaming\skype.ini [2013-05-11 18:23:15 | 000,029,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-05-11 18:23:15 | 000,029,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-05-11 16:25:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013-05-11 12:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-05-10 16:34:44 | 819,389,439 | ---- | M] () -- C:\Users\100040110\100040110_new.pst [2013-05-10 16:34:44 | 1950,368,768 | ---- | M] () -- C:\Users\100040110\100040110.pst [2013-05-10 16:34:44 | 029,090,815 | ---- | M] () -- C:\Users\100040110\100040110_new1.pst [2013-05-10 16:26:18 | 000,028,054 | RHS- | M] () -- C:\Users\100040110\ntuser.pol [2013-05-10 16:26:12 | 000,036,199 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013-04-21 14:25:04 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Easy Color Basic 2.0.lnk [2013-04-21 14:24:52 | 018,049,933 | ---- | M] () -- C:\Windows\System32\Colorland.pl_Easy Color Basic 2.0_uninstaller.exe [2013-04-19 16:02:33 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Learn About Autonomy.lnk [2013-04-17 13:39:56 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-04-17 13:39:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-04-16 07:48:33 | 000,440,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-04-14 11:07:43 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk [2013-04-14 11:04:14 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013-04-14 10:41:24 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\e-Deklaracje.lnk [2013-04-14 10:38:30 | 000,011,761 | ---- | M] () -- C:\Users\100040110\AppData\Local\unins000.msg [2013-04-14 10:38:30 | 000,002,396 | ---- | M] () -- C:\Users\100040110\AppData\Local\unins000.dat [2013-04-14 10:38:26 | 000,707,504 | ---- | M] () -- C:\Users\100040110\AppData\Local\unins000.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-05-11 18:16:51 | 000,002,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2013-05-11 18:16:51 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-05-11 18:16:51 | 000,001,274 | ---- | C] () -- C:\Users\100040110\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-05-11 12:39:29 | 000,000,004 | ---- | C] () -- C:\Users\100040110\AppData\Roaming\skype.ini [2013-04-21 14:25:04 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Easy Color Basic 2.0.lnk [2013-04-21 14:24:52 | 018,049,933 | ---- | C] () -- C:\Windows\System32\Colorland.pl_Easy Color Basic 2.0_uninstaller.exe [2013-04-19 16:02:33 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Learn About Autonomy.lnk [2013-04-14 11:07:43 | 000,002,487 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk [2013-04-14 11:07:43 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk [2013-04-14 11:04:14 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013-04-14 10:41:24 | 000,000,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Deklaracje.lnk [2013-04-14 10:41:24 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\e-Deklaracje.lnk [2013-04-14 10:38:30 | 000,011,761 | ---- | C] () -- C:\Users\100040110\AppData\Local\unins000.msg [2013-04-14 10:38:29 | 000,707,504 | ---- | C] () -- C:\Users\100040110\AppData\Local\unins000.exe [2013-04-14 10:38:29 | 000,002,396 | ---- | C] () -- C:\Users\100040110\AppData\Local\unins000.dat [2013-02-02 21:31:23 | 000,209,639 | ---- | C] () -- C:\Windows\hpoins46.dat [2013-02-01 09:37:41 | 029,090,815 | ---- | C] () -- C:\Users\100040110\100040110_new1.pst [2013-02-01 09:33:39 | 819,389,439 | ---- | C] () -- C:\Users\100040110\100040110_new.pst [2013-02-01 09:32:25 | 1950,368,768 | ---- | C] () -- C:\Users\100040110\100040110.pst [2013-02-01 09:29:36 | 000,028,054 | RHS- | C] () -- C:\Users\100040110\ntuser.pol [2013-01-31 20:40:55 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI [2013-01-31 19:55:56 | 000,106,496 | ---- | C] () -- C:\Users\100040110\AppData\Roaming\skype.dat [2013-01-31 19:33:37 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll [2013-01-31 18:38:04 | 000,000,000 | ---- | C] () -- C:\Windows\GEHC7003-016-US.EXE [2013-01-31 18:30:10 | 000,036,199 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012-03-15 20:14:29 | 000,012,952 | ---- | C] () -- C:\Windows\System32\drivers\tcm.sys [2012-03-15 20:14:23 | 000,016,456 | ---- | C] () -- C:\Windows\System32\drivers\OSDACPI.SYS [2012-03-15 19:00:25 | 001,324,032 | ---- | C] () -- C:\Windows\System32\taboem.dll [2012-03-15 19:00:20 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\HBtnKey.sys [2012-03-15 18:58:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2012-03-15 16:18:49 | 000,960,940 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2012-03-15 16:16:11 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012-03-15 16:16:00 | 000,207,376 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2012-03-15 16:14:33 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2012-03-15 16:13:44 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2012-03-15 16:13:37 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-02-06 23:59:03 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\09D849B6-32D3-4a40-85EE-6B84BA29E35B [2013-02-24 11:16:20 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\blueconnect [2013-02-01 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\CA [2013-03-18 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\Connect [2013-04-14 10:41:28 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2013-04-26 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\FileOpen [2013-02-01 09:30:44 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\Funk Software [2013-02-12 08:20:00 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\GHISLER [2013-02-01 09:30:24 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\Juniper Networks [2013-04-14 11:04:03 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\OpenCandy [2013-04-14 11:05:35 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\PDF Architect [2013-04-14 11:04:14 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\pdfforge [2013-04-01 19:32:22 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\Podatnik.info [2013-02-03 07:59:50 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\Visan [2013-04-03 09:04:07 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\webex [2013-04-02 09:14:35 | 000,000,000 | ---D | M] -- C:\Users\100040110\AppData\Roaming\WebEx Connect [2013-01-31 19:17:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CA [2013-01-31 19:07:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juniper Networks [2013-01-31 19:01:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebEx Connect [color=#E56717]========== Purity Check ==========[/color] < End of report >