OTL logfile created on: 2012-11-18 11:48:36 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = D:\gry 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,97 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 79,46% Memory free 5,93 Gb Paging File | 5,37 Gb Available in Paging File | 90,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 28,67 Gb Free Space | 38,47% Space Free | Partition Type: NTFS Drive D: | 204,03 Gb Total Space | 173,66 Gb Free Space | 85,11% Space Free | Partition Type: NTFS Computer Name: DOM | User Name: agnieszka | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-12 12:21:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\gry\OTL.exe PRC - [2012-05-16 16:54:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-05-16 16:54:11 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2007-06-15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007-06-02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2007-08-08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2012-11-17 18:25:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-09-23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-05-16 16:54:11 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-04-22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010-06-07 13:25:52 | 000,047,776 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-05-24 15:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-03-31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-11-08 19:10:28 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:[b]64bit:[/b] - [2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b]64bit:[/b] - [2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2012-10-15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-08-23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012-07-28 14:15:17 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2012-04-22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2012-04-21 08:09:24 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:[b]64bit:[/b] - [2012-04-21 08:09:24 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-10-01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2011-10-01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2011-10-01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2011-10-01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2011-08-02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011-06-27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2010-12-11 09:53:32 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2010-07-21 14:29:10 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:[b]64bit:[/b] - [2010-06-07 10:08:54 | 000,294,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2010-06-07 10:08:54 | 000,202,792 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2010-06-07 10:08:54 | 000,156,392 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2010-06-07 10:08:54 | 000,052,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2010-06-07 10:08:54 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2010-06-07 10:08:54 | 000,032,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2010-04-21 05:02:00 | 000,005,632 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rminiv3.sys -- (mirrorv3) DRV:[b]64bit:[/b] - [2009-12-15 13:41:32 | 000,346,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) DRV:[b]64bit:[/b] - [2009-10-15 10:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2009-08-23 06:08:07 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:[b]64bit:[/b] - [2009-08-21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:[b]64bit:[/b] - [2009-08-13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:[b]64bit:[/b] - [2009-08-06 22:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009-07-20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2009-06-18 20:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:[b]64bit:[/b] - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-06-05 11:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2009-05-18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009-05-13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2008-05-24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:[b]64bit:[/b] - [2008-05-16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:[b]64bit:[/b] - [2008-05-16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:[b]64bit:[/b] - [2008-05-16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:[b]64bit:[/b] - [2008-05-16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:[b]64bit:[/b] - [2008-05-16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:[b]64bit:[/b] - [2008-05-16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:[b]64bit:[/b] - [2008-05-16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:[b]64bit:[/b] - [2007-07-24 19:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV:[b]64bit:[/b] - [2000-01-01 01:00:00 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2010-01-29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutA0EyE0B0DyC0E0FyBzzyByByB0Fzz0AtN0D0Tzu0CtAtBtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=305560380 IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{04AC2A37-DDC2-CF09-1D6A-7EC6BF053921}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutA0EyE0B0DyC0E0FyBzzyByByB0Fzz0AtN0D0Tzu0CtAtBtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=305560380 IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutA0EyE0B0DyC0E0FyBzzyByByB0Fzz0AtN0D0Tzu0CtAtBtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=305560380 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes,DefaultScope = {04AC2A37-DDC2-CF09-1D6A-7EC6BF053921} IE - HKLM\..\SearchScopes\{04AC2A37-DDC2-CF09-1D6A-7EC6BF053921}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutA0EyE0B0DyC0E0FyBzzyByByB0Fzz0AtN0D0Tzu0CtAtBtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=305560380 IE - HKLM\..\SearchScopes\{4B4BFBC3-50E2-9899-6ACF-77C3FF096552}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=7ccd4dc1-db84-46ef-9471-d3c7b1170d49&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "https://www.google.pl/" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledAddons: fasttrans@kemot:1.09 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/CARDS,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\CARDS\NPCARDS.dll (Ganymede Technologies) FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: D:\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-12 15:27:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-16 16:54:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-11-17 20:34:06 | 000,000,000 | ---D | M] [2010-08-28 18:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\agnieszka\AppData\Roaming\Mozilla\Extensions [2012-11-15 19:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\pvg0hc8k.default\extensions [2012-05-27 17:00:33 | 000,000,000 | ---D | M] (Fast Translation) -- C:\Users\agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\pvg0hc8k.default\extensions\fasttrans@kemot [2012-07-25 18:16:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\pvg0hc8k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-15 10:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012-11-01 19:10:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-05-16 16:54:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011-07-15 12:24:46 | 000,874,664 | ---- | M] (Ganymede Technologies) -- C:\Program Files (x86)\mozilla firefox\plugins\NPCARDS.dll [2010-03-16 12:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2012-05-16 16:54:08 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-05-16 16:54:08 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-05-16 16:54:08 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-05-16 16:54:08 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-05-16 16:54:08 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-05-16 16:54:08 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-04-06 15:28:19 | 000,000,938 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4247853895-150000840-4203126317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC8C886E-D3FD-447A-9B5B-D8431A2A9E5A}: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEF11F7F-85EC-40EA-A27D-A5E6D8711059}: DhcpNameServer = 62.179.1.62 62.179.1.63 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKU\S-1-5-21-4247853895-150000840-4203126317-1001 Winlogon: Shell - (explorer.exe) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{09653ec4-92f8-11e1-b104-20cf3022aed5}\Shell - "" = AutoRun O33 - MountPoints2\{09653ec4-92f8-11e1-b104-20cf3022aed5}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{b32fc495-1e59-11e1-a511-20cf3022aed5}\Shell - "" = AutoRun O33 - MountPoints2\{b32fc495-1e59-11e1-a511-20cf3022aed5}\Shell\AutoRun\command - "" = F:\SH4Autorun.exe O33 - MountPoints2\{d9ef1e4e-d2b7-11e1-9fbe-20cf3022aed5}\Shell - "" = AutoRun O33 - MountPoints2\{d9ef1e4e-d2b7-11e1-9fbe-20cf3022aed5}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d9ef1e64-d2b7-11e1-9fbe-20cf3022aed5}\Shell - "" = AutoRun O33 - MountPoints2\{d9ef1e64-d2b7-11e1-9fbe-20cf3022aed5}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e1a42865-e676-11e0-9995-20cf3022aed5}\Shell - "" = AutoRun O33 - MountPoints2\{e1a42865-e676-11e0-9995-20cf3022aed5}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e1a4287b-e676-11e0-9995-20cf3022aed5}\Shell - "" = AutoRun O33 - MountPoints2\{e1a4287b-e676-11e0-9995-20cf3022aed5}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-11-18 08:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\save2pc [2012-11-17 20:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012-11-17 19:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods [2012-11-17 18:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install [2012-11-17 18:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012-11-17 10:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012-11-17 09:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\components [2012-11-17 03:36:25 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012-11-17 03:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime [2012-11-16 00:42:52 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012-11-16 00:42:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012-11-16 00:33:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012-11-16 00:33:20 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012-11-16 00:33:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012-11-16 00:33:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012-11-15 19:04:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012-11-15 19:04:51 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012-11-15 19:04:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012-11-15 19:04:37 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012-11-15 19:04:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012-11-15 19:04:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012-11-15 19:04:36 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012-11-15 19:04:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012-11-15 19:04:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012-11-15 19:04:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012-11-15 19:04:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012-11-13 01:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012-11-13 01:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012-11-13 00:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecs for Windows 7 Pack [2012-11-13 00:56:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP [2012-11-12 15:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus [2012-11-12 15:28:00 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012-11-12 15:27:59 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012-11-12 15:27:57 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012-11-12 15:27:57 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012-11-12 15:27:55 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012-11-12 15:27:55 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2012-11-12 15:27:53 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012-11-12 15:27:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012-11-12 15:27:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012-11-12 15:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012-11-12 15:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-11-12 15:02:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012-11-12 15:02:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012-11-12 15:02:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012-11-12 15:02:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012-11-12 15:02:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012-11-12 15:02:42 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012-11-12 15:02:42 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012-11-12 15:02:42 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012-11-12 15:02:42 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012-11-12 15:02:42 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012-11-12 15:02:42 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012-11-12 15:02:42 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012-11-12 15:02:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012-11-12 15:02:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012-11-12 15:02:42 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012-11-12 15:02:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012-11-12 15:02:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012-11-12 15:02:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012-11-12 15:02:42 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012-11-12 15:02:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012-11-12 15:02:41 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012-11-12 15:02:41 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012-11-12 15:02:41 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012-11-12 15:02:41 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012-11-12 15:01:41 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012-11-12 15:01:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012-11-12 15:01:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012-11-12 15:01:39 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012-11-12 14:44:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2012-11-12 12:18:54 | 000,287,304 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys [2012-11-12 11:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2012-11-10 17:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2012-11-10 17:34:25 | 000,000,000 | ---D | C] -- C:\Users\agnieszka\Documents\My ISO Files [2012-11-10 17:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2012-11-10 02:39:32 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-11-10 02:39:32 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-11-03 13:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart File Advisor [2012-11-03 11:34:51 | 000,000,000 | ---D | C] -- C:\Users\agnieszka\AppData\Roaming\Nero [2012-11-03 00:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware [2012-11-03 00:21:35 | 000,000,000 | ---D | C] -- C:\Users\agnieszka\AppData\Roaming\Easeware [2012-11-02 07:38:25 | 000,000,000 | ---D | C] -- C:\Users\agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter [2012-11-02 07:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter [2012-11-02 07:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter [2012-10-28 05:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120% [2012-10-28 05:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Franzis [2012-10-28 05:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2012-10-27 17:30:01 | 000,000,000 | ---D | C] -- C:\Users\agnieszka\AppData\Roaming\flashInstall [2012-10-27 16:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012-10-21 01:05:23 | 000,000,000 | ---D | C] -- C:\Users\agnieszka\AppData\Roaming\LegacyInteractive [2012-10-20 21:38:28 | 000,000,000 | ---D | C] -- C:\Users\agnieszka\AppData\Roaming\AlawarEntertainment [2012-10-20 19:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alawar.pl [2010-12-11 09:32:24 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\agnieszka\AppData\Roaming\pcouffin.sys [2008-08-12 05:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-11-18 11:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-11-18 11:25:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-11-18 07:09:00 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-11-18 07:09:00 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-11-18 07:02:13 | 000,000,044 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012-11-17 22:01:25 | 000,002,547 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012-11-17 20:34:06 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012-11-17 18:25:27 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-11-17 18:25:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-11-17 18:04:18 | 006,273,464 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-11-17 18:04:18 | 002,581,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-11-17 18:04:18 | 002,081,736 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-11-17 18:04:18 | 001,986,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-11-17 18:04:18 | 000,005,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-11-16 14:34:11 | 000,276,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-11-12 15:38:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012-11-12 15:28:01 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk [2012-11-12 15:24:05 | 000,000,266 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012-11-12 15:12:17 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012-11-12 12:18:54 | 000,287,304 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys [2012-11-12 11:32:22 | 000,000,640 | RHS- | M] () -- C:\Users\agnieszka\ntuser.pol [2012-11-10 22:17:11 | 000,000,124 | ---- | M] () -- C:\Users\agnieszka\Documents\ax_files.xml [2012-11-10 17:34:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk [2012-11-10 13:05:29 | 000,000,017 | ---- | M] () -- C:\Users\agnieszka\AppData\Local\resmon.resmoncfg [2012-11-09 00:12:49 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012-11-08 19:10:28 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012-11-02 07:38:25 | 000,001,942 | ---- | M] () -- C:\Users\agnieszka\Desktop\DVD Decrypter.lnk [2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012-10-30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012-10-30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012-10-30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012-10-30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012-10-28 05:42:09 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2012-10-27 16:51:47 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-11-17 20:34:06 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012-11-17 20:34:06 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012-11-16 00:42:57 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-16 00:33:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-11-12 15:28:01 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk [2012-11-12 15:12:17 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012-11-10 17:34:28 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk [2012-11-10 13:05:29 | 000,000,017 | ---- | C] () -- C:\Users\agnieszka\AppData\Local\resmon.resmoncfg [2012-11-10 12:43:40 | 000,000,640 | RHS- | C] () -- C:\Users\agnieszka\ntuser.pol [2012-11-10 02:39:34 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-11-02 07:38:25 | 000,001,942 | ---- | C] () -- C:\Users\agnieszka\Desktop\DVD Decrypter.lnk [2012-10-28 05:44:03 | 000,000,124 | ---- | C] () -- C:\Users\agnieszka\Documents\ax_files.xml [2012-10-28 05:42:09 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2012-10-27 16:51:47 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk [2012-09-25 18:25:54 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\proc-1830267680.bin [2012-08-26 22:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe [2012-08-21 04:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2012-08-21 04:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012-08-21 04:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2012-08-21 04:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2012-08-21 04:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2012-08-21 04:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2012-08-21 04:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2012-08-21 04:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2012-08-21 04:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2012-08-21 04:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2012-07-19 19:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2012-07-19 19:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll [2012-07-19 19:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll [2012-07-19 19:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2012-07-19 19:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2012-07-19 19:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll [2012-07-19 19:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll [2012-05-28 16:45:26 | 000,006,656 | ---- | C] () -- C:\Users\agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-02 22:22:18 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012-01-17 16:16:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012-01-02 13:19:10 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat [2011-12-07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll [2011-11-27 14:46:33 | 000,001,115 | ---- | C] () -- C:\Windows\SysWow64\SwiftShader.ini [2011-11-13 20:36:00 | 000,000,230 | ---- | C] () -- C:\ProgramData\settings.xml [2011-10-18 08:03:09 | 000,090,456 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011-10-09 20:32:54 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011-09-16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011-09-16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011-09-16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011-09-16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011-09-08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011-09-08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011-09-08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011-09-08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011-09-08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011-09-08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011-09-08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011-09-08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011-09-08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011-09-08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2011-08-09 11:24:49 | 000,000,000 | ---- | C] () -- C:\Users\agnieszka\AppData\Local\{907695DD-4ACE-4E76-BEB9-25CEAC064FFD} [2011-05-30 14:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011-05-23 08:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011-05-13 22:15:49 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011-04-09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-04-03 11:32:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011-03-03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2011-03-03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2011-03-03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2011-02-19 22:45:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\TeamViewer_Setup.exe [2011-02-07 17:32:51 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI [2011-01-29 21:37:41 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI [2011-01-16 17:08:52 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010-12-11 09:56:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\au3305adc.dll [2010-12-11 09:56:19 | 000,000,066 | ---- | C] () -- C:\Windows\Apollo DVD Copy.INI [2010-12-11 09:54:16 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll [2010-12-11 09:53:32 | 000,093,696 | ---- | C] () -- C:\Users\agnieszka\AppData\Roaming\ezpinst.exe [2010-12-11 09:32:24 | 000,099,384 | ---- | C] () -- C:\Users\agnieszka\AppData\Roaming\inst.exe [2010-12-11 09:32:24 | 000,007,176 | ---- | C] () -- C:\Users\agnieszka\AppData\Roaming\pcouffin.cat [2010-12-11 09:32:24 | 000,001,167 | ---- | C] () -- C:\Users\agnieszka\AppData\Roaming\pcouffin.inf [2010-12-10 20:41:19 | 000,000,245 | ---- | C] () -- C:\Users\agnieszka\AppData\Roaming\burnaware.ini [2010-10-24 05:43:04 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010-07-21 14:06:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009-04-08 18:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008-05-22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2002-07-01 15:13:30 | 000,000,229 | -HS- | C] () -- C:\Users\agnieszka\AppData\Roaming\matrox_drv16.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-03-25 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\4 Friends Games [2011-02-12 22:10:28 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Aerohills [2012-11-18 08:38:07 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\AIMP [2012-03-25 11:39:03 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Alawar [2012-03-31 06:56:55 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Alawar Entertainment [2012-02-13 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Alawar Stargaze [2012-10-20 21:38:28 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\AlawarEntertainment [2012-04-09 16:26:32 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Amaranth Games [2012-09-23 15:04:01 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Artifex Mundi [2012-04-08 12:03:44 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Artogon [2012-10-03 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Ashampoo [2012-02-12 11:35:24 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Asus WebStorage [2011-05-21 02:30:11 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\AVG10 [2012-07-18 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Awem [2011-11-28 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Big Fish Games [2012-07-18 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\BlamGames [2012-10-21 08:19:32 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Blue Tea Games [2011-10-12 21:13:48 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Boomzap [2011-11-27 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Casual Box [2012-05-13 18:27:46 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\CasualMechanics [2012-02-13 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\cerasus.media [2011-03-24 19:58:19 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\ChaYoWo Games [2011-11-11 16:40:10 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Crown [2011-10-23 05:56:37 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Daedalic Entertainment [2012-03-25 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\DAEMON Tools Lite [2010-09-05 21:03:06 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\DAEMON Tools Net [2012-05-13 14:44:57 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\DailyMagic [2012-04-01 14:38:48 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Dark Blue Games [2011-11-27 17:35:42 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\DarkParablesBriarRose_BFG [2012-06-11 19:31:50 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Deep Shadows [2010-12-11 10:59:40 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\DeepBurner [2012-04-01 12:51:53 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\DieselPuppet [2012-08-18 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\DominiGames [2012-09-25 00:27:36 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\dp3d [2011-05-29 17:38:40 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Dying for Daylight [2011-05-29 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Dying for Daylight Shared [2012-11-03 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Easeware [2011-04-03 06:30:34 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\EeeStorageUploader [2011-12-18 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\EleFun Games [2012-10-21 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Elephant Games [2011-01-08 18:26:53 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Enki Games [2011-01-24 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Enlightenus [2012-04-01 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\EntwinedSoD [2012-01-17 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\ERS G-Studio [2012-10-27 17:37:20 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\ERS Game Studios [2011-02-01 14:08:43 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\EscapeTheMuseum2 [2011-12-18 11:19:26 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\EurekaLog [2011-11-19 21:07:19 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Fanda Games [2011-01-24 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Finstere Liebschaft [2012-10-27 17:30:01 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\flashInstall [2010-10-20 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\fltk.org [2011-12-26 18:39:08 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\FlyWheelGames [2011-05-03 15:07:28 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Freeze Tag [2012-10-20 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Friday's games [2011-09-11 16:03:59 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Frogwares [2011-02-12 14:41:09 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Gadu-Gadu [2012-10-27 00:02:31 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Gadu-Gadu 10 [2011-11-05 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\GameHouse [2011-01-11 22:33:22 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\GameInvest [2012-10-28 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\GameMill Entertainment [2011-05-15 14:08:46 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Gamers Digital [2012-11-06 20:00:52 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\GanymedeNet [2011-01-10 18:06:40 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Gestalt Games [2011-03-13 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\GestaltGames [2011-05-24 19:17:56 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\GetRightToGo [2011-01-16 17:08:48 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Ghost Ship Studios [2012-01-15 21:25:59 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Gogii [2011-01-20 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\HdO Adventure [2012-02-22 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\HitPoint Studios [2011-12-04 18:10:11 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\IronCode [2011-11-13 17:59:48 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Jetdogs Studios [2011-01-12 19:19:03 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\JodieDrake [2011-12-04 18:40:42 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\kingdom [2010-10-10 13:14:50 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Leadertech [2012-10-21 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\LegacyInteractive [2011-01-11 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\LittleGamesCompany [2012-01-07 19:47:28 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\MagicIndie [2011-01-12 19:19:03 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\MagicMatch [2012-04-16 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\margrave3 [2011-04-03 18:02:26 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\margrave3_full [2010-12-30 20:22:36 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Marine Aquarium 3 [2011-11-13 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\MediaArt [2011-02-09 17:38:00 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Meridian93 [2011-10-23 05:58:14 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Merscom [2011-01-28 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\MinerWars [2011-05-22 16:55:57 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Monkey Barrel Games [2012-01-17 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\MumboJumbo [2011-02-13 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Mutant Arcade [2012-04-22 16:30:19 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\My Games [2011-01-12 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Mystery of Mortlake Mansion [2011-02-12 22:53:18 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Namco [2012-01-06 17:47:47 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Need for Speed World [2010-09-06 07:55:12 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\NevoSoft Games [2012-06-03 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Nokia [2012-05-27 22:00:02 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Nokia Suite [2012-03-02 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Orneon [2012-03-25 03:03:31 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\PC Suite [2012-02-07 17:44:56 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\PeaceCraft3 [2012-07-18 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Persha Studia [2011-03-21 15:56:28 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Phantasmat_bf_ce1 [2011-02-06 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\PlayFirst [2010-12-31 00:39:00 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Playrix Entertainment [2011-01-09 12:31:47 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\PoBros [2011-01-26 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Princess Isabella [2011-12-21 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\quickclick [2011-03-12 15:58:28 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\QuickZip [2011-11-13 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Red Dot [2011-12-04 01:30:03 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Samsung [2011-01-12 19:19:03 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Saqqarah [2012-01-26 20:19:40 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\ShamanGS [2011-12-18 16:10:27 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\ShaoLin [2012-10-14 04:25:16 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Shape games [2011-01-25 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\ShinyTales [2011-04-05 16:42:29 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Silverback Productions [2011-01-12 19:19:20 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Sleepwalker Games [2012-07-16 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\SMIGames [2012-11-03 00:36:30 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\SoftGrid Client [2011-05-15 13:03:55 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Sony [2012-10-20 23:15:33 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Specialbit [2011-01-12 19:19:03 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\StoneLoops! [2012-02-15 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\SulusGames [2012-03-25 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\tabagames [2011-02-19 22:53:58 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\TeamViewer [2011-04-03 06:33:08 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\temp [2012-04-01 14:01:09 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\TOMI3 [2012-10-27 17:08:15 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Top Evidence [2011-05-18 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Total Eclipse [2010-09-25 20:46:15 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\TP [2011-04-02 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\TuneUp Software [2011-03-08 17:00:01 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Ubisoft [2011-01-27 16:44:07 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Uniblue [2011-03-24 13:12:51 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Unity [2012-09-23 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\URSE Games [2012-11-18 08:21:34 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\uTorrent [2012-02-07 18:38:35 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Vast Studios [2011-08-28 19:53:02 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\VendelGAMES [2011-02-20 15:16:23 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Virtual Prophecy [2011-10-29 18:58:29 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Vogat Interactive [2011-04-10 12:16:46 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Vso [2012-02-17 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\wargaming.net [2011-02-03 22:41:26 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\Xilisoft [2011-12-02 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\agnieszka\AppData\Roaming\YoudaGames [2012-11-17 09:16:18 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\AIMP [2012-11-12 10:49:10 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\ArcaVirMicroScan [2012-11-11 22:21:43 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\Asus WebStorage [2012-11-17 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\DVDVideoSoft [2012-11-17 01:05:40 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\Gadu-Gadu 10 [2012-11-17 10:34:23 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\GanymedeNet [2012-11-17 19:55:49 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\PDFReaderPackages [2012-11-17 14:49:55 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\SoftGrid Client [2012-11-17 18:17:27 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\Sony [2012-11-17 19:59:57 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\SumatraPDF [2012-11-17 02:56:59 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\Thinstall [2012-11-17 09:10:58 | 000,000,000 | ---D | M] -- C:\Users\MICHAL\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:8E5EA40F @Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:9195103F @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:2D133896 @Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:CB0FEE2B @Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:B4258C5D @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AC6124CA @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:AA0017FD @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:700B9342 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4726B04C @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E6708F08 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:54380FEC @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4D551822 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:8029E75F @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:689AB7E9 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D53344E0 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:62AC0CCE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F610C203 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:B0456F0C @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E5B07840 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:9C3AAD57 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:87A3A233 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:65137F0D @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5B549BAC @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:474022C7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A4E7D25F @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:57B2B96C @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:26499772 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5C5A503E @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:AD2DB2F9 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E8C44CB4 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4C3D5A8B @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2652902F @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:F7C17616 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:95079543 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:28BEC2EC @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B9B3B2FE @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:774C075A @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:02CC0035 @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:3D36932D < End of report >