[code] OTS logfile created on: 2012-05-11 19:41:50 - Run 1 OTS by OldTimer - Version 3.1.47.2 Folder = C:\Users\Shiva\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 82,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 104,33 Gb Total Space | 16,89 Gb Free Space | 16,19% Space Free | Partition Type: NTFS Drive D: | 361,33 Gb Total Space | 305,34 Gb Free Space | 84,51% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 100,00 Mb Total Space | 37,88 Mb Free Space | 37,88% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: SHIVA-KOMPUTER Current User Name: Shiva Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Shiva\Downloads\OTS.exe -> [2012-05-11 19:30:43 | 000,646,656 | ---- | M] (OldTimer Tools) mounter.exe -> C:\Program Files (x86)\SpeedyDrive\mounter.exe -> [2012-02-11 22:52:00 | 000,014,848 | ---- | M] () atitray.exe -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe -> [2011-10-29 23:14:04 | 000,929,792 | ---- | M] (Ray Adams) devsvc.exe -> C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -> [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Modules - No Company Name] raphook.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\raphook.dll -> [2011-10-29 23:12:56 | 000,187,392 | ---- | M] () mg_intelcpu.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_intelcpu.dll -> [2008-04-11 18:33:18 | 000,020,480 | ---- | M] () mg_amdcore.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_amdcore.dll -> [2008-04-09 18:08:46 | 000,016,896 | ---- | M] () mg_cpuload.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_cpuload.dll -> [2007-09-14 17:35:34 | 000,020,480 | ---- | M] () support.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\support.dll -> [2007-03-07 14:26:34 | 000,077,824 | ---- | M] () kbdhook.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\kbdhook.dll -> [2007-03-07 14:25:26 | 000,024,576 | ---- | M] () mg_xvlt.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_xvlt.dll -> [2007-01-03 22:09:46 | 000,017,408 | ---- | M] () mg_hdddtemp.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_hdddtemp.dll -> [2006-12-26 19:53:28 | 000,019,456 | ---- | M] () mongraphsexample.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mongraphsexample.dll -> [2006-12-25 11:02:24 | 000,024,576 | ---- | M] () hddtemp.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\hddtemp.dll -> [2005-11-29 19:38:20 | 000,023,552 | ---- | M] () pciset.dll -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\pciset.dll -> [2005-11-29 19:34:38 | 000,028,672 | ---- | M] () [Win32 Services - Safe List] 64bit-(avast! Antivirus) [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011-11-28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) 64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2011-11-10 05:11:32 | 000,204,288 | ---- | M] (AMD) 64bit-(AMD FUEL Service) [Auto | Running] -> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -> [2011-11-09 23:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) 64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) 64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) (SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) (Hamachi2Svc) LogMeIn Hamachi Tunneling Engine [Auto | Running] -> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -> [2012-02-28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) (PnkBstrA) PnkBstrA [Auto | Stopped] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012-02-25 11:14:21 | 000,076,888 | ---- | M] () (Connectify) Connectify [Auto | Stopped] -> C:\Program Files (x86)\Connectify\ConnectifyService.exe -> [2012-02-25 01:16:40 | 000,069,632 | ---- | M] () (DokanMounter) DokanMounter [Auto | Running] -> C:\Program Files (x86)\SpeedyDrive\mounter.exe -> [2012-02-11 22:52:00 | 000,014,848 | ---- | M] () (TunngleService) TunngleService [On_Demand | Stopped] -> D:\Gry\Tunngle\TnglCtrl.exe -> [2012-02-09 12:59:48 | 000,735,080 | ---- | M] (Tunngle.net GmbH) (Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2011-10-23 20:18:09 | 000,419,624 | ---- | M] (Valve Corporation) (AODService) AODService [Disabled | Stopped] -> C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -> [2011-05-25 22:54:38 | 000,136,616 | ---- | M] () (npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2011-05-16 01:50:00 | 004,135,800 | ---- | M] (INCA Internet Co., Ltd.) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (BCUService) Browser Configuration Utility Service [Auto | Stopped] -> C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -> [2010-03-05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) (Apache2.2) Apache2.2 [Auto | Stopped] -> c:\xampp\apache\bin\apache.exe -> [2008-06-14 19:02:12 | 000,017,408 | ---- | M] (Apache Software Foundation) (MySql) MySql [Auto | Stopped] -> C:/xampp/mysql/bin/mysqld-nt.exe -> [2008-04-17 19:13:44 | 005,750,784 | ---- | M] () (FileZilla Server) FileZilla Server FTP server [On_Demand | Stopped] -> c:\xampp\FileZillaFTP\FileZillaServer.exe -> [2007-12-25 23:25:50 | 000,586,240 | ---- | M] (FileZilla Project) (XAMPP) XAMPP Service [Auto | Stopped] -> C:\xampp\service.exe -> [2007-12-21 04:01:02 | 000,060,928 | ---- | M] () (Capture Device Service) Capture Device Service [Auto | Running] -> C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -> [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Driver Services - Safe List] 64bit-(Dokan) Dokan [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\dokan.sys -> [2012-02-11 22:52:00 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) 64bit-(cnnctfy2) Connectify LightWeight Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\cnnctfy2.sys -> [2011-12-16 18:45:26 | 000,031,344 | ---- | M] (Connectify) 64bit-(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\sptd.sys -> [2011-12-01 19:03:37 | 000,526,392 | ---- | M] () 64bit-(aswSnx) aswSnx [File_System | System | Running] -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2011-11-28 19:54:06 | 000,591,192 | ---- | M] (AVAST Software) 64bit-(aswSP) aswSP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2011-11-28 19:53:58 | 000,304,472 | ---- | M] (AVAST Software) 64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2011-11-28 19:52:22 | 000,042,328 | ---- | M] (AVAST Software) 64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2011-11-28 19:52:20 | 000,058,712 | ---- | M] (AVAST Software) 64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011-11-28 19:52:11 | 000,066,904 | ---- | M] (AVAST Software) 64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2011-11-28 19:51:53 | 000,024,408 | ---- | M] (AVAST Software) 64bit-(ESLvnic1) ESLvnic Virtual Network 64 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ESLvnic.sys -> [2011-11-28 14:20:28 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) 64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2011-11-10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) 64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2011-11-10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) 64bit-(AtiHDAudioService) AMD Function Driver for HD Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtihdW76.sys -> [2011-10-17 19:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) 64bit-(AODDriver4.01) AODDriver4.01 [Kernel | Auto | Running] -> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -> [2011-06-24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) 64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) 64bit-(cpuz135) cpuz135 [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\cpuz135_x64.sys -> [2010-11-09 15:35:24 | 000,021,992 | ---- | M] (CPUID) 64bit-(nusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3xhc.sys -> [2010-04-27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) 64bit-(nusb3hub) Renesas Electronics USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3hub.sys -> [2010-04-27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) 64bit-(amdiox64) AMD IO Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\amdiox64.sys -> [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) 64bit-(tap0901t) TAP-Win32 Adapter V9 (Tunngle) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tap0901t.sys -> [2009-09-16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) 64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009-08-24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) 64bit-(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ASACPI.sys -> [2009-07-16 05:38:40 | 000,015,416 | ---- | M] () 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(RMCAST) Protokół niezawodnych multiemisji [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rmcast.sys -> [2009-07-14 02:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\hamachi.sys -> [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) 64bit-(VCSVADHWSer) Avnex Virtual Audio Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vcsvad.sys -> [2008-12-26 13:56:04 | 000,021,504 | ---- | M] (Avnex) 64bit-(athrusb) Atheros Wireless LAN USB device driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\athrxusb.sys -> [2007-08-17 16:15:22 | 001,061,888 | ---- | M] (Atheros Communications, Inc.) (speedfan) speedfan [Kernel | Boot | Running] -> C:\Windows\SysWOW64\speedfan.sys -> [2011-03-18 18:08:56 | 000,029,592 | ---- | M] (Almico Software) (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) (NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\npptNT2.sys -> [2005-01-03 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) (tvtool) tvtool [Kernel | System | Stopped] -> D:\TVTool\TVTOOL.SYS -> [1996-04-03 20:33:00 | 000,005,248 | ---- | M] () [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://home.sweetim.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyServer" -> 222.236.24.41:8080 -> < FireFox Settings [Prefs.js] > -> C:\Users\Shiva\AppData\Roaming\Mozilla\FireFox\Profiles\55dnj1xf.default\prefs.js -> browser.search.order.1 -> "" -> browser.startup.homepage -> "" -> browser.search.defaultenginename -> "Yahoo" -> browser.search.selectedEngine -> "Yahoo" -> keyword.URL -> "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" -> browser.search.param.yahoo-fr -> "chr-greentree_ff&ilc=12&type=937811" -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2012-01-15 22:23:12 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 8.0\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011-11-10 22:58:48 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> < FireFox Extensions [User Folders] > -> -> C:\Users\Shiva\AppData\Roaming\mozilla\Extensions -> [2011-11-10 22:59:17 | 000,000,000 | ---D | M] -> C:\Users\Shiva\AppData\Roaming\mozilla\Firefox\Profiles\55dnj1xf.default\extensions -> [2012-05-04 13:36:48 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\mozilla firefox\extensions -> [2012-05-11 10:31:19 | 000,000,000 | ---D | M] Skype Click to Call -> C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} -> [2012-05-11 10:31:20 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} -> [2012-01-09 16:03:07 | 000,000,000 | ---D | M] < HOSTS File > ([2012-05-11 18:08:26 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2011-11-28 20:01:12 | 000,963,064 | ---- | M] (AVAST Software) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2011-11-10 09:01:32 | 000,325,408 | ---- | M] (Sun Microsystems, Inc.) {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011-11-28 20:01:21 | 000,809,040 | ---- | M] (AVAST Software) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2012-01-17 11:43:46 | 003,855,520 | ---- | M] (Skype Technologies S.A.) {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} [HKLM] -> C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL [IplexToALLPlayer] -> [2011-02-09 20:29:08 | 000,400,384 | ---- | M] (ALLCinema Ltd.) < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2011-11-28 20:01:12 | 000,963,064 | ---- | M] (AVAST Software) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011-11-28 20:01:21 | 000,809,040 | ---- | M] (AVAST Software) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "BCU" -> C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe ["C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"] -> [2010-03-05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) "LogMeIn Hamachi Ui" -> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe ["C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start] -> [2012-02-28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) "StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2011-11-09 23:45:54 | 000,343,168 | ---- | M] (Advanced Micro Devices, Inc.) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ALLUpdate" -> C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe ["C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"] -> [2011-08-16 20:30:40 | 001,379,840 | ---- | M] () "AtiTrayTools" -> C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe ["C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe"] -> [2011-10-29 23:14:04 | 000,929,792 | ---- | M] (Ray Adams) "Clownfish" -> C:\Program Files (x86)\Clownfish\Clownfish.exe ["C:\Program Files (x86)\Clownfish\Clownfish.exe"] -> [2012-02-13 12:16:24 | 001,055,992 | ---- | M] () "Connectify" -> C:\Program Files (x86)\Connectify\Connectify.exe [C:\Program Files (x86)\Connectify\Connectify.exe] -> [2012-02-25 01:16:56 | 003,941,192 | ---- | M] (Connectify) "Facebook Update" -> C:\Users\Shiva\AppData\Local\Facebook\Update\FacebookUpdate.exe ["C:\Users\Shiva\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver] -> [2012-04-11 23:07:05 | 000,137,536 | ---- | M] (Facebook Inc.) "uTorrent" -> C:\Program Files (x86)\uTorrent\uTorrent.exe ["C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED] -> [2011-09-17 12:38:34 | 000,640,888 | ---- | M] (BitTorrent, Inc.) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableLUA" -> [0] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2012-03-22 21:12:12 | 004,435,968 | ---- | M] (Google Inc.) Search the Web -> [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2012-01-17 11:43:46 | 003,855,520 | ---- | M] (Skype Technologies S.A.) {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Click to Call] -> [2012-01-17 11:43:46 | 003,855,520 | ---- | M] (Skype Technologies S.A.) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Reg Error: Key error.] -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {19FB31A3-37BF-46CD-AD9F-B6F9938C20CD}\\DhcpNameServer -> 7.254.254.254 () -> {57C71094-18B4-4C0F-B5E0-B67EAC67EEFE}\\DhcpNameServer -> 82.143.159.7 82.143.143.5 82.143.174.70 (Realtek PCIe GBE Family Controller) -> {D8868C10-1619-484B-9CF8-850FECB04D5D}\\NameServer -> 192.168.2.1 (Atheros AR5007UG Wireless Network Adapter) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\explorer.exe -> [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009-07-14 03:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0B843297-E842-4A5F-AD0C-83098E629AD3} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {0C45F289-F255-4E92-B969-067ECE595A02} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {1FF65EAC-B0C7-42A3-9862-F1AD9C5DF567} -> lport=2987 | protocol=6 | dir=in | action=allow | name=connectify file sharing | app=c:\program files (x86)\connectify\connectify.exe | {3E4B2EFC-8FC3-422B-B878-7E4FA180DCFE} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {3F440CB8-042D-477D-B957-21B1154DE806} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {43146D48-8A90-4D4E-978B-A58B622DAABA} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {46C24871-8BC4-4909-B61E-C8AB1F302E7E} -> lport=808 | protocol=6 | dir=in | action=allow | name=@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2000 | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | svc=nettcpactivator | {502D16E2-D17E-43FB-BF7D-95E53C753CD2} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {5665D7B2-07D7-4255-A7EA-BAAC7698D14C} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {5D1AF100-EB9E-41AC-ADF0-97C918A28351} -> lport=4000 | profile=private | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | {65E171B7-845D-4F10-8B8F-05B91BF8DD23} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {6A1A480B-4F12-4364-9639-1F77B195706D} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {72D33B58-D86F-4A8C-BF06-E5DCD8D7E46C} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {7336B421-3A68-4F75-9CD8-9E26B9164EF1} -> lport=57347 | profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | {880706C7-7500-45BF-B9BA-EB1BAABAC52E} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {8968A1CC-28F4-4A43-BE28-50E174381405} -> lport=57347 | profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | {9D1C5926-7C1F-470A-BEAB-27661FA078F8} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {A7125B83-DC6A-4E0C-B198-E27B33695E5D} -> lport=57347 | profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | {BE3478C4-FDF5-4B7F-B6B7-AC6818E58D90} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {C0D28112-9BF4-4635-A880-DD1D909C4969} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {C7954ECF-ACFD-4EC1-A31F-7BB2DACA119D} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {C82B41BE-5309-4379-9272-B6DDD03BFE5C} -> lport=57347 | profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | {D3038247-B741-4EF0-A170-9809DBE05F21} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {DA40509C-803A-48B2-998A-C40095928A3F} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {DB36849C-63FB-4CD9-94B5-BE6CA0579236} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {DB6C3654-4FB4-4FC5-83D0-90EFB9330402} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {EFD38AF8-F16D-45DD-81A1-354A69A8C210} -> lport=4000 | profile=private | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | {F08E455F-3761-4891-B119-CFD0A959D785} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {F4B552B7-BFE3-4087-B872-B6966D65A375} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {F86655C7-5E4F-461E-8FA3-CB5C01A4628B} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {F93D7784-71B9-4416-AECD-F4E8B1A71B42} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {FF044287-7AC2-43EA-868F-DA8A1AF59E19} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0242DD99-A678-4159-B03F-E96457D625D8} -> profile=public | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | {067DF2B3-27AA-4054-8CC6-DD9EB3441C60} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | {06A995B2-E3C9-4893-AAD5-39A3FBF5CC1B} -> profile=public | protocol=6 | dir=in | action=block | name=deadisland | app=d:\gry\dead island\deadislandgame.exe | {08CBBF11-B833-48E8-B647-9DFCE0160C5B} -> profile=public | protocol=17 | dir=in | action=block | name=deadisland | app=d:\gry\dead island\deadislandgame.exe | {13AB0E73-DAE9-43BE-ADEA-BA151C7B9728} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | {1504D41D-6832-4C0A-AA46-0CB561284906} -> profile=public | protocol=17 | dir=in | action=block | name=blizzard launcher | app=d:\gry\starcraft ii\starcraft ii.exe | {1D55F596-5B3A-411C-A725-F677231E66E0} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {1F684091-1F31-4697-8DC0-485B751DA205} -> profile=public | protocol=6 | dir=in | action=allow | name=tunngle client | app=d:\gry\tunngle\tunngle.exe | {2B27583E-BB7E-42F6-8CD5-070CBF6A7C35} -> profile=public | protocol=17 | dir=in | action=allow | name=tunngle client | app=d:\gry\tunngle\tunngle.exe | {2BF2D692-495B-4D5E-BB9B-3394F9E10648} -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | {2E59FBE7-348C-4A99-8456-F8655FE18C1A} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | {3205CC0F-FDCA-42FE-955E-96078C9BF54A} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {325CBFC1-19A7-4B13-AA7D-27BA9E8EB4FA} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {34BCF254-2469-4B00-AC88-73ABEB99C3EA} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {37107E4D-04A3-4E60-8A9F-00F7FE938760} -> profile=public | protocol=17 | dir=in | action=allow | name=battlefield 3 | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | {387638F0-2BF3-4F81-91C0-185692393527} -> profile=public | protocol=6 | dir=in | action=block | name=blizzard downloader | app=d:\gry\starcraft ii\support\blizzarddownloader.exe | {4239AFEA-515E-43DC-8C86-678A2C9A5778} -> profile=public | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | {4555EA7F-F917-466D-928B-97E723179422} -> profile=public | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | {483A27DC-4D09-4C76-92D6-1915C7E0F58A} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {48601522-70F5-434A-922D-9C4833858FD3} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | {4C109B88-D0A1-4881-9DBB-28BA167B63E5} -> profile=public | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | {4D542529-7E80-4C3F-9AB4-736654777D98} -> profile=public | protocol=17 | dir=in | action=allow | name=opera internet browser | app=c:\program files (x86)\opera\opera.exe | {52E0C5C6-0289-48B3-8DEE-7DDEA5563EE1} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {54C36189-A52E-4660-BBD9-377FA62F06A5} -> profile=public | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | {5B0B5EE6-7ABD-49CC-A6BD-C1FD19822B92} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | {5EF3E917-A381-44D2-B9A6-5600BF1ADB46} -> profile=public | protocol=6 | dir=in | action=allow | name=battlefield 3 | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | {60DEAE60-7104-4A00-9CF0-AE299BD64AA3} -> profile=private | protocol=6 | dir=in | action=allow | name=dropbox | app=c:\users\shiva\appdata\roaming\dropbox\bin\dropbox.exe | {6187379C-C309-49F6-B680-6F5BCCC9B0B6} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {67B50130-37FA-4700-8E65-3F2FD4047493} -> dir=in | action=allow | name=facebook video calling plugin | app=c:\users\shiva\appdata\local\facebook\video\skype\facebookvideocalling.exe | {695A7494-5444-4643-B983-1E07B1CF2594} -> profile=public | protocol=17 | dir=in | action=allow | name=mass effect™ 3 | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | {695AF93B-E76E-43D8-8431-39D9225DC586} -> profile=public | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | {6C63C197-2051-442F-826E-C892E44318D7} -> profile=public | protocol=17 | dir=in | action=block | name=blizzard downloader | app=d:\gry\starcraft ii\support\blizzarddownloader.exe | {72F187C7-D71A-47A3-90A2-DAFEEB8D4380} -> profile=private | protocol=17 | dir=in | action=allow | name=tunngle service | app=d:\gry\tunngle\tnglctrl.exe | {75E7E9A1-E0E5-40A7-8B94-EAF1C7E68CEB} -> profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | {767F7DC4-D4F7-498A-9F0B-438FC025C0B7} -> profile=private | protocol=6 | dir=in | action=allow | name=tunngle client | app=d:\gry\tunngle\tunngle.exe | {7A8A1FFE-DC08-4F64-A4C1-95F2898DF53C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {7DE0A7D3-9360-45F6-A2E4-2284C27CB29A} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {8946D2C4-928D-459C-B74A-A545CDC88DAC} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {8E50085B-4CDA-493D-8171-86DF568EC89F} -> profile=public | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | {914EB9D5-6F05-4B63-BF93-0EBEE56101E8} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | {92F496D3-24FC-4322-8513-F0C05FF0B9C4} -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre6\bin\javaw.exe | {98A03BA9-15EB-4592-ABD9-82495B0B3538} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {99E4AF42-11D9-4B6D-B708-87F3DC1B4229} -> profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | {9EC6FAC3-3B13-4DD7-B5A0-193F66C27D05} -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre6\bin\javaw.exe | {9FF883EF-3ECE-4150-B3A5-801502038F1A} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {A5F81A39-B6FD-422B-9588-ED75F340F48D} -> profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | {A962C3E7-414C-44C9-9C80-2E23EECDF819} -> protocol=58 | dir=in | action=allow | name=@iphlpsvc.dll,-502 | app=system | {AA95C080-0549-4600-93F2-59758790252C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {B8940D5D-789E-4ABA-B454-F4D318320EA9} -> profile=public | protocol=6 | dir=in | action=block | name=blizzard launcher | app=d:\gry\starcraft ii\starcraft ii.exe | {BCEB1261-4F7D-4A2E-856F-452F6E02A1D6} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {BD257254-2FEC-4867-AA44-4AEE262B7967} -> profile=public | protocol=6 | dir=in | action=allow | name=tunngle service | app=d:\gry\tunngle\tnglctrl.exe | {C02B4336-8211-435E-99E4-51960427D1A0} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {C19CAEAD-77B3-4149-89EC-8614BC060B56} -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | {C4049CD2-DDBF-48A7-B92E-0F792AB3AC59} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {C747F023-3389-499C-A0B9-88B140E0321B} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | {CE2981B0-C999-48D3-9A7F-5352F2B01F6B} -> profile=public | protocol=6 | dir=in | action=allow | name=opera internet browser | app=c:\program files (x86)\opera\opera.exe | {D2470A0D-9DDB-44FC-8391-BA6A00289EC2} -> profile=public | protocol=6 | dir=in | action=allow | name=mass effect™ 3 | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | {D414EF3E-3EDD-44BF-9F01-7AE0FAAD58CD} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {D60F5052-E982-424D-93A8-8E71A2B1093F} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | {D670FEC7-7DEF-496F-8689-B54EAE6DB3F4} -> profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | {D8289623-31F6-4AF4-990E-30B69A86019A} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {DE336A6A-5021-4468-9F4E-CC8B6B907149} -> profile=private | protocol=17 | dir=in | action=allow | name=dropbox | app=c:\users\shiva\appdata\roaming\dropbox\bin\dropbox.exe | {DE9A6BC0-A38B-4EE5-B301-D518051D05A4} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {E458DCE7-3342-4EE1-9F32-743B0AAD10ED} -> profile=public | protocol=17 | dir=in | action=allow | name=dropbox | app=c:\users\shiva\appdata\roaming\dropbox\bin\dropbox.exe | {E5CA7C34-7BBB-4133-B1B8-CB0CEA9F86E4} -> profile=private | protocol=6 | dir=in | action=allow | name=tunngle service | app=d:\gry\tunngle\tnglctrl.exe | {E96A256A-E2F6-4BFE-A586-53C08C21F8A0} -> profile=public | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | {EC9E960A-346E-41F0-9F63-CA00E2C71A0A} -> protocol=58 | dir=out | action=allow | name=@iphlpsvc.dll,-503 | {ED177DEA-7B3C-4557-9129-CF603F6062C3} -> profile=public | protocol=6 | dir=in | action=allow | name=dropbox | app=c:\users\shiva\appdata\roaming\dropbox\bin\dropbox.exe | {F350F599-8193-470B-B4B3-8CDFB6C2B73B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {F53B4D35-AEA2-440C-BF4E-F5DFF9BA612A} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {F5670E28-9E27-406B-99EE-3F06F973937A} -> profile=public | protocol=17 | dir=in | action=allow | name=tunngle service | app=d:\gry\tunngle\tnglctrl.exe | {F7A4C419-FAF1-46CD-9418-28D5AD7D1CED} -> profile=private | protocol=17 | dir=in | action=allow | name=tunngle client | app=d:\gry\tunngle\tunngle.exe | {F7B6B812-6DDC-48AC-89EE-42F310FBE43A} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {FB935124-4214-4B77-95A1-DBA9A4A1AD09} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | {FC687E15-C910-42FE-9DAC-9168DD4BFB46} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | TCP Query User{038349DA-89E4-4210-93FE-D0C5760CCB29}D:\gry\starcraft ii\support\blizzarddownloader.exe -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=d:\gry\starcraft ii\support\blizzarddownloader.exe | TCP Query User{332658EB-E87D-46F7-B7D9-00136AAA29B6}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | TCP Query User{3AE38303-3071-42CD-B6AE-4D0951EBBF0A}C:\program files (x86)\gadu-gadu 10\gg.exe -> profile=public | protocol=6 | dir=in | action=allow | name=gadu-gadu 10 | app=c:\program files (x86)\gadu-gadu 10\gg.exe | TCP Query User{4D277EE0-F77E-460D-B2DE-4448EE796A26}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | TCP Query User{5C36A42C-5F8D-4D6B-8F3B-6AFF6EB00B18}C:\program files (x86)\gadu-gadu 10\gg.exe -> profile=private | protocol=6 | dir=in | action=allow | name=gadu-gadu 10 | app=c:\program files (x86)\gadu-gadu 10\gg.exe | TCP Query User{901405E7-FC86-4FDC-9B16-B2788930F72F}C:\program files\java\jre6\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre6\bin\javaw.exe | TCP Query User{97FC906B-158B-4815-AE55-1B18D454B161}D:\gry\dead island\deadislandgame.exe -> profile=private | protocol=6 | dir=in | action=allow | name=deadisland | app=d:\gry\dead island\deadislandgame.exe | TCP Query User{C5DC4B34-205F-4437-A6E4-95AEEE9FCD02}D:\gry\starcraft ii\starcraft ii.exe -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=d:\gry\starcraft ii\starcraft ii.exe | TCP Query User{E08223EE-20EA-4738-A541-7CDBCB0CC717}C:\windows\system32\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | TCP Query User{F19C637A-AED4-473F-85BF-1FC6E21FE70D}D:\gry\starcraft ii\versions\base19679\sc2.exe -> profile=private | protocol=6 | dir=in | action=block | name=starcraft ii | app=d:\gry\starcraft ii\versions\base19679\sc2.exe | UDP Query User{19369154-D00D-45CB-BC9F-B593187D6588}D:\gry\starcraft ii\starcraft ii.exe -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=d:\gry\starcraft ii\starcraft ii.exe | UDP Query User{1938D6A3-9181-4D38-8581-D47C100B3641}D:\gry\dead island\deadislandgame.exe -> profile=private | protocol=17 | dir=in | action=allow | name=deadisland | app=d:\gry\dead island\deadislandgame.exe | UDP Query User{29444437-E7F4-4949-9C8D-D94C8B44AA15}D:\gry\starcraft ii\support\blizzarddownloader.exe -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=d:\gry\starcraft ii\support\blizzarddownloader.exe | UDP Query User{37C2AFF4-FBF2-4550-AF95-041582E8A8C2}C:\program files (x86)\gadu-gadu 10\gg.exe -> profile=public | protocol=17 | dir=in | action=allow | name=gadu-gadu 10 | app=c:\program files (x86)\gadu-gadu 10\gg.exe | UDP Query User{4293D9FA-9574-4E75-A1C7-F18492561D3C}C:\windows\system32\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | UDP Query User{71EBD939-2760-4390-8594-D11565DC30ED}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | UDP Query User{79F87632-44D9-4D53-B6DC-545C48224C0C}D:\gry\starcraft ii\versions\base19679\sc2.exe -> profile=private | protocol=17 | dir=in | action=block | name=starcraft ii | app=d:\gry\starcraft ii\versions\base19679\sc2.exe | UDP Query User{D30ABCB3-A12F-4093-95C8-50CCA74307C0}C:\program files\java\jre6\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre6\bin\javaw.exe | UDP Query User{E09FA519-FD62-4929-B050-EF189C4FF6F1}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | UDP Query User{F1B1FB94-20A5-40EA-9438-B436F2D5D4D2}C:\program files (x86)\gadu-gadu 10\gg.exe -> profile=private | protocol=17 | dir=in | action=allow | name=gadu-gadu 10 | app=c:\program files (x86)\gadu-gadu 10\gg.exe | < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Sterownik stacji dysków CD-ROM -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* 64bit-exefile [open] -> "%1" %* comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < 64bit-ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> Reg Error: Value error. [(default): Java (Sun); IsInstalled: 1] -> File not found {22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKLM] -> C:\Windows\SysNative\wmpdxm.dll [(default): Microsoft Windows Media Player 12.0; IsInstalled: 1] -> [2009-07-14 03:41:57 | 000,358,400 | ---- | M] (Microsoft Corporation) {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> {3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [(default): Microsoft Windows; IsInstalled: 1] -> {44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found {45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found {4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.6; IsInstalled: 1] -> File not found {5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found {630b1da0-b465-11d1-9948-00c04f98bbc9} [KeyFileName] -> Reg Error: Value error. [(default): Browsing Enhancements; IsInstalled: 1] -> File not found {6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [(default): Microsoft Windows Media Player; IsInstalled: 1] -> {6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found {7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(default): Address Book 7; IsInstalled: 1] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] -> {89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\Windows\System32\ie4uinit.exe -BaseSettings [(default): Web Platform Customizations; IsInstalled: 1] -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> {9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found {C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found {de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found {E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 1] -> File not found {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found {FEBEF00C-046D-438D-8A88-BF94A6C9E703} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] -> >{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\Windows\System32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> < ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Program Files (x86)\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2011-11-10 08:52:06 | 000,278,528 | ---- | M] (Sun Microsystems, Inc.) {22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKLM] -> C:\Windows\SysWOW64\wmpdxm.dll [(default): Microsoft Windows Media Player 12.0; IsInstalled: 1] -> [2009-07-14 03:16:19 | 000,299,520 | ---- | M] (Microsoft Corporation) {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> {3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [(default): Microsoft Windows; IsInstalled: 1] -> {44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found {45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found {4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.6; IsInstalled: 1] -> File not found {5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found {630b1da0-b465-11d1-9948-00c04f98bbc9} [KeyFileName] -> C:\Windows\SysWOW64\msieftp.dll [(default): Browsing Enhancements; IsInstalled: 1] -> [2009-07-14 03:15:44 | 000,301,568 | ---- | M] (Microsoft Corporation) {6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [(default): Microsoft Windows Media Player; IsInstalled: 1] -> {6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found {7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(default): Address Book 7; IsInstalled: 1] -> File not found {7C028AF8-F614-47B3-82DA-BA94E41B1089} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] -> {89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings [(default): Web Platform Customizations; IsInstalled: 1] -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> {9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found {C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10w.ocx [(default): Macromedia Shockwave Flash; IsInstalled: 01 00 00 00 [binary data]] -> [2011-09-17 23:56:33 | 006,384,288 | R--- | M] (Adobe Systems, Inc.) {de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found {E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 1] -> File not found {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] -> >{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> < ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysWOW64\wmp.dll [HKLM: Windows Media Player] -> [2009-07-14 03:16:19 | 011,406,336 | ---- | M] (Microsoft Corporation) {89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found >{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found >{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found < 64bit-App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe [C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe] -> [2010-09-23 04:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) AvastUI.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe [C:\Program Files\AVAST Software\Avast\AvastUI.exe] -> [2011-11-28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) ccleaner.exe -> C:\Program Files\CCleaner\CCleaner64.exe [C:\Program Files\CCleaner\CCleaner64.exe] -> [2011-10-21 20:30:08 | 004,499,264 | ---- | M] (Piriform Ltd) chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] -> [2012-04-28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.) cmmgr32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found combofix.exe -> C:\Users\Shiva\Desktop\ComboFix.exe [C:\Users\Shiva\Desktop\ComboFix.exe] -> [2012-05-11 17:59:54 | 004,490,099 | R--- | M] (Swearware) defraggler.exe -> C:\Program Files\Defraggler\Defraggler64.exe [C:\Program Files\Defraggler\Defraggler64.exe] -> [2011-11-08 11:12:20 | 004,081,472 | ---- | M] (Piriform Ltd) dvdmaker.exe -> C:\Program Files\DVD Maker\DVDMaker.exe [%ProgramFiles%\DVD Maker\dvdmaker.exe] -> [2009-07-14 03:39:08 | 002,258,432 | ---- | M] (Microsoft Corporation) eagle.exe -> C:\Program Files (x86)\EAGLE-6.1.0\bin\eagle.exe [C:\Program Files (x86)\EAGLE-6.1.0\bin\eagle.exe] -> [2012-01-12 17:17:48 | 012,423,168 | ---- | M] () Escndv.exe -> C:\Windows\twain_32\escndv\escndv.exe [C:\Windows\twain_32\escndv\Escndv.exe] -> [2009-01-10 00:00:00 | 000,155,648 | ---- | M] (SEIKO EPSON CORP.) firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] -> [2011-11-05 09:31:55 | 000,924,632 | ---- | M] (Mozilla Corporation) FL.exe -> C:\Program Files (x86)\Image-Line\FL Studio 10\FL.exe [C:\Program Files (x86)\Image-Line\FL Studio 10\FL.exe] -> [2011-01-18 13:09:26 | 000,369,664 | ---- | M] (Image-Line) gimp-2.6.exe -> C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe [C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe] -> [2010-10-04 23:51:02 | 005,352,962 | ---- | M] () GOM.exe -> C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe [C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe] -> [2010-11-11 04:37:16 | 003,548,392 | ---- | M] (Gretech Corp.) install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found javaws.exe -> C:\Windows\SysNative\javaws.exe [C:\Windows\system32\javaws.exe] -> [2011-11-20 15:20:26 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) Journal.exe -> C:\Program Files\Windows Journal\Journal.exe [%ProgramFiles%\Windows Journal\Journal.exe] -> [2009-07-14 03:39:14 | 002,164,224 | ---- | M] (Microsoft Corporation) mpc-hc.exe -> C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe ["C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe"] -> [2011-11-23 20:00:00 | 005,529,088 | ---- | M] (MPC-HC Team) mplayer2.exe -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe [%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe] -> [2009-07-14 03:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found pbrush.exe -> C:\Windows\SysNative\mspaint.exe [%SystemRoot%\System32\mspaint.exe] -> [2009-07-14 03:39:24 | 006,676,480 | ---- | M] (Microsoft Corporation) PowerShell.exe -> C:\Windows\SysNative\WindowsPowerShell\v1.0\powershell.exe [%SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe] -> [2009-07-14 03:39:20 | 000,473,600 | ---- | M] (Microsoft Corporation) setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found SnippingTool.exe -> C:\Windows\SysNative\SnippingTool.exe [%SystemRoot%\system32\SnippingTool.exe] -> [2009-07-14 03:39:41 | 000,431,104 | ---- | M] (Microsoft Corporation) Speccy.exe -> C:\Program Files\Speccy\Speccy64.exe [C:\Program Files\Speccy\Speccy64.exe] -> [2011-11-21 21:43:32 | 007,627,072 | ---- | M] (Piriform Ltd) table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found wab.exe -> C:\Program Files\Windows Mail\wab.exe [%ProgramFiles%\Windows Mail\wab.exe] -> [2009-07-14 03:39:50 | 000,516,608 | ---- | M] (Microsoft Corporation) wabmig.exe -> C:\Program Files\Windows Mail\wabmig.exe [%ProgramFiles%\Windows Mail\wabmig.exe] -> [2009-07-14 03:39:50 | 000,067,584 | ---- | M] (Microsoft Corporation) WinRAR.exe -> C:\Program Files\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [2011-06-01 01:00:04 | 001,169,920 | ---- | M] (Alexander Roshal) Winword.exe -> C:\PROGRA~2\MICROS~3\Office12\WINWORD.EXE [C:\PROGRA~2\MICROS~3\Office12\WINWORD.EXE] -> [2006-10-27 15:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) wmplayer.exe -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe [%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe] -> [2009-07-14 03:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) WORDPAD.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2009-07-14 03:39:57 | 004,580,352 | ---- | M] (Microsoft Corporation) WRITE.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2009-07-14 03:39:57 | 004,580,352 | ---- | M] (Microsoft Corporation) < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe [C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe] -> [2010-09-23 04:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) AvastUI.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe [C:\Program Files\AVAST Software\Avast\AvastUI.exe] -> [2011-11-28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) ccleaner.exe -> C:\Program Files\CCleaner\CCleaner64.exe [C:\Program Files\CCleaner\CCleaner64.exe] -> [2011-10-21 20:30:08 | 004,499,264 | ---- | M] (Piriform Ltd) chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] -> [2012-04-28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.) cmmgr32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found combofix.exe -> C:\Users\Shiva\Desktop\ComboFix.exe [C:\Users\Shiva\Desktop\ComboFix.exe] -> [2012-05-11 17:59:54 | 004,490,099 | R--- | M] (Swearware) defraggler.exe -> C:\Program Files\Defraggler\Defraggler64.exe [C:\Program Files\Defraggler\Defraggler64.exe] -> [2011-11-08 11:12:20 | 004,081,472 | ---- | M] (Piriform Ltd) dvdmaker.exe -> [%ProgramFiles%\DVD Maker\dvdmaker.exe] -> File not found eagle.exe -> C:\Program Files (x86)\EAGLE-6.1.0\bin\eagle.exe [C:\Program Files (x86)\EAGLE-6.1.0\bin\eagle.exe] -> [2012-01-12 17:17:48 | 012,423,168 | ---- | M] () Escndv.exe -> C:\Windows\twain_32\escndv\escndv.exe [C:\Windows\twain_32\escndv\Escndv.exe] -> [2009-01-10 00:00:00 | 000,155,648 | ---- | M] (SEIKO EPSON CORP.) firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] -> [2011-11-05 09:31:55 | 000,924,632 | ---- | M] (Mozilla Corporation) FL.exe -> C:\Program Files (x86)\Image-Line\FL Studio 10\FL.exe [C:\Program Files (x86)\Image-Line\FL Studio 10\FL.exe] -> [2011-01-18 13:09:26 | 000,369,664 | ---- | M] (Image-Line) gimp-2.6.exe -> C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe [C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe] -> [2010-10-04 23:51:02 | 005,352,962 | ---- | M] () GOM.exe -> C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe [C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe] -> [2010-11-11 04:37:16 | 003,548,392 | ---- | M] (Gretech Corp.) install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found javaws.exe -> C:\Windows\SysWOW64\javaws.exe [C:\Windows\system32\javaws.exe] -> [2011-11-10 06:54:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) Journal.exe -> [%ProgramFiles%\Windows Journal\Journal.exe] -> File not found mpc-hc.exe -> C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe ["C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe"] -> [2011-11-23 20:00:00 | 005,529,088 | ---- | M] (MPC-HC Team) mplayer2.exe -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe [%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe] -> [2009-07-14 03:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found pbrush.exe -> C:\Windows\SysWOW64\mspaint.exe [%SystemRoot%\System32\mspaint.exe] -> [2009-07-14 03:14:26 | 006,376,960 | ---- | M] (Microsoft Corporation) PowerShell.exe -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [%SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe] -> [2009-07-14 03:14:24 | 000,452,608 | ---- | M] (Microsoft Corporation) setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found sidebar.exe -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe ["%ProgramFiles%\Windows Sidebar\sidebar.exe"] -> [2009-07-14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) SnippingTool.exe -> [%SystemRoot%\system32\SnippingTool.exe] -> File not found Speccy.exe -> C:\Program Files\Speccy\Speccy64.exe [C:\Program Files\Speccy\Speccy64.exe] -> [2011-11-21 21:43:32 | 007,627,072 | ---- | M] (Piriform Ltd) table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found TabTip.exe -> [%CommonProgramFiles%\microsoft shared\ink\TabTip.exe] -> File not found wab.exe -> C:\Program Files (x86)\Windows Mail\wab.exe [%ProgramFiles%\Windows Mail\wab.exe] -> [2009-07-14 03:14:44 | 000,516,096 | ---- | M] (Microsoft Corporation) wabmig.exe -> C:\Program Files (x86)\Windows Mail\wabmig.exe [%ProgramFiles%\Windows Mail\wabmig.exe] -> [2009-07-14 03:14:44 | 000,065,536 | ---- | M] (Microsoft Corporation) WinRAR.exe -> C:\Program Files\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [2011-06-01 01:00:04 | 001,169,920 | ---- | M] (Alexander Roshal) Winword.exe -> C:\PROGRA~2\MICROS~3\Office12\WINWORD.EXE [C:\PROGRA~2\MICROS~3\Office12\WINWORD.EXE] -> [2006-10-27 15:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) wmplayer.exe -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe [%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe] -> [2009-07-14 03:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) WORDPAD.EXE -> C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2009-07-14 03:14:49 | 004,243,968 | ---- | M] (Microsoft Corporation) WRITE.EXE -> C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2009-07-14 03:14:49 | 004,243,968 | ---- | M] (Microsoft Corporation) < 64bit-Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{00C6D95F-329C-409a-81D7-C46C66EA7F33}" [HKLM] -> C:\Windows\SysNative\shdocvw.dll [] -> [2009-07-14 03:41:54 | 000,196,096 | ---- | M] (Microsoft Corporation) "{4380C993-0C43-4E02-9A7A-0D40B6EA7590}" [HKLM] -> C:\Program Files\Defraggler\DefragglerShell64.dll [DefragglerShellExtension] -> [2011-11-08 11:12:24 | 000,121,152 | ---- | M] (Piriform Ltd) "{472083B0-C522-11CF-8763-00608CC02F24}" [HKLM] -> C:\Program Files\AVAST Software\Avast\ashShA64.dll [avast] -> [2011-11-28 20:01:11 | 000,134,384 | ---- | M] (AVAST Software) "{5E2121EE-0300-11D4-8D3B-444553540000}" [HKLM] -> Reg Error: Key error. [Catalyst Context Menu extension] -> File not found "{80009818-f38f-4af1-87b5-eadab9433e58}" [HKLM] -> C:\Windows\SysNative\mf.dll [MF ADTS Property Handler] -> [2010-05-23 10:35:41 | 004,068,864 | ---- | M] (Microsoft Corporation) "{872A9397-E0D6-4e28-B64D-52B8D0A7EA35}" [HKLM] -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Display CPL Extension] -> [2011-11-09 23:06:24 | 000,571,392 | ---- | M] (Advanced Micro Devices, Inc.) "{B41DB860-64E4-11D2-9906-E49FADC173CA}" [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [2011-05-31 23:37:06 | 000,164,864 | ---- | M] (Alexander Roshal) "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] -> Reg Error: Key error. [WinRAR shell extension] -> File not found "{B575C697-9107-437A-ABEF-74C291FBF0BF}" [HKLM] -> C:\Program Files (x86)\SpeedyDrive\menu64.dll [Speedy Drive Shell Extension] -> [2012-04-04 20:36:38 | 000,228,352 | ---- | M] (Duc Le) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{472083B0-C522-11CF-8763-00608CC02F24}" [HKLM] -> C:\Program Files\AVAST Software\Avast\ashShell.dll [avast] -> [2011-11-28 20:01:17 | 000,122,512 | ---- | M] (AVAST Software) "{5E2121EE-0300-11D4-8D3B-444553540000}" [HKLM] -> Reg Error: Key error. [Catalyst Context Menu extension] -> File not found "{80009818-f38f-4af1-87b5-eadab9433e58}" [HKLM] -> C:\Windows\SysWOW64\mf.dll [MF ADTS Property Handler] -> [2010-05-23 12:11:48 | 003,181,568 | ---- | M] (Microsoft Corporation) "{B575C697-9107-437A-ABEF-74C291FBF0BF}" [HKLM] -> C:\Program Files (x86)\SpeedyDrive\menu32.dll [Speedy Drive Shell Extension] -> [2012-04-04 20:36:30 | 000,064,512 | ---- | M] (Duc Le) < 64bit-Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk -> -> File not found C:^Users^Shiva^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk -> -> File not found < 64bit-Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> Adobe ARM hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2010-09-20 23:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2010-09-23 04:47:04 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) amd_dc_opt hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe -> [2008-07-22 14:53:10 | 000,077,824 | ---- | M] (AMD) ATICustomerCare hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> -> File not found AutoEJCD_0ACE20FF hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE -> [2011-12-16 18:45:52 | 000,040,960 | ---- | M] () avast hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\AVAST Software\Avast\avastUI.exe -> [2011-11-28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) BCU hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe -> [2010-03-05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) Connectify hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Connectify\Connectify.exe -> [2012-02-25 01:16:56 | 003,941,192 | ---- | M] (Connectify) DAEMON Tools Lite hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found DAEMON Tools Pro Agent hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found EADM hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Origin\Origin.exe -> [2012-03-29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) EPSON SX125 Series hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIGGE.EXE -> [2009-09-14 07:00:00 | 000,224,768 | ---- | M] (SEIKO EPSON CORPORATION) Facebook Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Users\Shiva\AppData\Local\Facebook\Update\FacebookUpdate.exe -> [2012-04-11 23:07:05 | 000,137,536 | ---- | M] (Facebook Inc.) Gadu-Gadu 10 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Gadu-Gadu 10\gg.exe -> [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found LogMeIn Hamachi Ui hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe -> [2012-02-28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) NUSB3MON hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe -> [2010-04-27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) RtHDVCpl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -> [2010-07-06 12:31:18 | 011,057,768 | ---- | M] (Realtek Semiconductor) Sidebar hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Sidebar\sidebar.exe -> [2009-07-14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation) Skype hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Skype\Phone\Skype.exe -> [2012-02-29 08:55:08 | 017,148,552 | R--- | M] (Skype Technologies S.A.) StartCCC hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [2011-11-09 23:45:54 | 000,343,168 | ---- | M] (Advanced Micro Devices, Inc.) Steam hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Steam\steam.exe -> [2011-09-23 21:56:35 | 001,242,448 | ---- | M] (Valve Corporation) SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe -> [2011-06-09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) SweetIM hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> -> File not found uTorrent hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\uTorrent\uTorrent.exe -> [2011-09-17 12:38:34 | 000,640,888 | ---- | M] (BitTorrent, Inc.) UVS11 Preload hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> -> File not found < 64bit-Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> "startup" -> 1 -> < 64bit-Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.l3acm" -> C:\Windows\SysNative\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2009-07-14 03:38:53 | 000,081,408 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "VIDC.FPS1" -> C:\Windows\SysNative\frapsv64.dll [frapsv64.dll] -> [2009-11-21 11:30:04 | 000,084,992 | ---- | M] (Beepa P/L) < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.ac3acm" -> C:\Windows\SysWow64\ac3acm.acm [ac3acm.acm] -> [2011-07-16 17:17:06 | 000,151,552 | ---- | M] (fccHandler) "msacm.divxa32" -> C:\Windows\SysWow64\msaud32_divx.acm [msaud32_divx.acm] -> [2003-02-03 08:01:02 | 000,186,368 | ---- | M] (Microsoft Corporation) "msacm.l3acm" -> C:\Windows\SysWOW64\l3codeca.acm [C:\Windows\SysWOW64\l3codeca.acm] -> [2009-07-14 03:14:10 | 000,064,000 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "msacm.l3fhg" -> C:\Windows\SysWow64\mp3fhg.acm [mp3fhg.acm] -> [2006-10-18 21:05:16 | 000,232,448 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "msacm.vorbis" -> C:\Windows\SysWow64\vorbis.acm [vorbis.acm] -> [2009-09-15 11:14:18 | 001,554,944 | ---- | M] (HMS http://hp.vector.co.jp/authors/VA012897/) "vidc.cvid" -> C:\Windows\SysWow64\iccvid.dll [iccvid.dll] -> [2009-07-14 03:15:26 | 000,082,944 | ---- | M] (Radius Inc.) "VIDC.FFDS" -> C:\Windows\SysWow64\ff_vfw.dll [ff_vfw.dll] -> [2011-11-23 20:00:00 | 000,074,752 | ---- | M] () "VIDC.FPS1" -> C:\Windows\SysWow64\frapsvid.dll [frapsvid.dll] -> [2009-11-21 11:30:06 | 000,086,016 | ---- | M] (Beepa P/L) "VIDC.XVID" -> C:\Windows\SysWow64\xvidvfw.dll [xvidvfw.dll] -> [2011-06-24 17:44:30 | 000,243,200 | ---- | M] () "VIDC.YV12" -> C:\Windows\SysWow64\xvidvfw.dll [xvidvfw.dll] -> [2011-06-24 17:44:30 | 000,243,200 | ---- | M] () < 64bit-Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {19916E01-B44E-4E31-94A4-4696DF46157B} [HKLM] -> C:\Windows\SysNative\icardie.dll [InformationCardSigninHelper Class] -> [2009-07-14 03:41:05 | 000,084,480 | ---- | M] (Microsoft Corporation) {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysNative\mshtmled.dll [HtmlDlgSafeHelper Class] -> [2009-07-14 03:41:28 | 000,097,280 | ---- | M] (Microsoft Corporation) {333C7BC4-460F-11D0-BC04-0080C7055A83} [HKLM] -> C:\Windows\SysNative\tdc.ocx [Tabular Data Control] -> [2009-07-14 03:38:53 | 000,078,336 | ---- | M] (Microsoft Corporation) {3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6} [HKLM] -> C:\Windows\SysNative\oleprn.dll [oleprn Class] -> [2009-07-14 03:41:53 | 000,129,536 | ---- | M] (Microsoft Corporation) {4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {435899C9-44AB-11D1-AF00-080036234103} [HKLM] -> C:\Windows\SysNative\oleprn.dll [DSPrintQueue Class] -> [2009-07-14 03:41:53 | 000,129,536 | ---- | M] (Microsoft Corporation) {4F664F91-FF01-11D0-8AED-00C04FD7B597} [HKLM] -> C:\Windows\SysNative\oleprn.dll [OleSNMP Class] -> [2009-07-14 03:41:53 | 000,129,536 | ---- | M] (Microsoft Corporation) {5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2011-11-20 15:20:28 | 000,126,240 | ---- | M] (Sun Microsystems, Inc.) {65303443-AD66-11D1-9D65-00C04FC30DF6} [HKLM] -> C:\Windows\SysNative\oleprn.dll [OleCvt Class] -> [2009-07-14 03:41:53 | 000,129,536 | ---- | M] (Microsoft Corporation) {6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysNative\wmp.dll [Windows Media Player] -> [2009-07-14 03:41:57 | 014,628,352 | ---- | M] (Microsoft Corporation) {760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\Windows\SysNative\msnetobj.dll [Windows Media Services DRM Storage object] -> [2009-07-14 03:41:30 | 000,325,632 | ---- | M] (Microsoft Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {884e2049-217d-11da-b2a4-000e7bbb2b09} [HKLM] -> C:\Windows\SysNative\CertEnrollCtrl.exe [X509 Enrollment WebClassFactory] -> [2009-07-14 03:38:58 | 000,070,144 | ---- | M] (Microsoft Corporation) {884e2051-217d-11da-b2a4-000e7bbb2b09} [HKLM] -> C:\Windows\SysNative\CertEnroll.dll [X509 Machine Enrollment Factory] -> [2009-07-14 03:40:14 | 001,975,296 | ---- | M] (Microsoft Corporation) {88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_29] -> [2011-11-20 15:20:27 | 000,112,928 | ---- | M] () {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKCU] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {8E4062D9-FE1B-4b9e-AA16-5E8EEF68F48E} [HKLM] -> C:\Windows\SysNative\RegCtrl.dll [Registration Control] -> [2009-07-14 03:41:53 | 000,049,152 | ---- | M] (Microsoft Corporation) {92337A8C-E11D-11D0-BE48-00C04FC30DF6} [HKLM] -> C:\Windows\SysNative\oleprn.dll [prturl Class] -> [2009-07-14 03:41:53 | 000,129,536 | ---- | M] (Microsoft Corporation) {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [HKLM] -> C:\Windows\SysNative\msnetobj.dll [RMGetLicense Class] -> [2009-07-14 03:41:30 | 000,325,632 | ---- | M] (Microsoft Corporation) {C3701884-B39B-11D1-9D68-00C04FC30DF6} [HKLM] -> C:\Windows\SysNative\oleprn.dll [OleInstall Class] -> [2009-07-14 03:41:53 | 000,129,536 | ---- | M] (Microsoft Corporation) {CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_29] -> [2011-11-20 15:20:27 | 000,112,928 | ---- | M] () {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [HKCU] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_29] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_29] -> [2011-11-20 15:20:27 | 000,112,928 | ---- | M] () {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB} [HKCU] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_29] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_29] -> [2011-11-20 15:20:27 | 000,112,928 | ---- | M] () {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} [HKCU] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_29] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\Windows\SysNative\deployJava1.dll [Deployment Toolkit] -> [2011-11-20 15:20:26 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) {CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\Windows\SysNative\deployJava1.dll [Deployment Toolkit] -> [2011-11-20 15:20:26 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {EE09B103-97E0-11CF-978F-00A02463E06F} [HKLM] -> C:\Windows\SysNative\scrrun.dll [Scripting.Dictionary] -> [2009-07-14 03:41:53 | 000,202,752 | ---- | M] (Microsoft Corporation) < Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\PROGRA~2\MICROS~3\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2006-10-26 20:12:52 | 000,173,328 | ---- | M] () {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {19916E01-B44E-4E31-94A4-4696DF46157B} [HKLM] -> C:\Windows\SysWOW64\icardie.dll [InformationCardSigninHelper Class] -> [2009-07-14 03:15:26 | 000,061,952 | ---- | M] (Microsoft Corporation) {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysWOW64\mshtmled.dll [HtmlDlgSafeHelper Class] -> [2009-07-14 03:15:44 | 000,067,072 | ---- | M] (Microsoft Corporation) {31261F21-2B16-45EE-BEAB-07C4CFA18B65} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {31261F21-2B16-45EE-BEAB-07C4CFA18B65} [HKCU] -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [PandoWebPlugin Control Class] -> [2012-03-27 15:09:15 | 000,253,008 | ---- | M] (Pando Networks) {333C7BC4-460F-11D0-BC04-0080C7055A83} [HKLM] -> C:\Windows\SysWOW64\tdc.ocx [Tabular Data Control] -> [2009-07-14 03:14:10 | 000,066,560 | ---- | M] (Microsoft Corporation) {3760D689-C63B-4422-9A1D-31CA856CD5C1} [HKLM] -> C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.4.dll [GGClass Class] -> [2011-07-04 19:45:30 | 000,406,112 | ---- | M] (GG Network S.A.) {3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6} [HKLM] -> C:\Windows\SysWOW64\oleprn.dll [oleprn Class] -> [2009-07-14 03:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {435899C9-44AB-11D1-AF00-080036234103} [HKLM] -> C:\Windows\SysWOW64\oleprn.dll [DSPrintQueue Class] -> [2009-07-14 03:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {4F664F91-FF01-11D0-8AED-00C04FD7B597} [HKLM] -> C:\Windows\SysWOW64\oleprn.dll [OleSNMP Class] -> [2009-07-14 03:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2011-11-10 06:54:18 | 000,112,416 | ---- | M] (Sun Microsystems, Inc.) {65303443-AD66-11D1-9D65-00C04FC30DF6} [HKLM] -> C:\Windows\SysWOW64\oleprn.dll [OleCvt Class] -> [2009-07-14 03:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysWOW64\wmp.dll [Windows Media Player] -> [2009-07-14 03:16:19 | 011,406,336 | ---- | M] (Microsoft Corporation) {760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\Windows\SysWOW64\msnetobj.dll [Windows Media Services DRM Storage object] -> [2009-07-14 03:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2011-11-10 09:01:32 | 000,325,408 | ---- | M] (Sun Microsystems, Inc.) {7AEFE841-DCA1-4A95-80CB-BE935D016800} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7AEFE841-DCA1-4A95-80CB-BE935D017400} [HKLM] -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\ESNLaunchAx.ocx [ESNLaunchAx Control] -> [2012-02-13 14:54:04 | 007,002,040 | ---- | M] (ESN AB) {7AEFE841-DCA1-4A95-80CB-BE935D017600} [HKLM] -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\ESNLaunchAx.ocx [ESNLaunchAx Control] -> [2012-03-20 13:18:24 | 007,002,040 | ---- | M] (ESN AB) {884e2049-217d-11da-b2a4-000e7bbb2b09} [HKLM] -> C:\Windows\SysWOW64\CertEnrollCtrl.exe [X509 Enrollment WebClassFactory] -> [2009-07-14 03:14:13 | 000,067,072 | ---- | M] (Microsoft Corporation) {884e2051-217d-11da-b2a4-000e7bbb2b09} [HKLM] -> C:\Windows\SysWOW64\CertEnroll.dll [X509 Machine Enrollment Factory] -> [2009-07-14 03:15:01 | 001,320,960 | ---- | M] (Microsoft Corporation) {88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKCU] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {8E4062D9-FE1B-4b9e-AA16-5E8EEF68F48E} [HKLM] -> C:\Windows\SysWOW64\RegCtrl.dll [Registration Control] -> [2009-07-14 03:16:13 | 000,041,472 | ---- | M] (Microsoft Corporation) {92337A8C-E11D-11D0-BE48-00C04FC30DF6} [HKLM] -> C:\Windows\SysWOW64\oleprn.dll [prturl Class] -> [2009-07-14 03:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [HKLM] -> C:\Windows\SysWOW64\msnetobj.dll [RMGetLicense Class] -> [2009-07-14 03:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation) {C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} [HKLM] -> C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [Google Update Plugin] -> [2012-03-21 08:46:17 | 000,562,600 | ---- | M] (Google Inc.) {C3701884-B39B-11D1-9D68-00C04FC30DF6} [HKLM] -> C:\Windows\SysWOW64\oleprn.dll [OleInstall Class] -> [2009-07-14 03:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {C442AC41-9200-4770-8CC0-7CDB4F245C55} [HKLM] -> C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [Google Update Plugin] -> [2012-03-21 08:46:17 | 000,562,600 | ---- | M] (Google Inc.) {C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\PROGRA~2\MICROS~3\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2006-10-26 20:12:26 | 000,053,576 | ---- | M] (Microsoft Corporation) {CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2010-09-22 18:04:24 | 000,660,912 | ---- | M] (Adobe Systems, Inc.) {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [HKCU] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB} [HKCU] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} [HKCU] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_30] -> [2011-11-10 06:54:18 | 000,104,224 | ---- | M] () {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\Windows\SysWOW64\deployJava1.dll [Deployment Toolkit] -> [2011-11-10 06:54:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) {CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\Windows\SysWOW64\deployJava1.dll [Deployment Toolkit] -> [2011-11-10 06:54:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} [HKCU] -> C:\Users\Shiva\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Facebook Video Calling Plugin] -> [2012-03-15 23:33:08 | 001,075,560 | ---- | M] (Skype Limited) {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10w.ocx [Shockwave Flash Object] -> [2011-09-17 23:56:33 | 006,384,288 | R--- | M] (Adobe Systems, Inc.) {E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\PROGRA~2\COMMON~1\MICROS~1\Portal\PORTAL~1.DLL [PersonalSite Class] -> [2006-10-26 21:30:44 | 000,482,088 | ---- | M] () {EBA7A1E6-E69D-4BA5-B291-95782A004600} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {EBA7A1E6-E69D-4BA5-B291-95782A004603} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {EBA7A1E6-E69D-4BA5-B291-95782A004604} [HKLM] -> C:\PROGRA~2\BATTLE~1\Sonar\070~1.4\SonarAx.ocx [SonarAx Control] -> [2011-11-03 16:08:54 | 000,227,688 | ---- | M] (ESN Social Software AB) {EE09B103-97E0-11CF-978F-00A02463E06F} [HKLM] -> C:\Windows\SysWOW64\scrrun.dll [Scripting.Dictionary] -> [2009-07-14 03:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) {F9152AEC-3462-4632-8087-EEE3C3CDDA24} [HKLM] -> C:\Program Files (x86)\Google\Google Earth\plugin\ie\6.1.0.5001\plugin_ax.dll [GEPluginCoClass Object] -> [2011-10-17 20:04:54 | 002,370,048 | ---- | M] (Google) < Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ -> {2EECD738-5844-4A99-B4B6-146BF802613B} [HKLM] -> [Babylon toolbar helper] -> File not found 64bit-{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2011-11-28 20:01:12 | 000,963,064 | ---- | M] (AVAST Software) {318A227B-5E9F-45BD-8999-7F8F10CA4CF5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2011-11-10 09:01:32 | 000,325,408 | ---- | M] (Sun Microsystems, Inc.) {7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011-11-28 20:01:21 | 000,809,040 | ---- | M] (AVAST Software) {98889811-442D-49DD-99D7-DC866BE87DBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2012-01-17 11:43:46 | 003,855,520 | ---- | M] (Skype Technologies S.A.) {BDE58274-7A2A-4682-8C47-A379DD9E36CB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10w.ocx [Shockwave Flash Object] -> [2011-09-17 23:56:33 | 006,384,288 | R--- | M] (Adobe Systems, Inc.) {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} [HKLM] -> C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL [IplexToALLPlayer] -> [2011-02-09 20:29:08 | 000,400,384 | ---- | M] (ALLCinema Ltd.) {EEE6C35B-6118-11DC-9C72-001320C79847} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {EEE6C35C-6118-11DC-9C72-001320C79847} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ -> {04FE3112-DB93-424D-B958-5E709395693F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {04FE3112-DB93-424D-B958-5E709395693F} [HKCU] -> C:\Users\Shiva\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll [Facebook Desktop Plugin] -> [2012-04-03 19:36:44 | 000,168,056 | ---- | M] (Facebook, Inc.) {2EECD738-5844-4A99-B4B6-146BF802613B} [HKLM] -> [Babylon toolbar helper] -> File not found 64bit-{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2011-11-28 20:01:12 | 000,963,064 | ---- | M] (AVAST Software) {318A227B-5E9F-45BD-8999-7F8F10CA4CF5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {3760D689-C63B-4422-9A1D-31CA856CD5C1} [HKLM] -> C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.4.dll [GGClass Class] -> [2011-07-04 19:45:30 | 000,406,112 | ---- | M] (GG Network S.A.) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found 64bit-{6BF52A52-394A-11D3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysNative\wmp.dll [Windows Media Player] -> [2009-07-14 03:41:57 | 014,628,352 | ---- | M] (Microsoft Corporation) {6BF52A52-394A-11D3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysWOW64\wmp.dll [Windows Media Player] -> [2009-07-14 03:16:19 | 011,406,336 | ---- | M] (Microsoft Corporation) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2011-11-10 09:01:32 | 000,325,408 | ---- | M] (Sun Microsystems, Inc.) {7AEFE841-DCA1-4A95-80CB-BE935D005000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7AEFE841-DCA1-4A95-80CB-BE935D016000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7AEFE841-DCA1-4A95-80CB-BE935D016600} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7AEFE841-DCA1-4A95-80CB-BE935D016800} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7AEFE841-DCA1-4A95-80CB-BE935D016E00} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7AEFE841-DCA1-4A95-80CB-BE935D017400} [HKLM] -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\ESNLaunchAx.ocx [ESNLaunchAx Control] -> [2012-02-13 14:54:04 | 007,002,040 | ---- | M] (ESN AB) {7AEFE841-DCA1-4A95-80CB-BE935D017600} [HKLM] -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\ESNLaunchAx.ocx [ESNLaunchAx Control] -> [2012-03-20 13:18:24 | 007,002,040 | ---- | M] (ESN AB) {7D9463CD-BBD8-42F4-AB72-D7B1191D9F3D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2012-01-17 11:43:46 | 003,855,520 | ---- | M] (Skype Technologies S.A.) {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011-11-28 20:01:21 | 000,809,040 | ---- | M] (AVAST Software) {98889811-442D-49DD-99D7-DC866BE87DBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2012-01-17 11:43:46 | 003,855,520 | ---- | M] (Skype Technologies S.A.) 64bit-{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} [HKLM] -> C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll [SearchHook Class] -> [2010-03-05 10:15:02 | 000,153,336 | ---- | M] (DeviceVM, Inc.) {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} [HKLM] -> C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll [SearchHook Class] -> [2010-03-05 10:14:58 | 000,133,368 | ---- | M] (DeviceVM, Inc.) {BDE58274-7A2A-4682-8C47-A379DD9E36CB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10w.ocx [Shockwave Flash Object] -> [2011-09-17 23:56:33 | 006,384,288 | R--- | M] (Adobe Systems, Inc.) {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} [HKLM] -> C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL [IplexToALLPlayer] -> [2011-02-09 20:29:08 | 000,400,384 | ---- | M] (ALLCinema Ltd.) {EBA7A1E6-E69D-4BA5-B291-95782A004600} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {EBA7A1E6-E69D-4BA5-B291-95782A004603} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {EBA7A1E6-E69D-4BA5-B291-95782A004604} [HKLM] -> C:\PROGRA~2\BATTLE~1\Sonar\070~1.4\SonarAx.ocx [SonarAx Control] -> [2011-11-03 16:08:54 | 000,227,688 | ---- | M] (ESN Social Software AB) {EEE6C35B-6118-11DC-9C72-001320C79847} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {EEE6C35C-6118-11DC-9C72-001320C79847} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .html [@ = Opera.HTML] -> C:\Program Files (x86)\Opera\Opera.exe -> [2012-03-26 20:31:19 | 000,949,104 | ---- | M] (Opera Software) .url [@ = InternetShortcut] -> C:\Windows\SysNative\rundll32.exe -> [2009-07-14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .scr [@ = scrfile] -> "%1" /S -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .cpl [@ = cplfile] -> C:\Windows\SysWow64\control.exe -> [2009-07-14 03:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) .exe [@ = exefile] -> "%1" %* -> .html [@ = Opera.HTML] -> C:\Program Files (x86)\Opera\Opera.exe -> [2012-03-26 20:31:19 | 000,949,104 | ---- | M] (Opera Software) .pif [@ = piffile] -> "%1" %* -> .scr [@ = scrfile] -> "%1" /S -> < File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\\ -> .html [@ = ChromeHTML] -> Reg Error: Key error. -> File not found < 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2006-10-26 21:41:48 | 000,044,344 | ---- | M] (Microsoft Corporation) < 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found skype-ie-addon-data:{91774881-D725-4E58-B298-07617B9B86A8} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found wlpg:{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL[IEProtocolHandler Class] -> [2011-11-03 13:48:40 | 002,156,192 | R--- | M] (Skype Technologies) skype-ie-addon-data:{91774881-D725-4E58-B298-07617B9B86A8} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll[Skype IE add-on Pluggable Protocol] -> [2012-01-17 11:43:46 | 003,855,520 | ---- | M] (Skype Technologies S.A.) < 64bit-SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> Service NTDS -> 32bit -> File not found PCI Configuration -> Driver Group PEVSystemStart -> Service PNP Filter -> Driver Group Primary disk -> Driver Group procexp90.Sys -> Driver sacsvr -> Service SCSI Class -> Driver Group System Bus Extender -> Driver Group TrustedInstaller -> 32bit -> File not found vmms -> Service WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AppInfo -> 64bit -> File not found Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group DcomLaunch -> 64bit -> File not found EFS -> 64bit -> File not found EventLog -> 64bit -> File not found File system -> Driver Group Filter -> Driver Group HelpSvc -> Service KeyIso -> 64bit -> File not found Netlogon -> 64bit -> File not found NTDS -> 64bit -> File not found PCI Configuration -> Driver Group PEVSystemStart -> Service PlugPlay -> 64bit -> File not found PNP Filter -> Driver Group Power -> 64bit -> File not found Primary disk -> Driver Group procexp90.Sys -> Driver ProfSvc -> 64bit -> File not found RpcEptMapper -> 64bit -> File not found RpcSs -> 64bit -> File not found sacsvr -> Service SCSI Class -> Driver Group sermouse.sys -> 64bit -> File not found SWPRV -> 64bit -> File not found System Bus Extender -> Driver Group TabletInputService -> 64bit -> File not found TBS -> 64bit -> File not found VDS -> 64bit -> File not found vga.sys -> 64bit -> File not found vgasave.sys -> 64bit -> File not found vmms -> Service volmgr.sys -> 64bit -> File not found volmgrx.sys -> 64bit -> File not found WinDefend -> 64bit -> File not found WinMgmt -> 64bit -> File not found WudfPf -> 64bit -> File not found WudfRd -> 64bit -> File not found WudfSvc -> 64bit -> File not found < 64bit-SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E972-E325-11CE-BFC1-08002BE10318} -> Net {4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient {4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService {4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {50DD5230-BA8A-11D1-BF5D-0000F805F530} -> Smart card readers {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group Hamachi2Svc -> 32bit -> File not found HelpSvc -> Service Messenger -> Service NDIS Wrapper -> Driver Group NetBIOSGroup -> Driver Group NetDDEGroup -> Driver Group Network -> Driver Group NetworkProvider -> Driver Group NTDS -> 32bit -> File not found PCI Configuration -> Driver Group PEVSystemStart -> Service PNP Filter -> Driver Group PNP_TDI -> Driver Group Primary disk -> Driver Group procexp90.Sys -> Driver rdsessmgr -> Service sacsvr -> Service SCSI Class -> Driver Group Streams Drivers -> Driver Group System Bus Extender -> Driver Group TDI -> Driver Group TrustedInstaller -> 32bit -> File not found vmms -> Service WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) WudfUsbccidDriver -> Driver < SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E972-E325-11CE-BFC1-08002BE10318} -> Net {4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient {4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService {4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {50DD5230-BA8A-11D1-BF5D-0000F805F530} -> Smart card readers {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AFD -> 64bit -> File not found AppInfo -> 64bit -> File not found Base -> Driver Group BFE -> 64bit -> File not found Boot Bus Extender -> Driver Group Boot file system -> Driver Group bowser -> 64bit -> File not found Browser -> 64bit -> File not found DcomLaunch -> 64bit -> File not found dfsc -> 64bit -> File not found DnsCache -> 64bit -> File not found Dot3Svc -> 64bit -> File not found Eaphost -> 64bit -> File not found EFS -> 64bit -> File not found EventLog -> 64bit -> File not found File system -> Driver Group Filter -> Driver Group Hamachi2Svc -> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -> [2012-02-28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) HelpSvc -> Service IKEEXT -> 64bit -> File not found ipnat.sys -> 64bit -> File not found KeyIso -> 64bit -> File not found LanmanServer -> 64bit -> File not found LanmanWorkstation -> 64bit -> File not found LmHosts -> 64bit -> File not found Messenger -> Service MPSDrv -> 64bit -> File not found MPSSvc -> 64bit -> File not found mrxsmb -> 64bit -> File not found mrxsmb10 -> 64bit -> File not found mrxsmb20 -> 64bit -> File not found NativeWifiP -> 64bit -> File not found NDIS -> 64bit -> File not found NDIS Wrapper -> Driver Group ndiscap -> 64bit -> File not found Ndisuio -> 64bit -> File not found NetBIOS -> 64bit -> File not found NetBIOSGroup -> Driver Group NetBT -> 64bit -> File not found NetDDEGroup -> Driver Group Netlogon -> 64bit -> File not found NetMan -> 64bit -> File not found Network -> Driver Group NetworkProvider -> Driver Group NlaSvc -> 64bit -> File not found Nsi -> 64bit -> File not found nsiproxy.sys -> 64bit -> File not found NTDS -> 64bit -> File not found PCI Configuration -> Driver Group PEVSystemStart -> Service PlugPlay -> 64bit -> File not found PNP Filter -> Driver Group PNP_TDI -> Driver Group PolicyAgent -> 64bit -> File not found Power -> 64bit -> File not found Primary disk -> Driver Group procexp90.Sys -> Driver ProfSvc -> 64bit -> File not found rdbss -> 64bit -> File not found rdpencdd.sys -> 64bit -> File not found rdsessmgr -> Service RpcEptMapper -> 64bit -> File not found RpcSs -> 64bit -> File not found sacsvr -> Service SCardSvr -> 64bit -> File not found SCSI Class -> Driver Group sermouse.sys -> 64bit -> File not found SharedAccess -> 64bit -> File not found Streams Drivers -> Driver Group SWPRV -> 64bit -> File not found System Bus Extender -> Driver Group TabletInputService -> 64bit -> File not found TBS -> 64bit -> File not found Tcpip -> 64bit -> File not found TDI -> Driver Group VaultSvc -> 64bit -> File not found VDS -> 64bit -> File not found vga.sys -> 64bit -> File not found vgasave.sys -> 64bit -> File not found vmms -> Service volmgr.sys -> 64bit -> File not found volmgrx.sys -> 64bit -> File not found WinDefend -> 64bit -> File not found WinMgmt -> 64bit -> File not found Wlansvc -> 64bit -> File not found WudfPf -> 64bit -> File not found WudfRd -> 64bit -> File not found WudfSvc -> 64bit -> File not found WudfUsbccidDriver -> Driver < 64bit-Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center \\"cval" -> [1] -> File not found \\"FirewallDisableNotify" -> [0] -> File not found \\"AntiVirusDisableNotify" -> [0] -> File not found \\"UpdatesDisableNotify" -> [0] -> File not found 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc \Svc\\"VistaSp1" -> [28 4D B2 76 41 04 CA 01 [binary data]] -> File not found \Svc\\"AntiVirusOverride" -> [0] -> File not found \Svc\\"AntiSpywareOverride" -> [0] -> File not found \Svc\\"FirewallOverride" -> [0] -> File not found 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> -> < 64bit-Windows Firewall Group Policy Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall -> 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> < System Restore User Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore -> "DisableSR" -> 0 -> < Windows Firewall Group Policy Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Windows DomainProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile \\"DisableNotifications" -> [0] -> File not found \\"EnableFirewall" -> [1] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ -> -> < Windows StandardProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile \\"DisableNotifications" -> [0] -> File not found \\"EnableFirewall" -> [0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> -> < Windows StandardProfile GloballyOpenPorts Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> *BootExecute* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute -> autocheck autochk * -> -> File not found *MultiFile Done* -> -> "ExcludeFromKnownDlls" -> [binary data] -> 64bit-*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> \Windows -> \Windows -> [2012-05-11 19:31:43 | 000,000,000 | ---D | M] \RPC Control -> -> File not found *MultiFile Done* -> -> *ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> \Windows -> \Windows -> [2012-05-11 19:31:43 | 000,000,000 | ---D | M] \RPC Control -> -> File not found *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> 64bit-"ComSpec" -> C:\Windows\SysNative\cmd.exe -> [2009-07-14 03:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) "ComSpec" -> C:\Windows\SysWOW64\cmd.exe -> [2009-07-14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) "TEMP" -> C:\Windows\temp -> [2012-05-11 19:41:44 | 000,000,000 | ---D | M] "TMP" -> C:\Windows\temp -> [2012-05-11 19:41:44 | 000,000,000 | ---D | M] "windir" -> C:\Windows -> [2012-05-11 19:31:43 | 000,000,000 | ---D | M] 64bit-*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32 -> C:\Windows\SysNative -> File not found %SystemRoot% -> C:\Windows -> [2012-05-11 19:31:43 | 000,000,000 | ---D | M] %SystemRoot%\system32\wbem -> C:\Windows\SysNative\wbem -> [2012-05-11 16:27:47 | 000,000,000 | ---D | M] C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common -> [2012-03-06 19:51:39 | 000,000,000 | ---D | M] C:\Program Files (x86)\AMD APP\bin\x86_64 -> C:\Program Files (x86)\AMD APP\bin\x86_64 -> [2011-12-30 23:06:05 | 000,000,000 | ---D | M] C:\Program Files (x86)\AMD APP\bin\x86 -> -> File not found C:\Program Files\Common Files\Microsoft Shared\Windows Live -> C:\Program Files\Common Files\Microsoft Shared\Windows Live -> [2011-09-29 17:43:35 | 000,000,000 | ---D | M] C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live -> [2011-09-29 17:43:35 | 000,000,000 | ---D | M] %SYSTEMROOT%\System32\WindowsPowerShell\v1.0 -> C:\Windows\SysNative\WindowsPowerShell\v1.0 -> [2009-07-14 19:55:33 | 000,000,000 | ---D | M] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static -> [2012-02-01 21:51:45 | 000,000,000 | ---D | M] C:\Program Files (x86)\Windows Live\Shared -> C:\Program Files (x86)\Windows Live\Shared -> [2011-09-29 17:45:36 | 000,000,000 | ---D | M] C:\Program Files (x86)\Common Files\Ulead Systems\MPEG -> -> File not found *MultiFile Done* -> -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32 -> C:\Windows\SysWOW64 -> [2012-05-11 19:17:34 | 000,000,000 | ---D | M] %SystemRoot% -> C:\Windows -> [2012-05-11 19:31:43 | 000,000,000 | ---D | M] %SystemRoot%\system32\wbem -> C:\Windows\SysWOW64\wbem -> [2009-07-14 20:09:10 | 000,000,000 | ---D | M] C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common -> [2012-03-06 19:51:39 | 000,000,000 | ---D | M] C:\Program Files (x86)\AMD APP\bin\x86_64 -> C:\Program Files (x86)\AMD APP\bin\x86_64 -> [2011-12-30 23:06:05 | 000,000,000 | ---D | M] C:\Program Files (x86)\AMD APP\bin\x86 -> -> File not found C:\Program Files\Common Files\Microsoft Shared\Windows Live -> C:\Program Files\Common Files\Microsoft Shared\Windows Live -> [2011-09-29 17:43:35 | 000,000,000 | ---D | M] C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live -> [2011-09-29 17:43:35 | 000,000,000 | ---D | M] %SYSTEMROOT%\System32\WindowsPowerShell\v1.0 -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0 -> [2009-07-14 19:55:34 | 000,000,000 | ---D | M] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static -> [2012-02-01 21:51:45 | 000,000,000 | ---D | M] C:\Program Files (x86)\Windows Live\Shared -> C:\Program Files (x86)\Windows Live\Shared -> [2011-09-29 17:45:36 | 000,000,000 | ---D | M] C:\Program Files (x86)\Common Files\Ulead Systems\MPEG -> -> File not found *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> File not found .EXE -> -> File not found .BAT -> -> File not found .CMD -> -> File not found .VBS -> -> File not found .VBE -> -> File not found .JS -> -> File not found .JSE -> -> File not found .WSF -> -> File not found .WSH -> -> File not found .MSC -> -> File not found *MultiFile Done* -> -> < Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> < Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> 64bit-"advapi32" -> C:\Windows\SysNative\advapi32.dll -> [2009-07-14 03:40:01 | 000,877,056 | ---- | M] (Microsoft Corporation) 64bit-"clbcatq" -> C:\Windows\SysNative\clbcatq.dll -> [2009-07-14 03:40:15 | 000,607,744 | ---- | M] (Microsoft Corporation) 64bit-"COMDLG32" -> C:\Windows\SysNative\comdlg32.dll -> [2009-07-14 03:40:22 | 000,595,456 | ---- | M] (Microsoft Corporation) 64bit-"DifxApi" -> C:\Windows\SysNative\difxapi.dll -> [2009-07-14 03:40:30 | 000,504,320 | ---- | M] (Microsoft Corporation) 64bit-"DllDirectory" -> C:\Windows\SysNative -> File not found 64bit-"DllDirectory32" -> C:\Windows\SysWOW64 -> [2012-05-11 19:17:34 | 000,000,000 | ---D | M] 64bit-"gdi32" -> C:\Windows\SysNative\gdi32.dll -> [2009-07-14 03:40:56 | 000,404,480 | ---- | M] (Microsoft Corporation) 64bit-"IERTUTIL" -> C:\Windows\SysNative\iertutil.dll -> [2009-07-14 03:41:06 | 002,440,704 | ---- | M] (Microsoft Corporation) 64bit-"IMAGEHLP" -> C:\Windows\SysNative\imagehlp.dll -> [2009-07-14 03:41:08 | 000,076,288 | ---- | M] (Microsoft Corporation) 64bit-"IMM32" -> C:\Windows\SysNative\imm32.dll -> [2009-07-14 03:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) 64bit-"kernel32" -> C:\Windows\SysNative\kernel32.dll -> [2009-07-14 03:41:13 | 001,162,240 | ---- | M] (Microsoft Corporation) 64bit-"LPK" -> C:\Windows\SysNative\lpk.dll -> [2009-07-14 03:41:19 | 000,041,984 | ---- | M] (Microsoft Corporation) 64bit-"MSCTF" -> C:\Windows\SysNative\msctf.dll -> [2009-07-14 03:41:28 | 001,067,008 | ---- | M] (Microsoft Corporation) 64bit-"MSVCRT" -> C:\Windows\SysNative\msvcrt.dll -> [2009-07-14 03:41:32 | 000,634,880 | ---- | M] (Microsoft Corporation) 64bit-"NORMALIZ" -> C:\Windows\SysNative\normaliz.dll -> [2009-07-14 03:31:40 | 000,002,560 | ---- | M] (Microsoft Corporation) 64bit-"NSI" -> C:\Windows\SysNative\nsi.dll -> [2009-07-14 03:41:53 | 000,013,824 | ---- | M] (Microsoft Corporation) 64bit-"ole32" -> C:\Windows\SysNative\ole32.dll -> [2009-07-14 03:41:53 | 002,084,352 | ---- | M] (Microsoft Corporation) 64bit-"OLEAUT32" -> C:\Windows\SysNative\oleaut32.dll -> [2009-07-14 03:41:53 | 000,861,184 | ---- | M] (Microsoft Corporation) 64bit-"PSAPI" -> C:\Windows\SysNative\psapi.dll -> [2009-07-14 03:41:53 | 000,009,216 | ---- | M] (Microsoft Corporation) 64bit-"rpcrt4" -> C:\Windows\SysNative\rpcrt4.dll -> [2009-07-14 03:41:53 | 001,221,632 | ---- | M] (Microsoft Corporation) 64bit-"sechost" -> C:\Windows\SysNative\sechost.dll -> [2009-07-14 03:41:53 | 000,113,664 | ---- | M] (Microsoft Corporation) 64bit-"Setupapi" -> C:\Windows\SysNative\setupapi.dll -> [2009-07-14 03:41:54 | 001,899,520 | ---- | M] (Microsoft Corporation) 64bit-"SHELL32" -> C:\Windows\SysNative\shell32.dll -> [2009-07-14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) 64bit-"SHLWAPI" -> C:\Windows\SysNative\shlwapi.dll -> [2009-07-14 03:41:54 | 000,449,536 | ---- | M] (Microsoft Corporation) 64bit-"URLMON" -> C:\Windows\SysNative\urlmon.dll -> [2009-07-14 03:41:56 | 001,492,480 | ---- | M] (Microsoft Corporation) 64bit-"user32" -> C:\Windows\SysNative\user32.dll -> [2009-07-14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) 64bit-"USP10" -> C:\Windows\SysNative\usp10.dll -> [2009-07-14 03:41:56 | 000,801,280 | ---- | M] (Microsoft Corporation) 64bit-"WININET" -> C:\Windows\SysNative\wininet.dll -> [2009-07-14 03:41:56 | 001,193,472 | ---- | M] (Microsoft Corporation) 64bit-"WLDAP32" -> C:\Windows\SysNative\Wldap32.dll -> [2009-07-14 03:41:56 | 000,311,808 | ---- | M] (Microsoft Corporation) 64bit-"WS2_32" -> C:\Windows\SysNative\ws2_32.dll -> [2009-07-14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) "advapi32" -> C:\Windows\SysWow64\advapi32.dll -> [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) "clbcatq" -> C:\Windows\SysWow64\clbcatq.dll -> [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) "COMDLG32" -> C:\Windows\SysWow64\comdlg32.dll -> [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) "DifxApi" -> C:\Windows\SysWow64\difxapi.dll -> [2009-07-14 03:15:11 | 000,315,904 | ---- | M] (Microsoft Corporation) "DllDirectory" -> C:\Windows\SysWOW64 -> [2012-05-11 19:17:34 | 000,000,000 | ---D | M] "DllDirectory32" -> C:\Windows\SysWOW64 -> [2012-05-11 19:17:34 | 000,000,000 | ---D | M] "gdi32" -> C:\Windows\SysWow64\gdi32.dll -> [2009-07-14 03:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) "IERTUTIL" -> C:\Windows\SysWow64\iertutil.dll -> [2009-07-14 03:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) "IMAGEHLP" -> C:\Windows\SysWow64\imagehlp.dll -> [2009-07-14 03:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) "IMM32" -> C:\Windows\SysWow64\imm32.dll -> [2009-07-14 03:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) "kernel32" -> C:\Windows\SysWow64\kernel32.dll -> [2009-07-14 03:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) "LPK" -> C:\Windows\SysWow64\lpk.dll -> [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) "MSCTF" -> C:\Windows\SysWow64\msctf.dll -> [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) "MSVCRT" -> C:\Windows\SysWow64\msvcrt.dll -> [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) "NORMALIZ" -> C:\Windows\SysWow64\normaliz.dll -> [2009-07-14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) "NSI" -> C:\Windows\SysWow64\nsi.dll -> [2009-07-14 03:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) "ole32" -> C:\Windows\SysWow64\ole32.dll -> [2009-07-14 03:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) "OLEAUT32" -> C:\Windows\SysWow64\oleaut32.dll -> [2009-07-14 03:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) "PSAPI" -> C:\Windows\SysWow64\psapi.dll -> [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) "rpcrt4" -> C:\Windows\SysWow64\rpcrt4.dll -> [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) "sechost" -> C:\Windows\SysWow64\sechost.dll -> [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) "Setupapi" -> C:\Windows\SysWow64\setupapi.dll -> [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) "SHELL32" -> C:\Windows\SysWow64\shell32.dll -> [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "SHLWAPI" -> C:\Windows\SysWow64\shlwapi.dll -> [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) "URLMON" -> C:\Windows\SysWow64\urlmon.dll -> [2009-07-14 03:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) "user32" -> C:\Windows\SysWow64\user32.dll -> [2009-07-14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) "USP10" -> C:\Windows\SysWow64\usp10.dll -> [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) "WININET" -> C:\Windows\SysWow64\wininet.dll -> [2009-07-14 03:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) "WLDAP32" -> C:\Windows\SysWow64\Wldap32.dll -> [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) "WS2_32" -> C:\Windows\SysWow64\ws2_32.dll -> [2012-05-11 19:17:31 | 000,206,848 | ---- | M] (Microsoft Corporation) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* 64bit-cmdfile [open] -> "%1" %* 64bit-comfile [open] -> "%1" %* 64bit-exefile [open] -> "%1" %* 64bit-htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> [2009-07-14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-https [open] -> "C:\Program Files (x86)\Opera\Opera.exe" "%1" -> [2012-03-26 20:31:19 | 000,949,104 | ---- | M] (Opera Software) 64bit-inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> [2009-07-14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2009-07-14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2009-07-14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-piffile [open] -> "%1" %* 64bit-scrfile [config] -> "%1" 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l 64bit-scrfile [open] -> "%1" /S 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009-07-14 03:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) 64bit-Directory [napiprojekt] -> "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -> [2011-12-14 19:31:56 | 006,194,176 | ---- | M] () 64bit-Directory [napiprojekt0] -> "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang -> [2011-12-14 19:31:56 | 006,194,176 | ---- | M] () 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009-07-14 03:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> https [open] -> "C:\Program Files (x86)\Opera\Opera.exe" "%1" -> [2012-03-26 20:31:19 | 000,949,104 | ---- | M] (Opera Software) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009-07-14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) Directory [napiprojekt] -> "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -> [2011-12-14 19:31:56 | 006,194,176 | ---- | M] () Directory [napiprojekt0] -> "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang -> [2011-12-14 19:31:56 | 006,194,176 | ---- | M] () Folder [open] -> %SystemRoot%\Explorer.exe -> [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll -> [2012-02-02 09:50:42 | 000,172,376 | ---- | M] (www.flyvpn.com) Protocol_Catalog9\Catalog_Entries\000000000002 -> C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll -> [2012-02-02 09:50:42 | 000,172,376 | ---- | M] (www.flyvpn.com) Protocol_Catalog9\Catalog_Entries\000000000003 -> C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll -> [2012-02-02 09:50:42 | 000,172,376 | ---- | M] (www.flyvpn.com) < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {0BD776F3-057D-4C11-020C-4FA9B13D04F9} -> AMD Catalyst Install Manager {180C8888-50F1-426B-A9DC-AB83A1989C65} -> Windows Live Language Selector {1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} -> Windows Live ID Sign-in Assistant {26A24AE4-039D-4CA4-87B4-2F86416029FF} -> Java(TM) 6 Update 29 (64-bit) {463FB535-67FB-17C9-6FD6-164BC60462F6} -> ccc-utility64 {4B6C7001-C7D6-3710-913E-5BC23FCE91E6} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 {503F672D-6C84-448A-8F8F-4BC35AC83441} -> AMD APP SDK Runtime {69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE} -> AMD Fuel {8220EEFE-38CD-377E-8595-13398D740ACE} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 {8E34682C-8118-31F1-BC4C-98CD9675E1C2} -> Microsoft .NET Framework 4 Extended {90120000-002A-0000-1000-0000000FF1CE} -> Microsoft Office Office 64-bit Components 2007 {90120000-002A-0415-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit MUI (Polish) 2007 {95120000-00B9-0409-1000-0000000FF1CE} -> Microsoft Application Error Reporting {A6FE29A0-622B-2763-88AA-D1E084F77CD9} -> AMD Media Foundation Decoders {CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB} -> AMD Drag and Drop Transcoding {DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E} -> Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} -> Microsoft .NET Framework 4 Client Profile CCleaner -> CCleaner Connectify -> Connectify CPUID CPU-Z_is1 -> CPUID CPU-Z 1.58 Defraggler -> Defraggler EPSON SX125 Series -> Odinstaluj drukarkę EPSON SX125 Series Microsoft .NET Framework 4 Client Profile -> Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended -> Microsoft .NET Framework 4 Extended Speccy -> Speccy WinRAR archiver -> WinRAR 4.01 (64-bitowy) < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam {0654EA5D-308A-4196-882B-5C09744A5D81} -> Windows Live Photo Common {0B0F231F-CE6A-483D-AA23-77B364F75917} -> Windows Live Installer {0C1931EB-8339-4837-8BEC-75029BF42734} -> Windows Live UX Platform Language Pack {11083C7A-D0D6-4DA4-8C3A-74B8389EC07B} -> ATI Catalyst Registration {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} -> YouTube Downloader 3.5 {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 {200FEC62-3C34-4D60-9CE8-EC372E01C08F} -> Windows Live SOXE Definitions {26A24AE4-039D-4CA4-87B4-2F83216027FF} -> Java(TM) 6 Update 30 {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} -> Google Earth Plug-in {2ECA81CA-D932-4AD3-AD59-BF5CCF099C83} -> Catalyst Control Center - Branding {3336F667-9049-4D46-98B6-4C743EEBC5B1} -> Windows Live Photo Gallery {347151C4-7F16-B275-8865-CC6B64056D3F} -> Catalyst Control Center Graphics Previews Common {4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater {4CB0307C-565E-4441-86BE-0DF2E4FB828C} -> Microsoft Games for Windows Marketplace {521AAD14-5030-44BB-8B0E-5CE65FCE57E0} -> InterVideo DeviceService {5442DAB8-7177-49E1-8B22-09A049EA5996} -> Renesas Electronics USB 3.0 Host Controller Driver {5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1 -> Driver Sweeper wersja 3.2.0 {62AEBBB6-8314-7902-B3DA-1690F97DFA74} -> CCC Help English {64029508-2587-4D39-AB83-2AC722FBFCC2} -> XSplit {64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC} -> Battlefield 3™ {682B3E4F-696A-42DE-A41C-4C07EA1678B4} -> Windows Live SOXE {6A9D1594-7791-48f5-9CAA-DE9BCB968320} -> Mass Effect™ 3 {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable {7A9D47BA-6D50-4087-866F-0800D8B89383} -> Podstawowe programy Windows Live {7CAC6A44-C3DE-4153-ACA6-7524602C789E} -> Facebook Video Calling 1.2.0.159 {837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable {83C292B7-38A5-440B-A731-07070E81A64F} -> Windows Live PIMT Platform {8833FFB6-5B0C-4764-81AA-06DFEED9A476} -> Realtek Ethernet Controller Driver For Windows 7 {8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3} -> The Lord of the Rings FREE Trial {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} -> MSVCRT {90120000-0015-0415-0000-0000000FF1CE} -> Microsoft Office Access MUI (Polish) 2007 {90120000-0016-0415-0000-0000000FF1CE} -> Microsoft Office Excel MUI (Polish) 2007 {90120000-0018-0415-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (Polish) 2007 {90120000-0019-0415-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (Polish) 2007 {90120000-001A-0415-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (Polish) 2007 {90120000-001B-0415-0000-0000000FF1CE} -> Microsoft Office Word MUI (Polish) 2007 {90120000-001F-0407-0000-0000000FF1CE} -> Microsoft Office Proof (German) 2007 {90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007 {90120000-001F-0415-0000-0000000FF1CE} -> Microsoft Office Proof (Polish) 2007 {90120000-002C-0415-0000-0000000FF1CE} -> Microsoft Office Proofing (Polish) 2007 {90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007 {90120000-0044-0415-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (Polish) 2007 {90120000-006E-0415-0000-0000000FF1CE} -> Microsoft Office Shared MUI (Polish) 2007 {90120000-00A1-0415-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (Polish) 2007 {90120000-00BA-0415-0000-0000000FF1CE} -> Microsoft Office Groove MUI (Polish) 2007 {92EA4134-10D1-418A-91E1-5A0453131A38} -> Windows Live Movie Maker {9370105C-71BB-4FF9-A85B-36D79B95457A}_is1 -> ALLConverter PRO 1.1 {943A8D28-80D6-41DC-AE94-81FEB42041BF} -> System Requirements Lab CYRI {980A182F-E0A2-4A40-94C1-AE0C1235902E} -> Pando Media Booster {9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 {9FD6F1A8-5550-46AF-8509-271DF0E768B5} -> Dual-Core Optimizer {A10B9E4E-9C40-4491-A3E1-C2B53DAB03C1} -> Facebook Messenger 2.0.4478.0 {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} -> Windows Live Photo Common {AC76BA86-7AD7-1045-7B44-A94000000001} -> Adobe Reader 9.4.0 - Polish {B6CF2967-C81E-40C0-9815-C05774FEF120} -> Skype Click to Call {BA88EE67-8974-459D-A1DB-C8281D9AC6F6} -> Browser Configuration Utility {C01AE05C-3C8C-75B3-C9F0-1B525DD3697C} -> Catalyst Control Center InstallProxy {CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} -> Galeria fotografii usługi Windows Live {CC8C451E-A820-48C8-AE92-A0FF088969D8} -> Stereoscopic Player {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} -> Windows Live UX Platform {D45240D3-B6B3-4FF9-B243-54ECE3E10066} -> Windows Live Communications Platform {DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} -> NVIDIA PhysX {DAD5AC93-8518-4F46-A5FE-E63FEE791B6F} -> AMD OverDrive {E09C4DB7-630C-4F06-A631-8EA7239923AF} -> D3DX10 {E2494AD8-314D-44F8-B39C-4358A60DC184} -> LogMeIn Hamachi {EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} -> Skype™ 5.8 {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU] {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} -> Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver {F2508213-9989-4E85-A078-72BE483917EF} -> Microsoft Games for Windows - LIVE Redistributable {F80E5450-3EF3-4270-B26C-6AC53BEC5E76} -> Windows Live Movie Maker {F865B0B5-0D43-2704-0B22-35C5F721374B} -> AMD VISION Engine Control Center {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin Afterburner -> MSI Afterburner 2.1.0 ALLPlayer_is1 -> ALLPlayer V5.X ASIO4ALL -> ASIO4ALL ATC_is1 -> Advanced Tactical Center™ 1.0 AV Voice Changer Software DIAMOND 6.0 -> AV Voice Changer Software DIAMOND 6.0 avast -> avast! Free Antivirus Battlelog Web Plugins -> Battlelog Web Plugins Clownfish -> Clownfish for Skype Dll-Files.com Fixer_is1 -> Dll-Files.com Fixer EAGLE 6.1.0 -> EAGLE 6.1.0 ENTERPRISE -> Microsoft Office Enterprise 2007 EPSON Scanner -> EPSON Scan ESN Sonar-0.70.0 -> ESN Sonar ESN Sonar-0.70.4 -> ESN Sonar FL Studio 10 -> FL Studio 10 FlyVPN -> FlyVPN Fraps -> Fraps (remove only) Gadu-Gadu 10 -> Gadu-Gadu 10 GOM Player -> GOM Player Google Chrome -> Google Chrome IL Download Manager -> IL Download Manager InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996} -> Renesas Electronics USB 3.0 Host Controller Driver KLiteCodecPack_is1 -> K-Lite Mega Codec Pack 8.0.0 LogMeIn Hamachi -> LogMeIn Hamachi Matura 2012 - Matematyka1.0 -> Matura 2012 - Matematyka Motherboard Monitor 5.3.7.0 Languages_is1 -> Motherboard Monitor 5 Languages Mozilla Firefox 8.0 (x86 pl) -> Mozilla Firefox 8.0 (x86 pl) NapiProjekt_is1 -> NapiProjekt 2.0.0 (build 2151) Opera 11.61.1250 -> Opera 11.61 Origin -> Origin pcsx2-r4600 -> PCSX2 - Playstation 2 Emulator Picasa 3 -> Picasa 3 Postal 2 PL -> Postal 2 PL PunkBusterSvc -> PunkBuster Services rayatitray -> Ray Adams ATI Tray Tools Skijumping 2007_0001 -> Skijumping 2007 Sniper Elite V2_is1 -> Sniper Elite V2 SpeedFan -> SpeedFan (remove only) SpeedyDrive -> Speedy Drive (remove only) Tekken 3 Online_is1 -> TK3Online v1 with ePSXe 1.5.2 TMIPC -> Tibia MULTI-ip changer Tunngle beta_is1 -> Tunngle beta TVTool -> TVTool uTorrent -> µTorrent WinGimp-2.0_is1 -> GIMP 2.6.11 WinLiveSuite -> Podstawowe programy Windows Live WorldUnlock Codes Calculator -> WorldUnlock Codes Calculator xampp -> XAMPP 1.6.7 < Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> Dropbox -> Dropbox FoxTab FLV Player -> FoxTab FLV Player TeamSpeak 3 Client -> TeamSpeak 3 Client < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! [Files/Folders - Created Within 30 Days] _OTS -> C:\_OTS -> [2012-05-11 19:31:07 | 000,000,000 | ---D | C] appmgmt -> C:\Windows\SysNative\appmgmt -> [2012-05-11 19:29:20 | 000,000,000 | ---D | C] ComboFix -> C:\ComboFix -> [2012-05-11 18:40:33 | 000,000,000 | --SD | C] $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012-05-11 18:36:59 | 000,000,000 | -HSD | C] temp -> C:\Windows\temp -> [2012-05-11 18:34:28 | 000,000,000 | ---D | C] NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012-05-11 18:26:48 | 000,060,416 | ---- | C] (NirSoft) SWREG.exe -> C:\Windows\SWREG.exe -> [2012-05-11 18:00:35 | 000,518,144 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2012-05-11 18:00:35 | 000,406,528 | ---- | C] (SteelWerX) ERDNT -> C:\Windows\ERDNT -> [2012-05-11 18:00:30 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2012-05-11 18:00:28 | 000,000,000 | ---D | C] ComboFix.exe -> C:\Users\Shiva\Desktop\ComboFix.exe -> [2012-05-11 18:00:14 | 004,490,099 | R--- | C] (Swearware) Speedy Drive -> C:\Users\Shiva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Speedy Drive -> [2012-05-11 16:03:24 | 000,000,000 | ---D | C] SpeedyDrive -> C:\Program Files (x86)\SpeedyDrive -> [2012-05-11 16:03:22 | 000,000,000 | ---D | C] sqlitestudio -> C:\Users\Shiva\AppData\Roaming\sqlitestudio -> [2012-05-11 14:50:41 | 000,000,000 | ---D | C] Talaturen's IP Changer 3.9 -> C:\Users\Shiva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Talaturen's IP Changer 3.9 -> [2012-05-11 14:09:31 | 000,000,000 | ---D | C] Talaturen's IP Changer -> C:\Program Files (x86)\Talaturen's IP Changer -> [2012-05-11 14:09:30 | 000,000,000 | ---D | C] Apache Friends -> C:\Users\Shiva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends -> [2012-05-11 11:52:28 | 000,000,000 | ---D | C] xampp -> C:\xampp -> [2012-05-11 11:36:22 | 000,000,000 | ---D | C] OtLand -> C:\Users\Shiva\AppData\Local\OtLand -> [2012-05-11 11:11:14 | 000,000,000 | ---D | C] Skype -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype -> [2012-05-11 10:26:44 | 000,000,000 | ---D | C] Skype -> C:\Program Files (x86)\Common Files\Skype -> [2012-05-11 10:26:44 | 000,000,000 | ---D | C] Actenom -> C:\Program Files\Actenom -> [2012-05-10 22:48:15 | 000,000,000 | ---D | C] Asprate -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asprate -> [2012-05-10 22:31:28 | 000,000,000 | ---D | C] Asprate -> C:\Program Files (x86)\Asprate -> [2012-05-10 22:31:26 | 000,000,000 | ---D | C] htryha -> C:\Program Files\htryha -> [2012-05-10 22:22:40 | 000,000,000 | -H-D | C] mpr.dll -> C:\Windows\mpr.dll -> [2012-05-10 22:14:15 | 000,064,000 | ---- | C] (Microsoft Corporation) dll-files.com -> C:\Users\Shiva\AppData\Roaming\dll-files.com -> [2012-05-10 22:05:02 | 000,000,000 | ---D | C] Dll-Files.com Fixer -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer -> [2012-05-10 22:04:55 | 000,000,000 | ---D | C] Dll-Files.com Fixer -> C:\Program Files (x86)\Dll-Files.com Fixer -> [2012-05-10 22:04:54 | 000,000,000 | ---D | C] Files -> C:\Files -> [2012-05-10 22:03:58 | 000,000,000 | ---D | C] Nowy folder (2) -> C:\Users\Shiva\Desktop\Nowy folder (2) -> [2012-05-10 22:03:27 | 000,000,000 | ---D | C] ZIELNA -> C:\Users\Shiva\Desktop\ZIELNA -> [2012-05-09 14:12:25 | 000,000,000 | ---D | C] Rebellion -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion -> [2012-05-07 16:38:10 | 000,000,000 | ---D | C] zdjecia dzialka -> C:\Users\Shiva\Desktop\zdjecia dzialka -> [2012-05-04 22:28:19 | 000,000,000 | ---D | C] SniperV2 -> C:\Users\Shiva\AppData\Local\SniperV2 -> [2012-05-03 18:59:03 | 000,000,000 | ---D | C] Witcher 2 -> C:\Users\Shiva\Documents\Witcher 2 -> [2012-04-30 22:37:27 | 000,000,000 | ---D | C] The Witcher 2 -> C:\Users\Shiva\AppData\Local\The Witcher 2 -> [2012-04-30 22:37:27 | 000,000,000 | ---D | C] Risen2 -> C:\Users\Shiva\AppData\Local\Risen2 -> [2012-04-30 18:35:13 | 000,000,000 | ---D | C] PresentationHostProxy.dll -> C:\Windows\SysWow64\PresentationHostProxy.dll -> [2012-04-30 16:59:58 | 000,099,176 | ---- | C] (Microsoft Corporation) PresentationHost.exe -> C:\Windows\SysWow64\PresentationHost.exe -> [2012-04-30 16:59:57 | 000,295,264 | ---- | C] (Microsoft Corporation) dfshim.dll -> C:\Windows\SysWow64\dfshim.dll -> [2012-04-30 16:59:56 | 001,130,824 | ---- | C] (Microsoft Corporation) netfxperf.dll -> C:\Windows\SysWow64\netfxperf.dll -> [2012-04-30 16:59:56 | 000,049,472 | ---- | C] (Microsoft Corporation) PresentationHostProxy.dll -> C:\Windows\SysNative\PresentationHostProxy.dll -> [2012-04-30 16:59:55 | 000,109,912 | ---- | C] (Microsoft Corporation) PresentationHost.exe -> C:\Windows\SysNative\PresentationHost.exe -> [2012-04-30 16:59:54 | 000,320,352 | ---- | C] (Microsoft Corporation) netfxperf.dll -> C:\Windows\SysNative\netfxperf.dll -> [2012-04-30 16:59:52 | 000,048,960 | ---- | C] (Microsoft Corporation) dfshim.dll -> C:\Windows\SysNative\dfshim.dll -> [2012-04-30 16:59:50 | 001,942,856 | ---- | C] (Microsoft Corporation) Sports Interactive -> C:\Users\Shiva\Documents\Sports Interactive -> [2012-04-30 11:31:05 | 000,000,000 | ---D | C] Sports Interactive -> C:\Users\Shiva\AppData\Roaming\Sports Interactive -> [2012-04-30 11:31:05 | 000,000,000 | ---D | C] Sports Interactive -> C:\Users\Shiva\AppData\Local\Sports Interactive -> [2012-04-30 11:31:05 | 000,000,000 | ---D | C] Sports Interactive -> C:\Users\Public\Documents\Sports Interactive -> [2012-04-30 11:31:05 | 000,000,000 | ---D | C] trussardi -> C:\Users\Shiva\Desktop\trussardi -> [2012-04-25 21:18:59 | 000,000,000 | ---D | C] XSplit -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit -> [2012-04-22 22:26:36 | 000,000,000 | ---D | C] SplitMediaLabs -> C:\Program Files (x86)\SplitMediaLabs -> [2012-04-22 22:26:36 | 000,000,000 | ---D | C] SplitMediaLabs -> C:\Users\Shiva\AppData\Local\SplitMediaLabs -> [2012-04-22 18:06:02 | 000,000,000 | ---D | C] SplitMediaLabs -> C:\ProgramData\SplitMediaLabs -> [2012-04-22 18:04:34 | 000,000,000 | ---D | C] SplitMediaLabs -> C:\Users\Shiva\AppData\Roaming\SplitMediaLabs -> [2012-04-22 18:03:47 | 000,000,000 | ---D | C] Diablo III -> C:\Users\Shiva\Documents\Diablo III -> [2012-04-20 15:16:09 | 000,000,000 | ---D | C] Battle.net -> C:\ProgramData\Battle.net -> [2012-04-20 14:57:02 | 000,000,000 | ---D | C] {0ECEEF92-B155-4656-971D-18B9BA1692F8} -> C:\Users\Shiva\AppData\Local\{0ECEEF92-B155-4656-971D-18B9BA1692F8} -> [2012-04-17 17:37:06 | 000,000,000 | ---D | C] Etech -> C:\Users\Shiva\Desktop\Etech -> [2012-04-16 18:43:48 | 000,000,000 | ---D | C] Nowy folder -> C:\Users\Shiva\Desktop\Nowy folder -> [2012-04-16 18:43:43 | 000,000,000 | ---D | C] Facebook -> C:\Users\Shiva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook -> [2012-04-11 23:07:17 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012-05-11 19:39:22 | 000,001,042 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2012-05-11 19:39:11 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2012-05-11 19:39:07 | 2146,832,383 | -HS- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012-05-11 19:38:26 | 000,016,944 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012-05-11 19:38:26 | 000,016,944 | -H-- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012-05-11 18:51:00 | 000,001,046 | ---- | M] () hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012-05-11 18:08:26 | 000,000,027 | ---- | M] () ComboFix.exe -> C:\Users\Shiva\Desktop\ComboFix.exe -> [2012-05-11 17:59:54 | 004,490,099 | R--- | M] (Swearware) FacebookUpdateTaskUserS-1-5-21-3352663067-3283764409-785011562-1000UA.job -> C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3352663067-3283764409-785011562-1000UA.job -> [2012-05-11 17:12:00 | 000,000,928 | ---- | M] () DLL-files.com Fixer_UPDATES.job -> C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job -> [2012-05-11 16:07:08 | 000,000,292 | ---- | M] () Speedy Drive.lnk -> C:\Users\Shiva\Desktop\Speedy Drive.lnk -> [2012-05-11 16:03:24 | 000,001,029 | ---- | M] () Tibia MULTI-IP Changer.lnk -> C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk -> [2012-05-11 14:08:05 | 000,002,206 | ---- | M] () XAMPP Control Panel.lnk -> C:\Users\Shiva\Desktop\XAMPP Control Panel.lnk -> [2012-05-11 11:52:28 | 000,000,441 | ---- | M] () FacebookUpdateTaskUserS-1-5-21-3352663067-3283764409-785011562-1000Core.job -> C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3352663067-3283764409-785011562-1000Core.job -> [2012-05-10 23:12:00 | 000,000,906 | ---- | M] () DLL-Files.com FIXER.lnk -> C:\Users\Shiva\Desktop\DLL-Files.com FIXER.lnk -> [2012-05-10 22:04:55 | 000,002,028 | ---- | M] () P4270212.JPG -> C:\Users\Shiva\Desktop\P4270212.JPG -> [2012-05-09 14:13:54 | 000,851,317 | ---- | M] () Access.dat -> C:\Windows\SysWow64\Access.dat -> [2012-05-08 19:14:25 | 000,000,000 | ---- | M] () Sniper Elite V2.lnk -> C:\Users\Public\Desktop\Sniper Elite V2.lnk -> [2012-05-07 16:38:10 | 000,000,834 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012-05-06 22:50:49 | 001,661,232 | ---- | M] () perfh015.dat -> C:\Windows\SysNative\perfh015.dat -> [2012-05-06 22:50:49 | 000,737,242 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012-05-06 22:50:49 | 000,651,450 | ---- | M] () perfc015.dat -> C:\Windows\SysNative\perfc015.dat -> [2012-05-06 22:50:49 | 000,153,930 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012-05-06 22:50:49 | 000,120,382 | ---- | M] () PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2012-05-05 17:38:19 | 000,280,904 | ---- | M] () PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012-05-05 17:38:19 | 000,280,904 | ---- | M] () Defraggler.lnk -> C:\Users\Public\Desktop\Defraggler.lnk -> [2012-05-05 01:02:29 | 000,001,768 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012-04-30 22:29:26 | 001,636,610 | ---- | M] () BARCA BUAHAHA.jpg -> C:\Users\Shiva\Desktop\BARCA BUAHAHA.jpg -> [2012-04-25 23:43:38 | 000,955,714 | ---- | M] () BARCA BUAHAHA.png -> C:\Users\Shiva\Desktop\BARCA BUAHAHA.png -> [2012-04-25 23:40:59 | 004,024,206 | ---- | M] () TE10681.jpg -> C:\Users\Shiva\Desktop\TE10681.jpg -> [2012-04-24 20:29:38 | 000,027,582 | ---- | M] () TE10681.html -> C:\Users\Shiva\Desktop\TE10681.html -> [2012-04-24 20:28:54 | 000,009,636 | ---- | M] () TE10681.jpg.crdownload -> C:\Users\Shiva\Desktop\TE10681.jpg.crdownload -> [2012-04-24 20:28:33 | 000,027,582 | ---- | M] () Bez tytułu.png -> C:\Users\Shiva\Desktop\Bez tytułu.png -> [2012-04-24 14:01:27 | 000,183,864 | ---- | M] () ss103-hires.jpg -> C:\Users\Shiva\Desktop\ss103-hires.jpg -> [2012-04-23 15:18:43 | 002,348,003 | ---- | M] () Starcraft-2-Zerg-Baneling.jpg -> C:\Users\Shiva\Desktop\Starcraft-2-Zerg-Baneling.jpg -> [2012-04-22 21:12:04 | 000,614,909 | ---- | M] () sc2.wlmp -> C:\Users\Shiva\Desktop\sc2.wlmp -> [2012-04-17 17:43:08 | 000,003,999 | ---- | M] () 2012-04-13 19.52.54.jpg -> C:\Users\Shiva\Desktop\2012-04-13 19.52.54.jpg -> [2012-04-13 19:52:55 | 001,053,817 | ---- | M] () Facebook Messenger.lnk -> C:\Users\Shiva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk -> [2012-04-11 23:07:17 | 000,001,338 | ---- | M] () Screenshot2012-04-11 22_47_33.jpg -> C:\Users\Shiva\Desktop\Screenshot2012-04-11 22_47_33.jpg -> [2012-04-11 22:47:33 | 000,553,001 | ---- | M] () [Files - No Company Name] PEV.exe -> C:\Windows\PEV.exe -> [2012-05-11 18:00:35 | 000,256,000 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2012-05-11 18:00:35 | 000,208,896 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2012-05-11 18:00:35 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2012-05-11 18:00:35 | 000,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2012-05-11 18:00:35 | 000,068,096 | ---- | C] () Speedy Drive.lnk -> C:\Users\Shiva\Desktop\Speedy Drive.lnk -> [2012-05-11 16:03:24 | 000,001,029 | ---- | C] () XAMPP Control Panel.lnk -> C:\Users\Shiva\Desktop\XAMPP Control Panel.lnk -> [2012-05-11 11:52:28 | 000,000,441 | ---- | C] () Tibia MULTI-IP Changer.lnk -> C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk -> [2012-05-10 22:31:28 | 000,002,206 | ---- | C] () lua51.dll -> C:\Windows\lua51.dll -> [2012-05-10 22:11:18 | 000,011,264 | ---- | C] () otserv.exe -> C:\Windows\otserv.exe -> [2012-05-10 22:09:26 | 002,516,992 | ---- | C] () libxml2.dll -> C:\Windows\libxml2.dll -> [2012-05-10 22:08:08 | 001,032,657 | ---- | C] () DLL-files.com Fixer_UPDATES.job -> C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job -> [2012-05-10 22:05:05 | 000,000,292 | ---- | C] () DLL-Files.com FIXER.lnk -> C:\Users\Shiva\Desktop\DLL-Files.com FIXER.lnk -> [2012-05-10 22:04:55 | 000,002,028 | ---- | C] () P4270212.JPG -> C:\Users\Shiva\Desktop\P4270212.JPG -> [2012-05-09 14:13:57 | 000,851,317 | ---- | C] () Sniper Elite V2.lnk -> C:\Users\Public\Desktop\Sniper Elite V2.lnk -> [2012-05-07 16:38:10 | 000,000,834 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012-04-30 17:12:58 | 001,636,610 | ---- | C] () BARCA BUAHAHA.jpg -> C:\Users\Shiva\Desktop\BARCA BUAHAHA.jpg -> [2012-04-25 23:43:38 | 000,955,714 | ---- | C] () BARCA BUAHAHA.png -> C:\Users\Shiva\Desktop\BARCA BUAHAHA.png -> [2012-04-25 23:40:59 | 004,024,206 | ---- | C] () TE10681.jpg -> C:\Users\Shiva\Desktop\TE10681.jpg -> [2012-04-24 20:29:42 | 000,027,582 | ---- | C] () TE10681.html -> C:\Users\Shiva\Desktop\TE10681.html -> [2012-04-24 20:28:56 | 000,009,636 | ---- | C] () TE10681.jpg.crdownload -> C:\Users\Shiva\Desktop\TE10681.jpg.crdownload -> [2012-04-24 20:28:33 | 000,027,582 | ---- | C] () ss103-hires.jpg -> C:\Users\Shiva\Desktop\ss103-hires.jpg -> [2012-04-23 15:18:43 | 002,348,003 | ---- | C] () Starcraft-2-Zerg-Baneling.jpg -> C:\Users\Shiva\Desktop\Starcraft-2-Zerg-Baneling.jpg -> [2012-04-22 21:12:07 | 000,614,909 | ---- | C] () sc2.wlmp -> C:\Users\Shiva\Desktop\sc2.wlmp -> [2012-04-17 17:43:08 | 000,003,999 | ---- | C] () 2012-04-13 19.52.54.jpg -> C:\Users\Shiva\Desktop\2012-04-13 19.52.54.jpg -> [2012-04-15 11:53:04 | 001,053,817 | ---- | C] () Facebook Messenger.lnk -> C:\Users\Shiva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk -> [2012-04-11 23:07:17 | 000,001,338 | ---- | C] () Screenshot2012-04-11 22_47_33.jpg -> C:\Users\Shiva\Desktop\Screenshot2012-04-11 22_47_33.jpg -> [2012-04-11 22:47:33 | 000,553,001 | ---- | C] () kaillera.ini -> C:\Windows\kaillera.ini -> [2012-03-12 19:36:24 | 000,001,176 | ---- | C] () FOE2.ini -> C:\Windows\FOE2.ini -> [2012-03-05 22:00:11 | 000,001,170 | ---- | C] () dokan.dll -> C:\Windows\SysWow64\dokan.dll -> [2012-02-11 22:52:00 | 000,035,840 | ---- | C] () ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2012-02-01 21:53:07 | 000,000,000 | ---- | C] () libFLAC.dll -> C:\Windows\SysWow64\libFLAC.dll -> [2012-01-17 21:31:20 | 000,258,048 | ---- | C] () InsDrvZD64.DLL -> C:\Windows\SysWow64\InsDrvZD64.DLL -> [2011-12-16 18:45:52 | 000,015,872 | ---- | C] () unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2011-12-05 22:21:47 | 000,175,616 | ---- | C] () xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2011-12-05 22:21:45 | 000,644,608 | ---- | C] () xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2011-12-05 22:21:45 | 000,243,200 | ---- | C] () ff_vfw.dll -> C:\Windows\SysWow64\ff_vfw.dll -> [2011-12-05 22:21:45 | 000,074,752 | ---- | C] () ativvsvl.dat -> C:\Windows\SysWow64\ativvsvl.dat -> [2011-11-10 04:36:06 | 000,204,960 | ---- | C] () ativvsva.dat -> C:\Windows\SysWow64\ativvsva.dat -> [2011-11-10 04:36:06 | 000,157,152 | ---- | C] () OpenVideo.dll -> C:\Windows\SysWow64\OpenVideo.dll -> [2011-11-09 23:39:44 | 000,059,904 | ---- | C] () OVDecode.dll -> C:\Windows\SysWow64\OVDecode.dll -> [2011-11-09 23:39:32 | 000,054,784 | ---- | C] () pbsvc.exe -> C:\Windows\SysWow64\pbsvc.exe -> [2011-10-28 15:53:30 | 002,580,552 | ---- | C] () OVDecoder.dll -> C:\Windows\SysWow64\OVDecoder.dll -> [2011-10-25 22:21:34 | 000,056,832 | ---- | C] () Resmon.ResmonCfg -> C:\Users\Shiva\AppData\Local\Resmon.ResmonCfg -> [2011-09-21 20:25:50 | 000,007,598 | ---- | C] () Access.dat -> C:\Windows\SysWow64\Access.dat -> [2011-09-18 10:42:08 | 000,000,000 | ---- | C] () PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2011-09-17 14:26:33 | 000,280,904 | ---- | C] () pbsvc_bc2.exe -> C:\Windows\SysWow64\pbsvc_bc2.exe -> [2011-09-17 14:26:29 | 002,434,856 | ---- | C] () PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2011-09-17 14:26:29 | 000,076,888 | ---- | C] () binkw32.dll -> C:\Windows\binkw32.dll -> [2011-09-15 21:53:22 | 000,286,208 | ---- | C] () Ascd_log.ini -> C:\Windows\Ascd_log.ini -> [2011-09-15 21:19:41 | 000,030,380 | ---- | C] () Language_trs.ini -> C:\Windows\Language_trs.ini -> [2011-09-15 21:18:25 | 000,001,769 | ---- | C] () Ascd_tmp.ini -> C:\Windows\Ascd_tmp.ini -> [2011-09-15 21:18:22 | 000,022,387 | ---- | C] () atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011-09-13 01:06:16 | 000,003,917 | ---- | C] () xlive.dll.cat -> C:\Windows\SysWow64\xlive.dll.cat -> [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () [File - Lop Check] .minecraft -> C:\Users\Shiva\AppData\Roaming\.minecraft -> [2012-02-27 16:54:39 | 000,000,000 | ---D | M] Audacity -> C:\Users\Shiva\AppData\Roaming\Audacity -> [2011-12-16 21:51:15 | 000,000,000 | ---D | M] Avnex -> C:\Users\Shiva\AppData\Roaming\Avnex -> [2012-03-04 15:35:20 | 000,000,000 | ---D | M] Babylon -> C:\Users\Shiva\AppData\Roaming\Babylon -> [2011-12-16 21:19:32 | 000,000,000 | ---D | M] CadSoft -> C:\Users\Shiva\AppData\Roaming\CadSoft -> [2012-01-30 19:42:35 | 000,000,000 | ---D | M] DAEMON Tools Lite -> C:\Users\Shiva\AppData\Roaming\DAEMON Tools Lite -> [2011-12-18 19:50:15 | 000,000,000 | ---D | M] DAEMON Tools Pro -> C:\Users\Shiva\AppData\Roaming\DAEMON Tools Pro -> [2012-05-08 00:51:57 | 000,000,000 | ---D | M] DarknessII -> C:\Users\Shiva\AppData\Roaming\DarknessII -> [2012-02-17 22:12:35 | 000,000,000 | ---D | M] DeviceVm -> C:\Users\Shiva\AppData\Roaming\DeviceVm -> [2011-09-15 21:23:21 | 000,000,000 | ---D | M] dll-files.com -> C:\Users\Shiva\AppData\Roaming\dll-files.com -> [2012-05-10 22:05:02 | 000,000,000 | ---D | M] Dropbox -> C:\Users\Shiva\AppData\Roaming\Dropbox -> [2012-05-11 19:13:09 | 000,000,000 | ---D | M] EPSON -> C:\Users\Shiva\AppData\Roaming\EPSON -> [2011-10-19 15:47:51 | 000,000,000 | ---D | M] eType -> C:\Users\Shiva\AppData\Roaming\eType -> [2012-01-13 20:04:43 | 000,000,000 | ---D | M] Gadu-Gadu 10 -> C:\Users\Shiva\AppData\Roaming\Gadu-Gadu 10 -> [2011-09-15 23:41:21 | 000,000,000 | ---D | M] GameRanger -> C:\Users\Shiva\AppData\Roaming\GameRanger -> [2012-01-15 22:24:41 | 000,000,000 | ---D | M] GetRightToGo -> C:\Users\Shiva\AppData\Roaming\GetRightToGo -> [2012-03-04 15:33:52 | 000,000,000 | ---D | M] GHISLER -> C:\Users\Shiva\AppData\Roaming\GHISLER -> [2012-01-15 22:29:48 | 000,000,000 | ---D | M] gtk-2.0 -> C:\Users\Shiva\AppData\Roaming\gtk-2.0 -> [2011-11-17 19:39:30 | 000,000,000 | ---D | M] Leadertech -> C:\Users\Shiva\AppData\Roaming\Leadertech -> [2011-09-17 23:16:47 | 000,000,000 | ---D | M] Lionhead Studios -> C:\Users\Shiva\AppData\Roaming\Lionhead Studios -> [2012-01-19 18:28:58 | 000,000,000 | ---D | M] LolClient -> C:\Users\Shiva\AppData\Roaming\LolClient -> [2012-03-27 15:44:19 | 000,000,000 | ---D | M] NapiProjekt -> C:\Users\Shiva\AppData\Roaming\NapiProjekt -> [2011-10-16 18:50:10 | 000,000,000 | ---D | M] OpenFM -> C:\Users\Shiva\AppData\Roaming\OpenFM -> [2011-09-17 09:49:33 | 000,000,000 | ---D | M] Opera -> C:\Users\Shiva\AppData\Roaming\Opera -> [2011-11-03 19:03:26 | 000,000,000 | ---D | M] Origin -> C:\Users\Shiva\AppData\Roaming\Origin -> [2011-10-23 22:05:00 | 000,000,000 | ---D | M] PunkBuster -> C:\Users\Shiva\AppData\Roaming\PunkBuster -> [2011-11-24 19:57:08 | 000,000,000 | ---D | M] SplitMediaLabs -> C:\Users\Shiva\AppData\Roaming\SplitMediaLabs -> [2012-04-22 18:03:47 | 000,000,000 | ---D | M] Sports Interactive -> C:\Users\Shiva\AppData\Roaming\Sports Interactive -> [2012-04-30 11:31:05 | 000,000,000 | ---D | M] sqlitestudio -> C:\Users\Shiva\AppData\Roaming\sqlitestudio -> [2012-05-11 19:27:15 | 000,000,000 | ---D | M] Stereoscopic Player -> C:\Users\Shiva\AppData\Roaming\Stereoscopic Player -> [2011-12-06 18:34:43 | 000,000,000 | ---D | M] StokedBigAir -> C:\Users\Shiva\AppData\Roaming\StokedBigAir -> [2012-03-06 09:03:02 | 000,000,000 | ---D | M] The Creative Assembly -> C:\Users\Shiva\AppData\Roaming\The Creative Assembly -> [2011-09-30 21:32:51 | 000,000,000 | ---D | M] TS3Client -> C:\Users\Shiva\AppData\Roaming\TS3Client -> [2012-01-03 22:27:45 | 000,000,000 | ---D | M] ts3overlay -> C:\Users\Shiva\AppData\Roaming\ts3overlay -> [2012-01-01 16:36:51 | 000,000,000 | ---D | M] Tunngle -> C:\Users\Shiva\AppData\Roaming\Tunngle -> [2012-05-11 12:29:42 | 000,000,000 | ---D | M] Ulead Systems -> C:\Users\Shiva\AppData\Roaming\Ulead Systems -> [2011-10-29 20:38:21 | 000,000,000 | ---D | M] uTorrent -> C:\Users\Shiva\AppData\Roaming\uTorrent -> [2012-05-11 19:22:35 | 000,000,000 | ---D | M] DLL-files.com Fixer_UPDATES.job -> C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job -> [2012-05-11 16:07:08 | 000,000,292 | ---- | M] () FacebookUpdateTaskUserS-1-5-21-3352663067-3283764409-785011562-1000Core.job -> C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352663067-3283764409-785011562-1000Core.job -> [2012-05-10 23:12:00 | 000,000,906 | ---- | M] () FacebookUpdateTaskUserS-1-5-21-3352663067-3283764409-785011562-1000UA.job -> C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352663067-3283764409-785011562-1000UA.job -> [2012-05-11 17:12:00 | 000,000,928 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2012-04-18 12:37:58 | 000,032,604 | ---- | M] () [File - Purity Scan] [Alternate Data Streams] @Alternate Data Stream - 338 bytes -> C:\Users\Shiva\Desktop\2012-04-13 19.52.54.jpg:com.dropbox.attributes < End of report > [/code]