OTL logfile created on: 2012-07-25 18:05:25 - Run 3 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\kasia\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,32% Memory free 5,99 Gb Paging File | 4,38 Gb Available in Paging File | 73,13% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 252,89 Gb Total Space | 57,73 Gb Free Space | 22,83% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 13,59 Gb Free Space | 44,92% Space Free | Partition Type: NTFS Computer Name: KASIA-KOMPUTER | User Name: kasia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-24 22:31:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\kasia\Downloads\OTL.exe PRC - [2012-07-12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe PRC - [2012-06-15 19:18:59 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-06-15 19:18:59 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe PRC - [2012-05-15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-05-15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012-05-15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-11-14 17:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2011-09-26 23:16:52 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011-05-31 16:40:56 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2011-05-31 16:39:14 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2011-04-07 12:34:04 | 008,882,688 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2011-03-04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-09-29 18:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe PRC - [2009-08-07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009-07-14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe PRC - [2009-07-01 20:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe PRC - [2009-07-01 20:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe PRC - [2009-07-01 20:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe PRC - [2009-03-27 15:56:12 | 000,335,872 | ---- | M] () -- C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe PRC - [2008-01-16 14:04:36 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-24 23:26:31 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012-06-15 19:19:01 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2012-06-15 19:19:01 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012-06-15 19:19:01 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012-06-15 19:19:01 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012-06-15 19:19:01 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012-06-15 19:19:01 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012-06-15 19:19:01 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012-06-15 19:19:01 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012-06-15 19:19:01 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012-06-15 19:19:01 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012-06-15 19:19:01 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012-06-15 19:19:01 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012-06-15 19:19:01 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2011-04-07 12:33:30 | 000,890,368 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2010-12-22 11:24:48 | 000,574,464 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2010-08-25 11:41:20 | 000,304,640 | ---- | M] () -- C:\Program Files\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2010-01-30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009-07-01 20:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll MOD - [2009-03-27 15:56:12 | 000,335,872 | ---- | M] () -- C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe MOD - [2008-12-20 05:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-07-25 00:06:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-12 21:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012-07-12 20:47:15 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock) SRV - [2012-05-15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-11-22 20:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2011-11-22 19:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2011-11-14 17:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2011-09-23 17:46:29 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011-05-31 16:39:14 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011-05-31 16:36:00 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011-03-16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-03-04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010-07-03 03:52:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-06-20 17:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-03-25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009-09-22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009-08-14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009-08-07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009-07-16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2009-07-14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009-07-14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-01 20:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2008-01-16 14:04:36 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007-11-07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Unknown] -- -- (agdf6dae) DRV - [2012-05-15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012-05-13 13:42:35 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003) DRV - [2012-04-18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012-01-07 01:16:45 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001) DRV - [2012-01-05 01:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011-11-22 20:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD) DRV - [2011-11-22 20:41:28 | 000,017,848 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctBTFix.sys -- (pctBTFix) DRV - [2011-11-14 16:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011-10-07 18:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pctEFA.sys -- (pctEFA) DRV - [2011-10-07 18:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS) DRV - [2011-09-28 14:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD) DRV - [2011-04-12 11:46:00 | 000,013,824 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPub4DE3.sys -- (HPub4DE3) DRV - [2011-03-09 10:44:52 | 000,020,992 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPMo4DE3.sys -- (HPMo4DE3) DRV - [2010-11-20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-09-29 22:53:37 | 000,071,336 | ---- | M] (Tonec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP) DRV - [2010-07-11 17:20:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010-02-24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009-11-30 14:58:29 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009-10-13 17:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt) DRV - [2009-09-30 03:59:12 | 000,175,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009-08-21 20:43:24 | 001,180,016 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2009-07-28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0) DRV - [2009-07-21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009-07-16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009-07-14 01:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop) DRV - [2009-07-13 17:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr) DRV - [2009-07-02 16:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2009-06-29 04:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2009-06-07 02:36:40 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009-05-19 15:59:00 | 000,011,776 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid) DRV - [2009-05-19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2009-05-14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008-08-06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008-07-10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2008-04-24 12:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma) DRV - [2005-08-30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_pl IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3667417282-2828754835-1521732128-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.suggest.enabled: false FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.) FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.) FF - HKLM\Software\MozillaPlugins\@gentek.com/thinclient: C:\IGG\twclient_ph\npthinclient.dll File not found FF - HKLM\Software\MozillaPlugins\@hanbiton.com/HbsMozillaLauncher: C:\ProgramData\hanbitsoft\nphlauncher.dll (hanbitsoft) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.) FF - HKCU\Software\MozillaPlugins\@corexdev.com/coreXplayer: C:\Users\kasia\AppData\Local\coreXplayer\npcorexplayer_2.21.dll (coreXdevelopment GmbH) FF - HKCU\Software\MozillaPlugins\@fancyguo.com/FancyGame,version=1.0.0.1: C:\Users\kasia\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd) FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\kasia\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG) FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\kasia\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG) FF - HKCU\Software\MozillaPlugins\@gentek.com/thinclient: C:\IGG\twclient_ph\npthinclient.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kasia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kasia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kasia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011-12-04 13:16:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-26 23:17:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-24 23:24:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012-04-07 20:01:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\kasia\AppData\Roaming\IDM\idmmzcc3 [2010-11-07 13:06:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\kasia\AppData\Roaming\IDM\idmmzcc3 [2010-11-07 13:06:55 | 000,000,000 | ---D | M] [2011-05-08 22:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kasia\AppData\Roaming\mozilla\Extensions [2012-06-23 20:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kasia\AppData\Roaming\mozilla\Firefox\Profiles\kdrxebu8.default\extensions [2012-06-23 20:43:20 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\kasia\AppData\Roaming\mozilla\Firefox\Profiles\kdrxebu8.default\extensions\info@djzig.com [2012-03-21 18:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-04-06 23:17:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-08-09 18:12:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012-03-21 18:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011-12-04 13:16:32 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS\PC TOOLS SECURITY\BDT\FIREFOX [2010-11-07 13:06:55 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\KASIA\APPDATA\ROAMING\IDM\IDMMZCC3 [2011-10-03 00:34:49 | 000,010,043 | ---- | M] () (No name found) -- C:\USERS\KASIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KDRXEBU8.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI [2011-03-30 22:53:14 | 000,400,907 | ---- | M] () (No name found) -- C:\USERS\KASIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KDRXEBU8.DEFAULT\EXTENSIONS\PLAYER@PORTALARIUM.COM.XPI [2011-04-30 14:01:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.aol.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.aol.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Portalarium Player (Enabled) = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\djngcnhbkimfpbmkjameecckopadifoe\1.50_0\NPPortalariumPlayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\kasia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: fancy3d (Enabled) = C:\Users\kasia\AppData\Local\Fancy\npfancygame.dll CHR - plugin: Google Update (Enabled) = C:\Users\kasia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: CoreXPlayer (Enabled) = C:\Users\kasia\AppData\Local\coreXplayer\npcorexplayer_2.21.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\windows\system32\npOGPPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - Extension: Dragon Age Legends: Remix 01 = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj\3_0\ CHR - Extension: YouTube = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Portalarium Player = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\djngcnhbkimfpbmkjameecckopadifoe\1.50_0\ CHR - Extension: AirMech = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\8230_0\ CHR - Extension: Gmail = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011-12-05 10:01:28 | 000,000,781 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [OnekeyDM] C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.) O4 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..Trusted Domains: clonewarsadventures.com ([]* in Zaufane witryny) O15 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..Trusted Domains: freerealms.com ([]* in Zaufane witryny) O15 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..Trusted Domains: soe.com ([]* in Zaufane witryny) O15 - HKU\S-1-5-21-3667417282-2828754835-1521732128-1003\..Trusted Domains: sony.com ([]* in Zaufane witryny) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D02DF646-31A2-4BAF-9CB9-BD8BF7E8A4E1} http://hunterblade.beeboomonline.com/static/activex/joychinawebctrl.dll (JCWebCtrl Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EECF75CF-D61A-459F-9870-188873B89B00}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F08C0C7F-5A1A-435F-AF58-F5F8C8C9B2BC}: DhcpNameServer = 10.43.56.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{726ab3dc-8d00-11df-a4e7-0c6076b6d846}\Shell - "" = AutoRun O33 - MountPoints2\{726ab3dc-8d00-11df-a4e7-0c6076b6d846}\Shell\AutoRun\command - "" = F:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-25 17:41:19 | 000,000,000 | ---D | C] -- C:\_OTL [2012-07-24 23:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012-07-24 23:22:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-07-24 23:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012-07-24 23:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012-07-24 23:18:23 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2012-07-24 23:18:23 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2012-07-20 17:31:48 | 1965,558,630 | ---- | C] (Acresso Software Inc.) -- C:\Users\kasia\Desktop\DarkBloodSetup_120718.exe [2012-07-18 18:27:36 | 3023,454,304 | ---- | C] (Nexon) -- C:\Users\kasia\Desktop\MSSetupv111.exe [2012-07-17 19:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment [2012-07-17 19:19:50 | 3339,625,680 | ---- | C] (Nexon) -- C:\Users\kasia\Desktop\MSSetupv112.exe [2012-07-17 19:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trendy Entertainment [2012-07-14 23:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SealOnline Eternal Destiny [2012-07-14 19:44:08 | 000,000,000 | ---D | C] -- C:\Users\kasia\Documents\WB Games [2012-07-14 15:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham City [2012-07-14 14:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Black_Box [2012-07-12 19:41:44 | 001,572,672 | ---- | C] (Gamania Inc.) -- C:\Users\kasia\Documents\_BFUninstall.exe [2012-07-12 18:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\beanfun! [2012-07-05 23:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon World Online [2012-07-05 23:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Pokemon World Online [2012-07-05 23:24:22 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Local\PMB Files [2012-07-05 23:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012-07-03 20:28:18 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\NVIDIA [2012-07-03 20:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012-07-03 20:18:40 | 000,061,248 | ---- | C] (Khronos Group) -- C:\windows\System32\OpenCL.dll [2012-07-03 20:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012-07-03 20:16:55 | 000,148,800 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvhda32v.sys [2012-07-03 20:16:55 | 000,027,968 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdap32.dll [2012-07-03 20:16:54 | 000,876,864 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdagenco3220103.dll [2012-07-03 20:16:53 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvoglv32.dll [2012-07-03 20:16:53 | 011,354,944 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvlddmkm.sys [2012-07-03 20:16:53 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvid.dll [2012-07-03 20:16:53 | 001,000,768 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvdispco32.dll [2012-07-03 20:16:53 | 000,883,008 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvgenco32.dll [2012-07-03 20:16:52 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuda.dll [2012-07-03 20:16:52 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvenc.dll [2012-07-03 20:16:50 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcompiler.dll [2012-07-03 20:13:48 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012-07-03 20:09:48 | 170,607,688 | ---- | C] (NVIDIA Corporation) -- C:\Users\kasia\Desktop\301.42-notebook-win7-winvista-32bit-international-whql.exe [2012-07-03 17:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst [2012-07-03 17:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst [2012-06-30 01:50:33 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012-06-29 16:58:42 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\DarkBlood ServiceNa [2012-06-29 16:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outspark [2012-06-29 16:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark [2012-06-27 20:49:15 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen Hub [2012-06-26 13:06:46 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\Fatshark [2012-06-26 12:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Fatshark [2010-08-27 16:58:56 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-25 18:12:55 | 007,602,176 | -HS- | M] () -- C:\Users\kasia\ntuser.dat [2012-07-25 18:06:00 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012-07-25 17:50:04 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-25 17:50:04 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-25 17:42:48 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2012-07-25 17:42:43 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2012-07-25 17:42:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012-07-25 17:42:33 | 2411,671,552 | -HS- | M] () -- C:\hiberfil.sys [2012-07-25 16:23:00 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3667417282-2828754835-1521732128-1003UA.job [2012-07-25 16:23:00 | 000,001,006 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3667417282-2828754835-1521732128-1003Core.job [2012-07-25 14:29:35 | 001,202,626 | -H-- | M] () -- C:\Users\kasia\AppData\Local\IconCache.db [2012-07-25 00:06:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012-07-25 00:06:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012-07-24 23:24:20 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012-07-24 23:17:54 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2012-07-24 23:17:54 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [2012-07-22 00:31:11 | 000,000,217 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url [2012-07-20 18:03:45 | 1965,558,630 | ---- | M] (Acresso Software Inc.) -- C:\Users\kasia\Desktop\DarkBloodSetup_120718.exe [2012-07-18 19:15:56 | 3023,454,304 | ---- | M] (Nexon) -- C:\Users\kasia\Desktop\MSSetupv111.exe [2012-07-17 20:12:21 | 3339,625,680 | ---- | M] (Nexon) -- C:\Users\kasia\Desktop\MSSetupv112.exe [2012-07-17 19:28:51 | 000,002,456 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Defenders.lnk [2012-07-14 15:37:41 | 000,001,374 | ---- | M] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk [2012-07-12 20:47:15 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\windows\System32\xsherlock.xem [2012-07-12 12:21:06 | 000,002,407 | ---- | M] () -- C:\Users\kasia\Desktop\Google Chrome.lnk [2012-07-10 18:25:43 | 000,000,556 | ---- | M] () -- C:\windows\win.ini [2012-07-09 23:06:44 | 000,051,467 | ---- | M] () -- C:\Users\kasia\Desktop\httpwww.fixitpc.pltopic10866-ukash-nagly-atak.jpg [2012-07-08 10:00:50 | 000,000,208 | ---- | M] () -- C:\Users\kasia\Documents\PWOOptions.ini [2012-07-05 23:37:52 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Pokemon World Online.lnk [2012-07-05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2012-07-05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2012-07-05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2012-07-03 20:30:21 | 000,140,232 | ---- | M] () -- C:\windows\System32\drivers\PnkBstrK.sys [2012-07-03 20:30:05 | 000,283,416 | ---- | M] () -- C:\windows\System32\PnkBstrB.xtr [2012-07-03 20:26:55 | 000,138,904 | ---- | M] () -- C:\Users\kasia\AppData\Roaming\PnkBstrK.sys [2012-07-03 20:26:32 | 000,189,248 | ---- | M] () -- C:\windows\System32\PnkBstrB.ex0 [2012-07-03 20:20:11 | 001,418,586 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB [2012-07-03 20:13:39 | 170,607,688 | ---- | M] (NVIDIA Corporation) -- C:\Users\kasia\Desktop\301.42-notebook-win7-winvista-32bit-international-whql.exe [2012-06-29 16:53:14 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\DarkBlood Online.lnk [2012-06-28 11:13:22 | 000,000,000 | ---- | M] () -- C:\Users\kasia\Desktop\Nowy obraz mapy bitowej (3).bmp [2012-06-26 20:47:51 | 000,000,003 | ---- | M] () -- C:\windows\System32\HRUPPROG.DIE.NOW [2012-06-26 10:33:57 | 004,155,489 | ---- | M] () -- C:\Users\kasia\Desktop\serj tankian - harakiri.mp3 [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-25 00:06:41 | 001,202,626 | -H-- | C] () -- C:\Users\kasia\AppData\Local\IconCache.db [2012-07-24 23:26:33 | 000,000,930 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012-07-24 23:24:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012-07-24 23:24:20 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012-07-17 20:30:30 | 000,000,217 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url [2012-07-17 19:28:51 | 000,002,456 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Defenders.lnk [2012-07-14 15:37:41 | 000,001,374 | ---- | C] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk [2012-07-09 23:06:44 | 000,051,467 | ---- | C] () -- C:\Users\kasia\Desktop\httpwww.fixitpc.pltopic10866-ukash-nagly-atak.jpg [2012-07-05 23:37:52 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Pokemon World Online.lnk [2012-07-05 23:37:05 | 000,000,208 | ---- | C] () -- C:\Users\kasia\Documents\PWOOptions.ini [2012-07-03 20:27:06 | 000,140,232 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys [2012-07-03 20:26:26 | 000,283,416 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe [2012-07-03 20:26:26 | 000,189,248 | ---- | C] () -- C:\windows\System32\PnkBstrB.ex0 [2012-07-03 20:26:25 | 000,076,888 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe [2012-07-03 20:16:53 | 000,011,190 | ---- | C] () -- C:\windows\System32\nvinfo.pb [2012-06-29 16:53:14 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\DarkBlood Online.lnk [2012-06-28 11:13:22 | 000,000,000 | ---- | C] () -- C:\Users\kasia\Desktop\Nowy obraz mapy bitowej (3).bmp [2012-06-26 20:47:51 | 000,000,003 | ---- | C] () -- C:\windows\System32\HRUPPROG.DIE.NOW [2012-06-08 13:23:22 | 005,757,837 | ---- | C] () -- C:\Users\kasia\The Subs - Mitsubishi.mp3 [2012-06-08 02:05:13 | 005,757,837 | ---- | C] () -- C:\Users\kasia\Mitsubishi - The subs.mp3 [2012-06-05 13:38:22 | 009,928,771 | ---- | C] () -- C:\Users\kasia\Cornucopia.zip [2012-06-05 01:17:45 | 600,010,536 | ---- | C] () -- C:\Users\kasia\6473.wmv [2012-05-31 00:57:27 | 000,000,211 | ---- | C] () -- C:\Users\kasia\p216_wmv.rar [2012-05-29 18:32:04 | 019,471,777 | ---- | C] () -- C:\Users\kasia\elektronika.rar [2012-05-28 00:51:03 | 000,066,421 | ---- | C] () -- C:\Users\kasia\wazne!!!!!!!!.jpg [2012-05-25 17:04:04 | 377,110,067 | ---- | C] () -- C:\Users\kasia\nafn.wmv [2012-05-25 01:38:56 | 000,053,274 | ---- | C] () -- C:\Users\kasia\4265594_700b.jpg [2012-05-22 22:58:39 | 000,000,044 | ---- | C] () -- C:\Users\kasia\jagex_cl_runescape_LIVE.dat [2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\windows\System32\nvStreaming.exe [2012-05-13 13:42:35 | 000,016,304 | ---- | C] () -- C:\windows\System32\apl003.sys [2012-05-13 13:42:35 | 000,013,232 | ---- | C] () -- C:\windows\System32\apf003.sys [2012-05-02 01:46:38 | 001,909,846 | ---- | C] () -- C:\Users\kasia\120 DNI SODOMY,CZYLI SZKOLA LIBERTYNIZMU - D.pdf [2012-04-30 13:30:33 | 000,109,874 | ---- | C] () -- C:\Users\kasia\3973376_700b.jpg [2012-04-30 11:26:44 | 028,573,696 | ---- | C] () -- C:\Users\kasia\18VS_Alina.wmv [2012-04-24 00:08:04 | 000,277,606 | ---- | C] () -- C:\Users\kasia\1gg276.jpg [2012-04-02 11:26:05 | 000,017,854 | ---- | C] () -- C:\Users\kasia\482_d66f1dbf0930.jpg [2012-04-01 20:15:07 | 000,063,238 | ---- | C] () -- C:\Users\kasia\34spfyg.jpg [2012-04-01 15:58:11 | 000,995,235 | ---- | C] () -- C:\Users\kasia\Obraz 023.jpg [2012-04-01 15:57:56 | 001,029,750 | ---- | C] () -- C:\Users\kasia\Obraz 024.jpg [2012-04-01 15:57:45 | 000,952,807 | ---- | C] () -- C:\Users\kasia\Obraz 025.jpg [2012-04-01 15:57:31 | 000,958,373 | ---- | C] () -- C:\Users\kasia\Obraz 026.jpg [2012-04-01 15:56:28 | 000,969,785 | ---- | C] () -- C:\Users\kasia\Obraz 022.jpg [2012-03-31 01:10:57 | 272,518,808 | ---- | C] () -- C:\Users\kasia\good_present.mp4 [2012-03-25 17:46:49 | 034,208,431 | ---- | C] () -- C:\Users\kasia\ABSPACE.rar [2012-03-17 16:38:49 | 477,632,357 | ---- | C] () -- C:\Users\kasia\mfhmnyomibill_2k.wmv [2012-03-17 16:37:28 | 485,480,537 | ---- | C] () -- C:\Users\kasia\mfhm_K.S_norm_12.wmv [2012-03-10 12:24:34 | 344,073,370 | ---- | C] () -- C:\Users\kasia\muse_b-sides.rar [2012-03-08 23:36:00 | 004,790,273 | ---- | C] () -- C:\Users\kasia\ppm.rar [2012-03-05 00:45:07 | 029,652,652 | ---- | C] () -- C:\Users\kasia\Trening_i_Dieta.rar [2012-03-04 01:00:14 | 006,175,864 | ---- | C] () -- C:\Users\kasia\hst110.rar [2012-03-03 20:45:19 | 000,049,876 | ---- | C] () -- C:\Users\kasia\dziennik.exe [2012-03-03 17:37:05 | 000,696,417 | ---- | C] () -- C:\Users\kasia\15fgp4o.jpg [2012-02-29 16:12:54 | 042,531,703 | ---- | C] () -- C:\Users\kasia\Setup.exe [2012-02-28 22:11:04 | 000,361,222 | ---- | C] () -- C:\Users\kasia\14y6bf6.jpg [2012-02-05 01:03:47 | 000,024,152 | ---- | C] () -- C:\Users\kasia\IMAG0294.jpg [2012-02-05 00:28:52 | 000,092,134 | ---- | C] () -- C:\Users\kasia\IMAG0145.jpg [2012-02-04 01:59:27 | 000,178,772 | ---- | C] () -- C:\Users\kasia\DSC03012.JPG [2012-02-03 18:51:12 | 1799,350,784 | ---- | C] () -- C:\windows\System32\MAESTIA_SETUP-1.bin [2012-02-03 18:49:41 | 1257,667,440 | ---- | C] () -- C:\windows\System32\MAESTIA_SETUP-2.bin [2012-01-16 23:02:46 | 006,164,669 | ---- | C] () -- C:\Users\kasia\trylmil1do3.rar [2012-01-16 22:59:48 | 002,043,695 | ---- | C] () -- C:\Users\kasia\Larsson Stieg - Mężczyźni, którzy nienawidzą kobiet.pdf [2012-01-08 19:15:37 | 000,000,172 | ---- | C] () -- C:\windows\ODBC.INI [2012-01-07 01:16:45 | 000,016,304 | ---- | C] () -- C:\windows\System32\apl001.sys [2012-01-07 01:16:45 | 000,013,232 | ---- | C] () -- C:\windows\System32\apf001.sys [2011-12-04 13:16:29 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll [2011-10-24 14:48:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2011-10-24 14:48:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2011-10-24 14:48:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2011-10-24 14:48:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2011-10-24 14:48:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2011-09-27 01:20:26 | 000,644,608 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2011-08-29 15:35:13 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{a6bb47b1-d243-11e0-94bf-002622dc0852}.TMContainer00000000000000000002.regtrans-ms [2011-08-29 15:35:13 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{a6bb47b1-d243-11e0-94bf-002622dc0852}.TMContainer00000000000000000001.regtrans-ms [2011-08-29 15:35:13 | 000,065,536 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{a6bb47b1-d243-11e0-94bf-002622dc0852}.TM.blf [2011-08-10 21:11:09 | 000,000,032 | R--- | C] () -- C:\windows\hash.dat [2011-05-13 23:35:31 | 000,000,262 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011-04-08 13:28:58 | 000,041,872 | ---- | C] () -- C:\windows\System32\xfcodec.dll [2011-04-06 23:22:51 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011-02-25 14:33:21 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe [2011-02-25 14:18:13 | 000,000,036 | ---- | C] () -- C:\Users\kasia\AppData\Local\housecall.guid.cache [2011-02-25 13:33:03 | 000,053,600 | ---- | C] () -- C:\windows\System32\dosx.exe [2011-02-20 13:12:24 | 000,000,017 | ---- | C] () -- C:\Users\kasia\AppData\Local\resmon.resmoncfg [2011-02-12 13:51:00 | 000,353,657 | ---- | C] () -- C:\Users\kasia\AppData\Roaming\Zan_s Minimap v0.9.6 dla Windows (MCsite.pl).exe [2011-02-04 18:56:13 | 000,000,001 | ---- | C] () -- C:\windows\System32\SI.bin [2011-01-27 12:47:59 | 000,122,884 | ---- | C] () -- C:\windows\UnGins.exe [2010-11-28 14:00:01 | 000,145,997 | ---- | C] () -- C:\Users\kasia\4116f4f3e105.png [2010-11-26 02:51:50 | 000,010,240 | ---- | C] () -- C:\Users\kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-11-26 02:30:29 | 000,162,954 | ---- | C] () -- C:\windows\Audio Converter Uninstaller.exe [2010-11-20 16:29:30 | 000,000,008 | ---- | C] () -- C:\Users\kasia\AppData\Roaming\DofusAppId0_3 [2010-11-20 14:04:02 | 000,000,008 | ---- | C] () -- C:\Users\kasia\AppData\Roaming\DofusAppId0_1 [2010-11-20 13:56:57 | 000,000,169 | ---- | C] () -- C:\Users\kasia\AppData\Roaming\D2Info0 [2010-11-20 13:56:57 | 000,000,008 | ---- | C] () -- C:\Users\kasia\AppData\Roaming\DofusAppId0_2 [2010-09-25 13:30:46 | 000,153,256 | -H-- | C] () -- C:\windows\System32\mlfcache.dat [2010-09-22 17:41:10 | 000,230,752 | ---- | C] () -- C:\windows\patchw32.dll [2010-09-22 17:41:10 | 000,118,176 | ---- | C] () -- C:\windows\patchw.dll [2010-09-16 17:56:00 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini [2010-09-16 15:15:12 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat [2010-09-14 23:17:48 | 000,138,904 | ---- | C] () -- C:\Users\kasia\AppData\Roaming\PnkBstrK.sys [2010-09-08 15:59:36 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll [2010-09-08 15:59:36 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini [2010-09-08 15:59:35 | 003,200,512 | ---- | C] () -- C:\windows\System32\x264vfw.dll [2010-09-08 15:59:30 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2010-09-08 15:59:30 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest [2010-08-26 19:15:36 | 000,258,048 | ---- | C] () -- C:\windows\System32\libFLAC.dll [2010-08-26 13:54:29 | 000,000,204 | ---- | C] () -- C:\windows\System32\secustat.dat [2010-08-26 13:52:21 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI [2010-07-02 10:46:43 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml [2010-07-02 10:16:55 | 000,119,936 | ---- | C] () -- C:\Users\kasia\AppData\Local\GDIPFONTCACHEV1.DAT [2010-07-02 10:16:21 | 000,000,020 | -HS- | C] () -- C:\Users\kasia\ntuser.ini [2010-07-02 10:16:20 | 007,602,176 | -HS- | C] () -- C:\Users\kasia\ntuser.dat [2010-07-02 10:16:20 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010-07-02 10:16:20 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010-07-02 10:16:20 | 000,065,536 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [color=#E56717]========== LOP Check ==========[/color] [2011-06-24 23:56:34 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\.minecraft [2011-07-10 12:46:32 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Altaron [2010-11-20 13:57:01 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\app [2010-10-02 18:16:47 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Ashampoo [2011-09-25 16:28:14 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\BESTplayer [2012-02-16 00:24:22 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Bioshock [2011-05-08 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\BITS [2010-07-15 22:07:06 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\BugTrap Console Test [2011-05-22 10:49:35 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\BugTrap Console Test108 [2011-12-03 13:37:32 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Critts! [2011-06-13 10:57:42 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\DAEMON Tools Lite [2012-06-29 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\DarkBlood ServiceNa [2012-02-12 14:41:30 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\DarknessII [2012-07-21 23:58:43 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\DMCache [2011-09-12 09:21:02 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Dofus 2 [2011-09-12 08:20:01 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-09-12 23:02:54 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2012-07-24 17:40:42 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Dropbox [2010-07-02 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\EasyCapture [2011-05-08 21:28:16 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\ESET [2012-07-08 20:35:37 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\EurekaLog [2012-06-26 13:06:46 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Fatshark [2010-08-26 13:51:52 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\FlashGet [2010-08-26 13:51:39 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\FlashGetBHO [2012-03-24 23:46:35 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\FOG Downloader [2012-07-25 06:35:10 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\foobar2000 [2012-03-11 02:15:59 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\gamigo [2012-03-11 00:39:54 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\GetRightToGo [2012-06-04 16:05:18 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\IDM [2012-06-04 14:15:33 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\IGG [2010-08-27 14:54:18 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\ijjigame [2010-09-25 13:09:27 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\IrfanView [2012-05-12 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\KlLauncherST [2012-03-11 02:15:56 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\launcher [2010-07-02 10:16:56 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Lenovo [2011-05-09 23:06:50 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\LolClient [2012-05-25 00:59:12 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\LolClient2 [2010-10-02 11:09:59 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\MargonemMapki [2012-03-11 02:15:56 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Martial Empires Launcher [2011-05-08 16:45:34 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\MonoDevelop-Unity [2012-07-12 06:23:02 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Mumble [2012-03-31 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Opera [2010-12-25 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\PACE Anti-Piracy [2010-11-20 03:55:05 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\ProtectDISC [2011-08-08 14:39:40 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\ProxyCap [2010-10-03 02:23:35 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\RayV [2011-09-12 08:20:10 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010-11-26 02:30:28 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\River Past G5 [2010-12-12 21:16:54 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\rockbox.org [2010-12-29 16:19:20 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\TeamViewer [2011-12-04 13:01:53 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\TestApp [2011-12-05 18:05:43 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Thunderbird [2011-08-30 01:33:50 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\TS3Client [2011-09-23 17:46:00 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\TuneUp Software [2010-12-25 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\Unity [2012-07-24 22:17:10 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\uTorrent [2012-04-07 22:11:38 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\wargaming.net [2010-07-17 13:54:18 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\WindSolutions [2011-02-11 17:50:01 | 000,000,000 | ---D | M] -- C:\Users\kasia\AppData\Roaming\ZezeniaOnline [2012-07-06 17:15:57 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\kasia\Documents\desktop.ini:gs5sys @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A1063995 @Alternate Data Stream - 1142 bytes -> C:\Users\kasia\AppData\Local\Temp:iNxw8KKJaX5WwE3wrU @Alternate Data Stream - 1132 bytes -> C:\ProgramData\Microsoft:dcSrhye4MvVkjUa2z2jV35r6 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D06A4C76 @Alternate Data Stream - 1127 bytes -> C:\ProgramData\Microsoft:YSfFzc5flHzRr7Zx2FX @Alternate Data Stream - 1033 bytes -> C:\Program Files\Common Files\microsoft shared:rv1pQmDokFKLiq4C6Gl < End of report >