OTL logfile created on: 11/09/2012 14:30:24 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\admin\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: Wielka Brytania | Language: ENG | Date Format: dd/MM/yyyy 5.75 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 67.66% Memory free 109.15 Gb Paging File | 107.18 Gb Available in Paging File | 98.19% Paging File free Paging file location(s): c:\pagefile.sys 0 0h:\pagefile.sy [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 68.26 Gb Total Space | 10.14 Gb Free Space | 14.86% Space Free | Partition Type: NTFS Drive D: | 310.50 Gb Total Space | 21.34 Gb Free Space | 6.87% Space Free | Partition Type: NTFS Drive E: | 198.73 Gb Total Space | 64.39 Gb Free Space | 32.40% Space Free | Partition Type: NTFS Drive F: | 198.67 Gb Total Space | 144.38 Gb Free Space | 72.67% Space Free | Partition Type: NTFS Drive G: | 310.50 Gb Total Space | 249.55 Gb Free Space | 80.37% Space Free | Partition Type: NTFS Drive H: | 310.50 Gb Total Space | 180.92 Gb Free Space | 58.27% Space Free | Partition Type: NTFS Computer Name: ADMIN-KOMPUTER | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/09/11 14:27:33 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe PRC - [2012/09/07 20:59:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/08/29 12:03:38 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012/08/24 10:09:21 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2012/08/23 10:17:30 | 000,875,216 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe PRC - [2012/08/23 10:17:30 | 000,874,192 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe PRC - [2012/08/23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe PRC - [2012/05/25 10:09:00 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2012/05/18 19:28:04 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Users\admin\Downloads\utorrent.exe PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe PRC - [2011/11/15 01:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/09/07 20:59:41 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/03/02 10:13:43 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012/06/29 16:08:52 | 002,721,656 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe -- (Diskeeper) SRV:[b]64bit:[/b] - [2011/12/06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011/12/05 23:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2010/11/24 11:03:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/09/07 20:59:42 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/08/29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/08/23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher) SRV - [2012/05/25 10:09:00 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- F:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/08/03 10:23:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD) DRV:[b]64bit:[/b] - [2012/06/18 19:14:34 | 000,052,048 | ---- | M] (Condusiv Technologies) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt) DRV:[b]64bit:[/b] - [2012/06/07 20:48:56 | 000,106,832 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DKTLFSMF.sys -- (DKTLFSMF) DRV:[b]64bit:[/b] - [2012/04/05 02:32:54 | 000,040,752 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DKDFM.sys -- (DKDFM) DRV:[b]64bit:[/b] - [2012/03/14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2011/12/23 08:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:[b]64bit:[/b] - [2011/12/06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2011/12/06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/12/06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/10/17 19:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2011/06/24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV:[b]64bit:[/b] - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:[b]64bit:[/b] - [2010/10/14 03:55:24 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews) DRV:[b]64bit:[/b] - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2010/01/27 04:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:[b]64bit:[/b] - [2009/08/09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV - [2012/03/02 12:02:29 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253 IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=187b42210000000000004061862a0053 IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E}: "URL" = http://websearch.4shared.com/results?q={searchTerms} IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\SearchScopes\{2405539E-FEB4-434C-90EB-189E3400C61E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "4shared" FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "4shared" FF - prefs.js..browser.search.searchEnginesURL: "http://websearch.4shared.com/results?q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: F:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/08/20 20:33:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 20:59:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 20:59:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: F:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/20 20:33:28 | 000,000,000 | ---D | M] [2012/03/01 13:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [2012/08/28 10:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\lbd86po6.default\extensions [2012/08/17 07:52:23 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\lbd86po6.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2012/08/28 10:05:13 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\lbd86po6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/03/02 11:00:32 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\lbd86po6.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012/05/23 08:44:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\lbd86po6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/01/03 12:57:20 | 000,008,395 | ---- | M] () (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lbd86po6.default\extensions\4sharedToolbar.xpi [2012/08/25 09:49:46 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lbd86po6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lbd86po6.default\searchplugins\conduit.xml [2012/09/07 20:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/09/07 20:59:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/02 17:17:17 | 000,947,320 | ---- | M] (www.devalvr.com) -- C:\Program Files (x86)\mozilla firefox\plugins\npdevalvr.dll [2012/05/18 19:14:22 | 000,002,185 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\4shared.xml [2011/11/11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml [2012/08/31 20:30:11 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012/07/04 23:15:14 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/08/31 20:30:11 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012/08/31 20:30:11 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012/08/31 20:30:11 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012/08/31 20:30:11 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012/08/31 20:30:11 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://search.conduit.com/?ctid=CT3072253&SearchSource=48 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://search.conduit.com/?ctid=CT3072253&SearchSource=48 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: 1Click Downloader = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.1_0\ CHR - Extension: uTorrentControl2 = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\ CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/17 20:29:53 | 000,000,983 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O1 - Hosts: 127.0.0.1 eu.actual.battle.net O1 - Hosts: 127.0.0.1 us.actual.battle.net O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (4sharedExt) - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll File not found O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (4shared Toolbar) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll File not found O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O3:[b]64bit:[/b] - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000\..\Toolbar\WebBrowser: (4shared Toolbar) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll File not found O4:[b]64bit:[/b] - HKLM..\Run: [egui] F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [GrooveMonitor] E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe (Trend Media Corporation Limited) O4 - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000..\Run: [MSConfig] "C:\Users\admin\giycir.exe" /r File not found O4 - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000..\Run: [SpeedConnectStartUp] C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe (CBS Software) O4 - HKU\S-1-5-21-3690817028-2233715112-3189557289-1000..\Run: [uTorrent] C:\Users\admin\Downloads\utorrent.exe (BitTorrent, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:[b]64bit:[/b] - Extra context menu item: &4shared Search - res://C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM File not found O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Download all by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\GetAllUrl.htm () O8:[b]64bit:[/b] - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm () O8:[b]64bit:[/b] - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\GetUrl.htm () O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Pobierz FlashGetem3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\GetUrl.htm () O8:[b]64bit:[/b] - Extra context menu item: Pobierz wszystko FlashGetem3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\GetAllUrl.htm () O8 - Extra context menu item: &4shared Search - res://C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download all by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\GetAllUrl.htm () O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\GetUrl.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Pobierz FlashGetem3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\GetUrl.htm () O8 - Extra context menu item: Pobierz wszystko FlashGetem3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\GetAllUrl.htm () O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.14.220 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEE1FD48-7537-407C-BC44-B8CD8B268384}: DhcpNameServer = 172.31.14.220 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{02cbeade-64f6-11e1-a8ce-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{02cbeade-64f6-11e1-a8ce-4061862a0053}\Shell\AutoRun\command - "" = L:\SETUP.EXE O33 - MountPoints2\{02cbeae3-64f6-11e1-a8ce-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{02cbeae3-64f6-11e1-a8ce-4061862a0053}\Shell\AutoRun\command - "" = M:\SETUP.EXE O33 - MountPoints2\{3797c5bc-82da-11e1-9cd3-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{3797c5bc-82da-11e1-9cd3-4061862a0053}\Shell\AutoRun\command - "" = M:\Setup.exe O33 - MountPoints2\{3e81c100-75d5-11e1-aa73-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{3e81c100-75d5-11e1-aa73-4061862a0053}\Shell\AutoRun\command - "" = J:\AutoRunMorrowind.exe O33 - MountPoints2\{3e81c100-75d5-11e1-aa73-4061862a0053}\Shell\install\command - "" = J:\Setup.exe O33 - MountPoints2\{429e90b7-c656-11e1-b2cb-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{429e90b7-c656-11e1-b2cb-4061862a0053}\Shell\AutoRun\command - "" = R:\AutoRunMorrowind.exe O33 - MountPoints2\{429e90b7-c656-11e1-b2cb-4061862a0053}\Shell\install\command - "" = R:\Setup.exe O33 - MountPoints2\{4550e790-be01-11e1-9f95-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{4550e790-be01-11e1-9f95-4061862a0053}\Shell\AutoRun\command - "" = N:\Setup.exe O33 - MountPoints2\{4550e797-be01-11e1-9f95-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{4550e797-be01-11e1-9f95-4061862a0053}\Shell\AutoRun\command - "" = O:\setup.exe O33 - MountPoints2\{4cb6f068-d498-11e1-ac8d-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{4cb6f068-d498-11e1-ac8d-4061862a0053}\Shell\AutoRun\command - "" = U:\autorun.exe O33 - MountPoints2\{63d1e3fe-bed0-11e1-83dd-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{63d1e3fe-bed0-11e1-83dd-4061862a0053}\Shell\AutoRun\command - "" = Q:\autorun.exe O33 - MountPoints2\{839695bd-6470-11e1-accc-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{839695bd-6470-11e1-accc-4061862a0053}\Shell\AutoRun\command - "" = J:\SETUP.EXE O33 - MountPoints2\{8d63f59d-dc5e-11e1-a343-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{8d63f59d-dc5e-11e1-a343-4061862a0053}\Shell\AutoRun\command - "" = W:\autorun.exe O33 - MountPoints2\{8d63f5a7-dc5e-11e1-a343-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{8d63f5a7-dc5e-11e1-a343-4061862a0053}\Shell\AutoRun\command - "" = X:\Autorun.exe O33 - MountPoints2\{d50d9982-6a93-11e1-97aa-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{d50d9982-6a93-11e1-97aa-4061862a0053}\Shell\AutoRun\command - "" = K:\SETUP.EXE O33 - MountPoints2\{d50d998f-6a93-11e1-97aa-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{d50d998f-6a93-11e1-97aa-4061862a0053}\Shell\AutoRun\command - "" = L:\autorun\autorun.exe O33 - MountPoints2\{d50d9992-6a93-11e1-97aa-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{d50d9992-6a93-11e1-97aa-4061862a0053}\Shell\AutoRun\command - "" = M:\SETUP.EXE O33 - MountPoints2\{d50d9995-6a93-11e1-97aa-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{d50d9995-6a93-11e1-97aa-4061862a0053}\Shell\AutoRun\command - "" = N:\setup.exe O33 - MountPoints2\{da54cdf4-6a72-11e1-b00e-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{da54cdf4-6a72-11e1-b00e-4061862a0053}\Shell\AutoRun\command - "" = K:\SETUP.EXE O33 - MountPoints2\{dfbb6eac-c112-11e1-8304-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{dfbb6eac-c112-11e1-8304-4061862a0053}\Shell\AutoRun\command - "" = S:\autorun.exe pl O33 - MountPoints2\{fce39107-7a80-11e1-96ee-4061862a0053}\Shell - "" = AutoRun O33 - MountPoints2\{fce39107-7a80-11e1-96ee-4061862a0053}\Shell\AutoRun\command - "" = K:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/09/11 13:46:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\TightVNC [2012/09/10 22:50:19 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Comodo [2012/09/08 09:21:38 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\NBGI [2012/09/08 08:44:55 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Stronghold 3 [2012/09/07 20:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/09/07 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\NBGI [2012/09/07 20:06:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012/09/07 20:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012/09/07 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012/09/07 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (5) [2012/09/06 17:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012/09/06 17:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012/09/06 17:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2012/09/06 17:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012/09/06 17:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012/09/06 17:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012/09/05 21:24:03 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\NUTY PDF [2012/09/01 14:31:08 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Witcher 2 [2012/08/30 23:58:16 | 000,000,000 | ---D | C] -- C:\Users\admin\dwhelper [2012/08/30 22:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/08/30 16:19:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ESET [2012/08/30 11:58:38 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\BigHugeEngine [2012/08/30 11:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012/08/30 11:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012/08/30 11:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012/08/30 11:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning [2012/08/28 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Darksiders2 [2012/08/27 22:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo [2012/08/27 13:22:11 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Upper Byte [2012/08/25 12:30:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\VULCAN [2012/08/25 12:30:17 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Moje świadectwa [2012/08/22 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Any Video Converter Professional [2012/08/21 10:26:49 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (4) [2012/08/20 20:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2012/08/20 20:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2012/08/20 15:25:05 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/08/20 15:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design [2012/08/16 08:46:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\.purple [2012/04/11 12:01:59 | 003,623,592 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe [2012/04/11 12:01:59 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/09/11 14:16:45 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012/09/11 14:16:34 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/11 14:16:29 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012/09/11 14:16:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/11 14:16:14 | 334,897,151 | -HS- | M] () -- C:\hiberfil.sys [2012/09/11 14:15:45 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/11 14:15:45 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/11 14:15:31 | 000,000,020 | ---- | M] () -- C:\Users\admin\defogger_reenable [2012/09/11 14:15:14 | 000,050,477 | ---- | M] () -- C:\Users\admin\Desktop\Defogger.exe [2012/09/11 14:07:11 | 003,133,494 | ---- | M] () -- C:\Users\admin\Desktop\Nowy obraz mapy bitowej.bmp [2012/09/11 14:01:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/11 13:01:10 | 001,855,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/11 13:01:10 | 000,806,502 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012/09/11 13:01:10 | 000,720,266 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/11 13:01:10 | 000,180,188 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012/09/11 13:01:10 | 000,146,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/11 11:13:10 | 000,000,336 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat [2012/09/11 07:29:56 | 000,007,667 | ---- | M] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg [2012/09/10 10:01:05 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/09/10 10:01:05 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/09/08 12:13:05 | 000,134,794 | ---- | M] () -- C:\Users\admin\Desktop\IMSLP130676-WIMA.a726-Kellner_Preludium.pdf [2012/09/07 04:57:30 | 000,439,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/09/06 19:15:26 | 069,559,501 | ---- | M] () -- C:\Users\admin\Desktop\IMSLP88028-PMLP10094-Complete.pdf [2012/09/06 18:53:46 | 000,281,405 | ---- | M] () -- C:\Users\admin\Desktop\IMSLP28904-PMLP64179-Gabrieli-A_Fantasia_Allegra_Organo.pdf [2012/09/01 18:41:48 | 000,035,606 | ---- | M] () -- C:\Users\admin\Desktop\frysztak2.jpg [2012/09/01 17:08:23 | 000,046,497 | ---- | M] () -- C:\Users\admin\Desktop\11.jpg [2012/09/01 17:07:57 | 000,044,127 | ---- | M] () -- C:\Users\admin\Desktop\12.jpg [2012/09/01 08:16:55 | 000,087,444 | ---- | M] () -- C:\Users\admin\Desktop\psalmbnszycha.png [2012/08/31 21:03:04 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/30 23:59:19 | 000,137,103 | ---- | M] () -- C:\Users\admin\Desktop\180027-02_zoom.jpg [2012/08/30 23:59:09 | 000,113,668 | ---- | M] () -- C:\Users\admin\Desktop\180027-01_zoom.jpg [2012/08/30 23:55:26 | 000,036,729 | ---- | M] () -- C:\Users\admin\Desktop\21087.gif [2012/08/30 23:47:02 | 000,093,594 | ---- | M] () -- C:\Users\admin\Desktop\90830_3.jpg [2012/08/30 23:46:44 | 000,077,732 | ---- | M] () -- C:\Users\admin\Desktop\90830_1.jpg [2012/08/30 23:46:29 | 000,093,984 | ---- | M] () -- C:\Users\admin\Desktop\90830_2.jpg [2012/08/30 13:14:30 | 000,027,900 | ---- | M] () -- C:\Users\admin\Desktop\bwv232pn5.png [2012/08/30 11:09:16 | 000,042,001 | ---- | M] () -- C:\Users\admin\Desktop\smn_87993.png [2012/08/30 11:08:40 | 000,056,953 | ---- | M] () -- C:\Users\admin\Desktop\3150672_01.jpg [2012/08/28 18:37:19 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2012/08/28 07:10:23 | 000,202,434 | ---- | M] () -- C:\Users\admin\Desktop\Bez tytułu.jpg1.jpg [2012/08/28 07:09:31 | 000,220,374 | ---- | M] () -- C:\Users\admin\Desktop\Bez tytułu.jpg [2012/08/27 22:12:57 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk [2012/08/27 22:12:57 | 000,002,043 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012/08/27 22:12:57 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk [2012/08/22 15:40:19 | 000,043,118 | ---- | M] () -- C:\Users\admin\Desktop\65582585.jpg [2012/08/21 14:45:38 | 000,220,378 | ---- | M] () -- C:\Users\admin\Desktop\beskid_niski5.jpg [2012/08/20 20:20:11 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012/08/19 21:54:15 | 000,126,512 | ---- | M] () -- C:\Users\admin\Desktop\rymanow-sym.jpg [2012/08/19 21:49:36 | 000,052,935 | ---- | M] () -- C:\Users\admin\Desktop\hm.11_7658.jpg [2012/08/16 08:25:24 | 000,000,529 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk [2012/08/14 08:29:12 | 000,023,849 | ---- | M] () -- C:\Users\admin\Desktop\wnmp-a.jpg [2012/08/14 08:22:00 | 000,060,991 | ---- | M] () -- C:\Users\admin\Desktop\wnmp-p.jpg [2012/08/13 17:16:09 | 000,031,570 | ---- | M] () -- C:\Users\admin\Desktop\ChomikImage.aspx.jpg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/09/11 14:15:31 | 000,000,020 | ---- | C] () -- C:\Users\admin\defogger_reenable [2012/09/11 14:15:13 | 000,050,477 | ---- | C] () -- C:\Users\admin\Desktop\Defogger.exe [2012/09/11 14:07:04 | 003,133,494 | ---- | C] () -- C:\Users\admin\Desktop\Nowy obraz mapy bitowej.bmp [2012/09/10 22:35:12 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012/09/08 12:13:41 | 000,134,794 | ---- | C] () -- C:\Users\admin\Desktop\IMSLP130676-WIMA.a726-Kellner_Preludium.pdf [2012/09/07 20:05:53 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012/09/06 19:16:06 | 069,559,501 | ---- | C] () -- C:\Users\admin\Desktop\IMSLP88028-PMLP10094-Complete.pdf [2012/09/06 18:54:27 | 000,281,405 | ---- | C] () -- C:\Users\admin\Desktop\IMSLP28904-PMLP64179-Gabrieli-A_Fantasia_Allegra_Organo.pdf [2012/09/01 18:41:47 | 000,035,606 | ---- | C] () -- C:\Users\admin\Desktop\frysztak2.jpg [2012/09/01 17:08:22 | 000,046,497 | ---- | C] () -- C:\Users\admin\Desktop\11.jpg [2012/09/01 17:07:56 | 000,044,127 | ---- | C] () -- C:\Users\admin\Desktop\12.jpg [2012/09/01 08:16:54 | 000,087,444 | ---- | C] () -- C:\Users\admin\Desktop\psalmbnszycha.png [2012/08/30 23:59:19 | 000,137,103 | ---- | C] () -- C:\Users\admin\Desktop\180027-02_zoom.jpg [2012/08/30 23:57:33 | 000,113,668 | ---- | C] () -- C:\Users\admin\Desktop\180027-01_zoom.jpg [2012/08/30 23:55:25 | 000,036,729 | ---- | C] () -- C:\Users\admin\Desktop\21087.gif [2012/08/30 23:47:02 | 000,093,594 | ---- | C] () -- C:\Users\admin\Desktop\90830_3.jpg [2012/08/30 23:46:44 | 000,077,732 | ---- | C] () -- C:\Users\admin\Desktop\90830_1.jpg [2012/08/30 23:46:29 | 000,093,984 | ---- | C] () -- C:\Users\admin\Desktop\90830_2.jpg [2012/08/30 13:14:29 | 000,027,900 | ---- | C] () -- C:\Users\admin\Desktop\bwv232pn5.png [2012/08/30 11:09:16 | 000,042,001 | ---- | C] () -- C:\Users\admin\Desktop\smn_87993.png [2012/08/30 11:08:39 | 000,056,953 | ---- | C] () -- C:\Users\admin\Desktop\3150672_01.jpg [2012/08/28 07:10:23 | 000,202,434 | ---- | C] () -- C:\Users\admin\Desktop\Bez tytułu.jpg1.jpg [2012/08/28 07:09:31 | 000,220,374 | ---- | C] () -- C:\Users\admin\Desktop\Bez tytułu.jpg [2012/08/27 22:12:57 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk [2012/08/27 22:12:57 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012/08/27 22:12:57 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk [2012/08/22 15:40:17 | 000,043,118 | ---- | C] () -- C:\Users\admin\Desktop\65582585.jpg [2012/08/21 14:45:37 | 000,220,378 | ---- | C] () -- C:\Users\admin\Desktop\beskid_niski5.jpg [2012/08/19 21:54:15 | 000,126,512 | ---- | C] () -- C:\Users\admin\Desktop\rymanow-sym.jpg [2012/08/19 21:49:36 | 000,052,935 | ---- | C] () -- C:\Users\admin\Desktop\hm.11_7658.jpg [2012/08/16 08:25:24 | 000,000,529 | ---- | C] () -- C:\Users\Public\Desktop\Pidgin.lnk [2012/08/16 08:25:24 | 000,000,529 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk [2012/08/14 08:29:12 | 000,023,849 | ---- | C] () -- C:\Users\admin\Desktop\wnmp-a.jpg [2012/08/14 08:22:00 | 000,060,991 | ---- | C] () -- C:\Users\admin\Desktop\wnmp-p.jpg [2012/08/13 17:16:09 | 000,031,570 | ---- | C] () -- C:\Users\admin\Desktop\ChomikImage.aspx.jpg [2012/07/23 12:18:30 | 000,000,518 | ---- | C] () -- C:\Windows\SIERRA.INI [2012/06/29 19:57:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012/06/24 17:03:22 | 000,000,218 | ---- | C] () -- C:\Users\admin\AppData\Local\recently-used.xbel [2012/05/31 14:08:16 | 004,499,708 | ---- | C] () -- C:\Users\admin\AppData\Roaming\minecraft.jar [2012/05/05 14:13:37 | 000,007,667 | ---- | C] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg [2012/04/11 12:01:59 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2012/04/10 00:04:13 | 047,102,201 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Minecraft 1.2.3.rar [2012/04/08 07:53:28 | 000,000,336 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat [2012/04/08 01:34:53 | 000,000,891 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2012/04/07 21:46:38 | 001,829,524 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/07 21:41:27 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2012/03/16 13:37:42 | 000,001,026 | ---- | C] () -- C:\Windows\Solitaire.ini [2012/03/16 13:37:41 | 000,435,712 | ---- | C] () -- C:\Windows\SysWow64\libmng.dll [2012/03/13 09:45:14 | 000,063,488 | ---- | C] () -- C:\Users\admin\xobglu16.dll [2012/03/13 09:45:14 | 000,023,552 | ---- | C] () -- C:\Users\admin\xobglu32.dll [2012/03/10 12:25:01 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012/03/10 12:25:01 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012/03/10 12:25:01 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012/03/10 10:48:13 | 000,052,038 | ---- | C] () -- C:\Windows\DIIUnin.dat [2012/03/03 11:07:54 | 000,042,543 | ---- | C] () -- C:\Windows\War3Unin.dat [2012/03/03 01:00:12 | 000,010,752 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/02 11:00:52 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2012/03/02 11:00:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2012/03/01 13:30:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012/03/01 13:18:06 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini [2012/03/01 11:59:41 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe [2012/03/01 11:50:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/12/06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011/12/06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/09/13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [color=#E56717]========== LOP Check ==========[/color] [2012/09/09 11:40:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft [2012/07/11 21:34:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia [2012/07/10 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (13) [2012/07/11 18:58:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (14) [2012/07/12 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (2) [2012/07/17 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (3) [2012/08/21 10:27:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (4) [2012/09/07 13:01:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (5) [2012/06/23 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft - Kopia (9) [2012/08/22 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.purple [2012/05/26 18:24:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.techniclauncher [2012/03/03 19:35:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AnvSoft [2012/05/02 07:48:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Babylon [2012/09/11 11:13:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BITS [2012/08/01 11:38:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Condusiv_Technologies [2012/03/30 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CrystalIdea Software [2012/03/02 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite [2012/03/24 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Pro [2012/05/22 18:49:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Fatshark [2012/04/07 21:41:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FlashGet [2012/09/10 14:31:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FlashGetBHO [2012/04/07 21:41:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FlashgetSetup [2012/03/20 15:36:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FlowerOfImmortality [2012/07/07 07:14:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Foxit Software [2012/03/08 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Friday's games [2012/03/08 20:55:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo [2012/03/01 13:17:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GHISLER [2012/03/16 13:41:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GlarySoft [2012/04/06 20:35:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GrandOrgueCache [2012/04/06 20:35:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GrandOrgueData [2012/03/20 19:00:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Gunnar Games [2012/06/24 17:02:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\inkscape [2012/03/16 01:14:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit [2012/03/01 13:01:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IrfanView [2012/03/12 10:30:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\iWin [2012/05/13 17:26:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LolClient [2012/05/24 16:52:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LolClient2 [2012/07/01 15:00:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Maxthon3 [2012/06/13 17:29:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mikrotik [2012/06/18 21:21:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mount&Blade Warband [2012/04/10 09:12:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenCandy [2012/05/28 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org [2012/07/03 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Recolored [2012/08/06 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sierra [2012/05/01 06:28:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thinstall [2012/09/11 13:46:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TightVNC [2012/04/29 11:47:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Tropico 3 [2012/05/24 22:28:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TuneUp Software [2012/08/27 13:22:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Upper Byte [2012/09/11 14:34:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent [2012/04/20 14:46:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\VDownloader [2012/08/25 12:30:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\VULCAN [2012/03/12 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\wargaming.net [2012/04/11 11:16:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\xVideoServiceThief [2012/09/11 14:16:45 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012/09/11 14:16:29 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012/08/21 11:44:55 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 970858 bytes -> C:\Windows\Temp:temp @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\admin\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\admin\Desktop\desktop.ini:gs5sys < End of report >