OTL logfile created on: 2012-12-28 20:11:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,61 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 55,20% Memory free 7,21 Gb Paging File | 5,37 Gb Available in Paging File | 74,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60,39 Gb Total Space | 26,94 Gb Free Space | 44,61% Space Free | Partition Type: NTFS Drive E: | 390,62 Gb Total Space | 55,71 Gb Free Space | 14,26% Space Free | Partition Type: NTFS Computer Name: USER-KOMPUTER | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-12-28 20:07:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2012-12-09 16:40:28 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-10-23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-07-27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-11-25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-09-06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011-08-18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011-08-18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011-06-29 14:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe PRC - [2011-06-28 01:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe PRC - [2011-04-30 00:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2011-04-13 16:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2011-01-13 21:56:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2007-09-21 08:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe PRC - [2007-06-28 20:44:34 | 002,816,512 | ---- | M] (Jerzy Znamirowski) -- C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-12-09 16:40:26 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-11-16 10:36:02 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll MOD - [2012-11-16 08:57:57 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012-11-16 08:56:08 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012-11-16 08:55:07 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012-11-16 08:54:49 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012-11-16 08:54:41 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012-11-16 08:54:11 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012-11-16 08:53:52 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012-11-16 08:53:36 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012-11-16 08:53:33 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012-11-16 08:53:13 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011-08-18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011-06-29 14:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe MOD - [2011-06-28 01:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe MOD - [2011-06-28 01:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll MOD - [2011-06-25 05:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll MOD - [2011-06-25 05:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll MOD - [2011-04-30 00:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2011-04-30 00:13:50 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll MOD - [2011-04-30 00:13:48 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2010-11-21 04:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010-11-21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010-03-22 21:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll MOD - [2010-03-17 02:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll MOD - [2010-03-17 02:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll MOD - [2010-03-17 02:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll MOD - [2010-03-12 01:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll MOD - [2010-03-12 01:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll MOD - [2010-03-05 21:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll MOD - [2010-03-05 21:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll MOD - [2007-09-21 08:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2011-07-12 08:59:04 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011-07-12 06:52:48 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2011-05-27 20:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2011-01-13 21:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2010-09-23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-03-03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012-12-12 16:06:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-11-29 09:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-10-23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012-10-19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-07-27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-11-25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-08-18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010-03-18 19:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:[b]64bit:[/b] - [2012-12-17 18:31:26 | 000,347,016 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\pctgntdi64.sys -- (pctgntdi) DRV:[b]64bit:[/b] - [2012-12-08 11:17:40 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\gfibto.sys -- (gfibto) DRV:[b]64bit:[/b] - [2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b]64bit:[/b] - [2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2012-10-23 17:40:32 | 000,077,144 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\PCTBD64.sys -- (PCTBD) DRV:[b]64bit:[/b] - [2012-10-15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-12-14 02:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV:[b]64bit:[/b] - [2011-10-01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2011-10-01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2011-10-01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2011-10-01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2011-08-18 23:40:08 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2011-08-18 23:39:52 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2011-08-18 23:39:52 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2011-08-18 23:39:50 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:[b]64bit:[/b] - [2011-08-18 23:39:50 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2011-08-18 23:39:50 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2011-07-12 11:01:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011-07-12 08:16:56 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011-06-16 23:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b]64bit:[/b] - [2011-06-16 23:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b]64bit:[/b] - [2011-05-27 20:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2011-05-17 07:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-04-01 04:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2011-03-30 23:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-01-20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:[b]64bit:[/b] - [2010-11-29 13:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-10-30 01:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2010-06-14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - [2010-04-27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:[b]64bit:[/b] - [2010-04-27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:[b]64bit:[/b] - [2010-04-27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:[b]64bit:[/b] - [2010-03-19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2010-02-18 15:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009-10-21 07:28:14 | 000,913,408 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dvb7700all.sys -- (mod7700) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2006-11-01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010-07-04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010-06-14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzuzyyEtAzy0EyD0DyCtB0Bzy0CzyyCyE0DtN0D0Tzu0CtBtAtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1374281765 IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzuzyyEtAzy0EyD0DyCtB0Bzy0CzyyCyE0DtN0D0Tzu0CtBtAtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1374281765 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com/search?q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzuzyyEtAzy0EyD0DyCtB0Bzy0CzyyCyE0DtN0D0Tzu0CtBtAtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1374281765 IE - HKLM\..\SearchScopes\㕻㐷㈳うⴴ㡄䅆㐭〱ⵃ䈸㤰䔭㕃䔶㕄䕃ㄷ紱: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = https://isearch.avg.com/?cid={9E9A3ECE-6A17-4764-9329-12C6D9F4E34B}&mid=d5b1336c933f47d0b93c4570a332c26f-95394279012141c9b174bfbabc973ed42f60d76e&lang=pl&ds=cv011&pr=sa&d=2012-07-22 07:14:03&v=12.1.0.20&sap=hp IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110824&tt=5012_7&babsrc=HP_ss&mntrId=7642964d0000000000009439e5d62b9b IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes,Backup.Old.DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes,DefaultScope = {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\???????????????????: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\{0A523519-482D-421B-9B37-77E1BE082C42}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=66147B18-AA2C-4AA0-8E05-DB2181D8D8F8&apn_sauid=3F947177-573F-44A6-9F84-2EB8CF9E44AA IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=5012_2&babsrc=SP_ss&mntrId=7642964d0000000000009439e5d62b9b IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7642964d0000000000009439e5d62b9b&tlver=1.4.19.19&affID=16553 IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzuzyyEtAzy0EyD0DyCtB0Bzy0CzyyCyE0DtN0D0Tzu0CtBtAtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1374281765 IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=FE3FDE70D718FC6E063F6050C313904C&q={searchTerms} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\SearchScopes\㕻㐷㈳うⴴ㡄䅆㐭〱ⵃ䈸㤰䔭㕃䔶㕄䕃ㄷ紱: "URL" = http://search.toggle.com/?lang=pl&q={searchTerms} IE - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaulturl: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=FE3FDE70D718FC6E063F6050C313904C" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/ig?hl=pl" FF - prefs.js..extensions.enabledAddons: AX1FMU%40w19hh.com:11 FF - prefs.js..extensions.enabledAddons: SignPlugin%40bph.pl:1.4.0.7 FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledItems: AX1FMU@w19hh.com:11 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..extensions.enabledItems: SignPlugin@bph.pl:1.4.0.7 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {f34c9277-6577-4dff-b2d7-7d58092f272f}:1.0.0.12 FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1474 FF - prefs.js..extensions.enabledItems: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.976.107 FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "My Web Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-19 07:30:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012-12-17 19:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-12-09 16:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-12-07 18:55:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E59425AD6A422704BE653BB98EF27B699 [2012-12-07 18:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012-12-18 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\udbmnf47.default\extensions [2012-10-29 20:58:44 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\udbmnf47.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2012-12-07 18:52:06 | 000,000,000 | ---D | M] (Flash Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\udbmnf47.default\extensions\AX1FMU@w19hh.com [2012-12-08 11:17:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\udbmnf47.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-07-03 13:56:13 | 000,000,000 | ---D | M] (BPH Sign Plugin) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\udbmnf47.default\extensions\SignPlugin@bph.pl [2012-12-16 11:37:48 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\udbmnf47.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-16 10:43:42 | 000,002,432 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\udbmnf47.default\searchplugins\babylon1.xml [2012-08-29 19:41:20 | 000,006,362 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\udbmnf47.default\searchplugins\Google.xml [2012-08-29 19:39:03 | 000,009,650 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\udbmnf47.default\searchplugins\my-web-search.xml [2012-08-17 15:16:15 | 000,002,337 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\udbmnf47.default\searchplugins\Search.xml [2012-10-27 22:26:37 | 000,002,687 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\udbmnf47.default\searchplugins\Search_Results.xml [2012-08-08 08:54:28 | 000,002,060 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\udbmnf47.default\searchplugins\softonic.xml [2012-10-27 23:16:51 | 000,003,269 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\udbmnf47.default\searchplugins\Web Search.xml [2012-12-07 19:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-12-07 17:36:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-07 17:36:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-12-07 17:36:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-12-07 17:36:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-29 20:58:52 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012-12-09 16:40:29 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-12-08 11:17:07 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml [2012-12-09 16:40:21 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-12-16 10:43:28 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012-12-09 16:40:21 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-12-09 16:40:21 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-12-09 16:40:21 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-10-27 22:26:37 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-10-27 23:16:51 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml [2012-12-09 16:40:21 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-12-09 16:40:21 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=FE3FDE70D718FC6E063F6050C313904C CHR - default_search_provider: Search Results () CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7731202452234963&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=FE3FDE70D718FC6E063F6050C313904C CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Error reading preferences file CHR - Extension: SpeedDial = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Browser Companion Helper = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\ CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: SweetIM for Facebook = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: AVG Secure Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\ CHR - Extension: SpeedDial = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Browser Companion Helper = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\ CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: SweetIM for Facebook = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: AVG Secure Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found. O3 - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:[b]64bit:[/b] - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Tutorials] File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-818110064-4033437693-2602076331-1001..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-818110064-4033437693-2602076331-1001..\Run: [HEXelon MAX] C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe (Jerzy Znamirowski) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-818110064-4033437693-2602076331-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Pobierz plik wideo w FDM - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:[b]64bit:[/b] - Extra context menu item: Pobierz w FDM - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:[b]64bit:[/b] - Extra context menu item: Pobierz wszystkie pliki w FDM - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:[b]64bit:[/b] - Extra context menu item: Pobierz zaznaczone pliki w FDM - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Pobierz plik wideo w FDM - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Pobierz w FDM - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Pobierz wszystkie pliki w FDM - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Pobierz zaznaczone pliki w FDM - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26164BA2-DB3F-4CB8-B8BA-14D87CD111B9}: DhcpNameServer = 62.179.1.63 62.179.1.62 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-12-17 17:27:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-12-28 20:07:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012-12-28 19:54:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support [2012-12-28 19:51:21 | 000,138,120 | ---- | C] (ESET) -- C:\Users\user\Desktop\ESETSirefefRemover(1).exe [2012-12-27 09:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012-12-27 08:40:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F7CFC67D-E0DD-4B37-A963-087675AE62B0} [2012-12-26 11:22:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8DF66ADC-4829-4E0C-B086-9D19002E0E53} [2012-12-25 09:00:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1CCD362C-66A9-4F51-86A1-889F566B1C41} [2012-12-24 14:55:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A8D2C964-5696-4059-837B-B9C8CA38A096} [2012-12-24 11:50:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5E7677F9-1687-4B47-BF1D-658388539DF6} [2012-12-24 09:12:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B107843B-15E4-4645-9FE2-D3E2DDD92B14} [2012-12-22 23:07:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5556656D-97F9-4496-B07C-E02DB84EE63D} [2012-12-22 08:15:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{186297EA-08E7-4ACF-B031-2EF5F4452989} [2012-12-21 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{63687C32-38BD-4A34-9F47-5041D279C230} [2012-12-20 08:54:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A3B523EC-BBC3-4F61-81D7-502DCC483F4C} [2012-12-19 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{81F985C9-2A12-4701-8CD2-769F534E6C75} [2012-12-18 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A6BF72E1-9848-46FE-AB38-F655E1C195F9} [2012-12-17 22:05:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DDF00FC8-3763-4320-A7E5-CFDC460BF7AC} [2012-12-17 19:08:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth [2012-12-17 18:31:26 | 000,347,016 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys [2012-12-17 18:31:26 | 000,258,424 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys [2012-12-17 18:31:23 | 001,096,176 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys [2012-12-17 18:31:22 | 000,453,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys [2012-12-17 18:31:22 | 000,413,448 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys [2012-12-17 18:29:31 | 000,077,144 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTBD64.sys [2012-12-17 18:29:29 | 000,150,648 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll [2012-12-17 18:29:28 | 002,280,568 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll [2012-12-17 18:29:28 | 001,690,744 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll [2012-12-17 18:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2012-12-17 18:24:49 | 000,253,256 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys [2012-12-17 18:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012-12-17 18:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012-12-17 18:24:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TestApp [2012-12-17 17:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012-12-17 17:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012-12-17 09:09:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2486AA7D-B1EA-45ED-933F-0CEDEDFFA86F} [2012-12-16 10:44:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Free Download Manager [2012-12-16 10:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager [2012-12-16 10:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager [2012-12-16 10:32:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TeamViewer [2012-12-16 10:22:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PDFReaderPackages [2012-12-16 10:16:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SumatraPDF [2012-12-16 10:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFReader [2012-12-16 09:08:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0CC248B2-C020-4B9B-AE3C-9DEE17B9303B} [2012-12-15 08:58:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B971FB2F-180C-4EE2-B6C4-B7722F0CFC30} [2012-12-14 09:02:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{93F8E917-02F8-4A74-80BD-E045D1EF3931} [2012-12-13 23:56:18 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA% [2012-12-13 10:29:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DC42B7B1-EC65-4615-B51F-D4D1B7FC0473} [2012-12-12 09:15:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0D5D7D3B-4564-4C99-817E-7AFC216867D9} [2012-12-11 09:03:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DE4F3320-EEFE-4495-B46E-2390AB314FCD} [2012-12-10 09:08:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{59F65052-3FD6-4A0D-940F-0C71D86D38C7} [2012-12-09 09:27:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{21D2A173-A594-4C6C-9399-85DB4DCA5D79} [2012-12-08 17:31:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4E1B4315-4C4E-4B75-AB21-5364A1D0E1D3} [2012-12-08 11:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2012-12-08 11:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012-12-08 11:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012-12-08 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Downloaded Installations [2012-12-08 11:17:41 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys [2012-12-08 11:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection [2012-12-08 11:16:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\LavasoftStatistics [2012-12-08 11:16:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus [2012-12-08 09:03:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4F11F1F8-1D2F-4BA5-8358-3D7C264A5A96} [2012-12-07 18:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012-12-07 17:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012-12-07 09:38:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3E720FFD-446D-48E3-8719-EEAB29D96302} [2012-12-06 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FEC84C54-D521-4161-9984-2DF81BDF1DAF} [2012-12-06 09:18:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8E314149-37E8-4EF5-9D2E-A20A9A5CDF27} [2012-12-05 09:51:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FCBD1A9F-EFE7-4A41-951E-77F998E77CA1} [2012-12-04 09:09:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2F981FB6-74FF-468B-AF98-CEAC71D35027} [2012-12-03 16:32:32 | 000,913,408 | ---- | C] (DiBcom) -- C:\windows\SysNative\drivers\dvb7700all.sys [2012-12-03 16:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012-12-03 08:49:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C3C28B9F-F44F-4584-8FBA-4E558E3E5EDF} [2012-12-02 09:34:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BEBF7967-EFB8-4A89-A6AC-9C85D0F222C3} [2012-12-01 09:04:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{98C37106-0822-4D00-B1E1-C9219FC39C95} [2012-11-30 08:15:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3BB3D322-63D4-484F-9290-615AF442803A} [2012-11-29 07:29:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5B42A809-0135-40D7-A9D1-2E0A1243FB0D} [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-12-28 20:12:55 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-28 20:12:55 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-28 20:07:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012-12-28 20:06:05 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012-12-28 20:04:22 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012-12-28 20:03:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012-12-28 20:02:24 | 2903,519,232 | -HS- | M] () -- C:\hiberfil.sys [2012-12-28 19:52:04 | 004,009,167 | ---- | M] () -- C:\Users\user\Desktop\ServicesRepair(1).exe [2012-12-28 19:51:21 | 000,138,120 | ---- | M] (ESET) -- C:\Users\user\Desktop\ESETSirefefRemover(1).exe [2012-12-28 19:51:17 | 002,033,481 | ---- | M] () -- C:\Users\user\Desktop\EZ_Sirefix(1).exe [2012-12-28 19:42:24 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job [2012-12-28 12:18:01 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-818110064-4033437693-2602076331-1001UA.job [2012-12-28 08:16:45 | 000,007,627 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2012-12-27 20:35:53 | 000,000,512 | ---- | M] () -- C:\Users\user\Documents\MBR.dat [2012-12-27 20:09:12 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012-12-27 20:09:10 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012-12-27 11:31:12 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012-12-26 15:18:01 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-818110064-4033437693-2602076331-1001Core.job [2012-12-19 09:12:27 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job [2012-12-18 14:15:17 | 001,664,854 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012-12-18 14:15:17 | 000,738,644 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2012-12-18 14:15:17 | 000,652,812 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012-12-18 14:15:17 | 000,155,042 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2012-12-18 14:15:17 | 000,121,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012-12-17 18:31:26 | 000,347,016 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys [2012-12-17 18:31:26 | 000,258,424 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys [2012-12-17 18:31:23 | 001,096,176 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys [2012-12-17 18:31:22 | 000,453,896 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys [2012-12-17 18:31:22 | 000,413,448 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys [2012-12-17 17:27:05 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012-12-12 16:06:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012-12-12 16:06:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012-12-08 11:17:40 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys [2012-12-07 19:27:28 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-12-01 13:19:06 | 000,000,035 | ---- | M] () -- C:\windows\Ulead32.INI [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-12-28 19:51:34 | 004,009,167 | ---- | C] () -- C:\Users\user\Desktop\ServicesRepair(1).exe [2012-12-28 19:50:42 | 002,033,481 | ---- | C] () -- C:\Users\user\Desktop\EZ_Sirefix(1).exe [2012-12-28 08:16:45 | 000,007,627 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2012-12-27 20:35:53 | 000,000,512 | ---- | C] () -- C:\Users\user\Documents\MBR.dat [2012-12-17 18:29:30 | 000,769,144 | ---- | C] () -- C:\windows\BDTSupport.dll [2012-12-17 18:29:29 | 000,003,488 | ---- | C] () -- C:\windows\UDB.zip [2012-12-17 18:29:29 | 000,000,882 | ---- | C] () -- C:\windows\RegSDImport.xml [2012-12-17 18:29:29 | 000,000,879 | ---- | C] () -- C:\windows\RegISSImport.xml [2012-12-17 18:29:29 | 000,000,131 | ---- | C] () -- C:\windows\IDB.zip [2012-12-17 17:27:05 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012-12-17 14:04:31 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012-12-07 18:55:54 | 000,001,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-12-07 18:50:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-11-18 09:17:56 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI [2012-08-17 15:16:00 | 000,384,835 | ---- | C] () -- C:\Users\user\AppData\Local\speeddial.crx [2012-07-18 11:42:53 | 000,000,035 | ---- | C] () -- C:\windows\Ulead32.INI [2012-07-18 11:32:24 | 000,007,680 | ---- | C] () -- C:\windows\SysWow64\drivers\Onsreged.sys [2012-05-20 17:32:40 | 000,285,216 | ---- | C] () -- C:\windows\SysWow64\drivers\Onsio.sys [2012-04-10 06:46:38 | 000,683,801 | ---- | C] () -- C:\windows\unins000.exe [2012-04-10 06:46:38 | 000,000,903 | ---- | C] () -- C:\windows\unins000.dat [2012-03-26 08:40:23 | 000,000,047 | ---- | C] () -- C:\windows\NeroDigital.ini [2012-02-10 19:24:22 | 000,002,528 | ---- | C] () -- C:\Users\user\AppData\Roaming\$_hpcst$.hpc [2012-01-26 10:52:38 | 000,000,418 | ---- | C] () -- C:\windows\ODBC.INI [2012-01-14 19:51:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011-12-23 20:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011-12-23 20:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011-12-23 20:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011-12-23 20:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011-10-06 22:38:11 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011-10-06 22:33:47 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2011-10-06 22:33:42 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2011-10-06 22:33:41 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini [2011-10-06 22:33:41 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2011-10-06 22:33:41 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2011-10-06 22:33:41 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2011-10-06 21:14:01 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011-10-06 21:05:52 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll [2011-10-06 20:55:22 | 001,641,166 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011-07-29 12:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2011-07-29 12:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2011-07-12 07:13:18 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2011-11-17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{b4b72bb3-4995-578a-0932-d3483ee3d184}\@ [2012-12-27 19:57:50 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{b4b72bb3-4995-578a-0932-d3483ee3d184}\L [2012-12-28 20:21:21 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{b4b72bb3-4995-578a-0932-d3483ee3d184}\U [2012-12-28 20:04:01 | 000,000,804 | ---- | M] () -- C:\WINDOWS\Installer\{b4b72bb3-4995-578a-0932-d3483ee3d184}\L\00000004.@ [2012-12-28 19:42:27 | 000,002,048 | ---- | M] () -- C:\WINDOWS\Installer\{b4b72bb3-4995-578a-0932-d3483ee3d184}\U\00000004.@ [2012-12-28 19:42:46 | 000,232,960 | ---- | M] () -- C:\WINDOWS\Installer\{b4b72bb3-4995-578a-0932-d3483ee3d184}\U\00000008.@ [2012-12-28 19:42:28 | 000,001,632 | ---- | M] () -- C:\WINDOWS\Installer\{b4b72bb3-4995-578a-0932-d3483ee3d184}\U\000000cb.@ [2012-12-28 19:42:28 | 000,015,360 | ---- | M] () -- C:\WINDOWS\Installer\{b4b72bb3-4995-578a-0932-d3483ee3d184}\U\80000000.@ [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [2012-12-28 20:03:41 | 000,004,608 | -HS- | M] () -- C:\windows\assembly\GAC_32\Desktop.ini [2012-12-28 20:03:41 | 000,006,144 | -HS- | M] () -- C:\windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-12-08 12:17:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus [2012-02-05 10:22:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon [2012-10-24 21:01:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ExpressDownloader [2012-05-15 06:36:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Fingertapps [2012-12-19 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Free Download Manager [2012-05-20 19:23:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo [2012-12-20 09:27:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HEXelon [2012-01-10 17:13:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech [2012-02-06 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NapiProjekt [2012-02-02 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite [2012-01-12 12:04:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCDr [2012-12-16 10:22:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PDFReaderPackages [2012-12-28 02:54:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoFiltre [2012-03-01 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoScape [2012-02-29 09:31:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung [2012-06-26 19:04:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client [2012-12-16 10:16:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SumatraPDF [2012-12-16 10:32:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer [2012-12-17 18:24:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TestApp [2012-01-10 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP [2012-07-03 17:58:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software [2012-12-28 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent [2012-01-18 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 < End of report >