OTL logfile created on: 2013-03-29 19:02:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kwasek\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 48,22% Memory free 8,00 Gb Paging File | 5,23 Gb Available in Paging File | 65,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 26,90 Gb Free Space | 27,54% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 28,63 Gb Free Space | 14,28% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive K: | 596,17 Gb Total Space | 70,41 Gb Free Space | 11,81% Space Free | Partition Type: NTFS Computer Name: KWASEK-PC | User Name: Kwasek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-03-29 18:16:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kwasek\Downloads\OTL.exe PRC - [2013-03-08 17:43:27 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2013-01-17 19:05:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012-09-29 16:31:07 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe PRC - [2012-09-29 16:31:07 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe PRC - [2011-07-04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-07-04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-05-20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-05-20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011-02-02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2010-04-30 15:24:24 | 001,050,456 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIMain.exe PRC - [2010-04-30 15:24:22 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIExec.exe PRC - [2010-04-30 15:21:12 | 000,684,896 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\CMUpdater.exe PRC - [2010-04-30 15:20:52 | 000,252,784 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\AssistantServices.exe PRC - [2009-11-06 09:59:04 | 002,244,608 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe PRC - [2009-07-09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-03-11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll MOD - [2013-03-11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll MOD - [2013-03-11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll MOD - [2013-03-11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll MOD - [2013-03-11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll MOD - [2013-03-11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll MOD - [2013-03-08 17:43:27 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011-12-05 07:45:14 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\89933ca5a3d6ecfddac2f276746e939e\IAStorUtil.ni.dll MOD - [2011-12-05 07:45:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll MOD - [2011-12-04 23:33:24 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll MOD - [2011-12-04 23:33:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011-12-04 23:32:37 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011-12-04 23:32:28 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011-12-04 23:32:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011-12-04 23:31:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011-12-04 23:31:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011-12-04 23:31:51 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011-12-04 23:31:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011-02-04 18:54:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010-11-13 03:03:49 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-04-30 15:27:42 | 000,356,208 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIPlugIn\UIUssd_Common_new.dll MOD - [2010-04-30 15:27:14 | 000,323,416 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIPlugIn\UIUssd.dll MOD - [2010-04-30 15:27:12 | 000,305,496 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIPlugIn\UIStk.dll MOD - [2010-04-30 15:27:06 | 000,664,920 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIPlugIn\UISms.dll MOD - [2010-04-30 15:27:00 | 001,271,648 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIPlugIn\UISetting.dll MOD - [2010-04-30 15:26:56 | 000,669,536 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIPlugIn\UIPhoneBook.dll MOD - [2010-04-30 15:26:26 | 000,558,424 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIPlugIn\UIMms.dll MOD - [2010-04-30 15:26:16 | 000,561,000 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIPlugIn\UIConnectRecord.dll MOD - [2010-04-30 15:24:50 | 000,617,312 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UpdateAgent.dll MOD - [2010-04-30 15:24:32 | 000,370,520 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UISkin.dll MOD - [2010-04-30 15:24:24 | 001,050,456 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIMain.exe MOD - [2010-04-30 15:24:22 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UIExec.exe MOD - [2010-04-30 15:24:16 | 000,244,064 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\UICommonDlg.dll MOD - [2010-04-30 15:21:12 | 000,684,896 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\CMUpdater.exe MOD - [2010-04-30 15:20:36 | 000,089,952 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\SysService.dll MOD - [2010-04-30 15:19:44 | 000,154,472 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\CMCOMService.dll MOD - [2010-04-30 15:19:34 | 000,231,776 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BKService.dll MOD - [2010-04-30 15:19:28 | 000,166,232 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIXml.dll MOD - [2010-04-30 15:19:26 | 000,095,576 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIVoice.dll MOD - [2010-04-30 15:19:24 | 000,095,064 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIUssd.dll MOD - [2010-04-30 15:18:56 | 000,097,624 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIStk.dll MOD - [2010-04-30 15:18:38 | 000,215,384 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BISms.dll MOD - [2010-04-30 15:18:28 | 000,224,608 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BISetting.dll MOD - [2010-04-30 15:18:26 | 000,161,120 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIService.dll MOD - [2010-04-30 15:18:10 | 000,148,312 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIRas.dll MOD - [2010-04-30 15:18:08 | 000,174,944 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIPhoneBook.dll MOD - [2010-04-30 15:18:00 | 000,134,520 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIOptimizationClient.dll MOD - [2010-04-30 15:17:58 | 000,124,760 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BILog.dll MOD - [2010-04-30 15:17:52 | 000,141,160 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIDevManager.dll MOD - [2010-04-30 15:17:34 | 000,267,616 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIDataBase.dll MOD - [2010-04-30 15:17:20 | 000,124,264 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIConnectRecord.dll MOD - [2010-04-30 15:17:18 | 000,231,264 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BIConfig.dll MOD - [2010-04-30 15:17:12 | 000,174,424 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BICodec.dll MOD - [2010-04-30 15:17:00 | 000,089,448 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Component\BICallRecord.dll MOD - [2010-01-30 01:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2009-07-14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009-02-27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-12-15 20:15:06 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2012-03-09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011-07-04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-03-15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-01-17 19:05:10 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012-09-29 16:31:07 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2012-02-29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-01-18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011-05-20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011-05-09 12:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc) SRV - [2011-02-02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010-04-30 15:20:52 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PLAY ONLINE\AssistantServices.exe -- (UI Assistant Service) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009-07-09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-11-06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2012-03-09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2012-03-09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2012-03-09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2012-02-16 12:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-08-14 18:30:37 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-07-04 12:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2011-07-04 12:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2011-07-04 12:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2011-07-04 12:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2011-07-04 12:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2011-07-04 12:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2011-05-20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010-11-21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 04:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-10-29 22:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2009-10-29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:[b]64bit:[/b] - [2009-10-29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:[b]64bit:[/b] - [2009-10-29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:[b]64bit:[/b] - [2009-10-29 18:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:[b]64bit:[/b] - [2009-10-05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-28 17:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:[b]64bit:[/b] - [2009-06-10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2008-10-21 09:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:[b]64bit:[/b] - [2008-10-21 09:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:[b]64bit:[/b] - [2008-10-21 09:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:[b]64bit:[/b] - [2008-10-21 09:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:[b]64bit:[/b] - [2008-10-21 09:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:[b]64bit:[/b] - [2008-10-21 09:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:[b]64bit:[/b] - [2008-10-21 09:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV:[b]64bit:[/b] - [2008-06-05 18:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR) DRV:[b]64bit:[/b] - [2008-05-12 10:17:14 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb) DRV - [2012-11-13 21:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kwasek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kwasek\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kwasek\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\Kwasek\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kwasek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Kwasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Users\Kwasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Jeffrey's Exif viewer = C:\Users\Kwasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\glpbdeclgjmeoojlmhpamjddandmplki\1.0.8_0\ CHR - Extension: avast! WebRep = C:\Users\Kwasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ CHR - Extension: 4chan 4chrome = C:\Users\Kwasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncbfnjcklemldbidfoceaffkjofkcomb\9001.54_0\ CHR - Extension: Gmail = C:\Users\Kwasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2011-08-14 12:10:27 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ALLYouTubeDownloader) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~2\ALLYOU~1\ALLYOU~1.DLL (ALLCinema Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\PLAY ONLINE\UIExec.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000..\Run: [Akamai NetSession Interface] "C:\Users\Kwasek\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Kwasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DreamMail.lnk = C:\Program Files (x86)\DreamMail4\DM2005.exe (DreamStudio) O4 - Startup: C:\Users\Kwasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2578070770-1231554055-3729939943-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{039B3770-B0AA-4565-B505-4BFB9AAEF7F0}: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87F87D43-9182-4B13-BE44-CD6DEE6C96CB}: NameServer = 89.108.202.20 89.108.195.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1AD380-A49D-46CD-9206-772A46470D33}: DhcpNameServer = 62.179.1.63 62.179.1.62 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-12-15 19:54:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012-08-02 10:05:23 | 000,023,952 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2011-03-03 14:48:52 | 000,000,032 | -H-- | M] () - K:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{77d2ae52-c664-11e0-9fb4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{77d2ae52-c664-11e0-9fb4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSetup.exe O33 - MountPoints2\{9eaab3fb-cc9a-11e0-995c-0024216c33fb}\Shell - "" = AutoRun O33 - MountPoints2\{9eaab3fb-cc9a-11e0-995c-0024216c33fb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{c368753f-3e2f-11e2-ae89-0024216c33fb}\Shell - "" = AutoRun O33 - MountPoints2\{c368753f-3e2f-11e2-ae89-0024216c33fb}\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-03-24 17:08:07 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\Desktop\skrecanie [2013-03-18 01:11:37 | 000,000,000 | ---D | C] -- C:\UsbFix [2013-03-14 18:40:44 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\Desktop\Nowy folder [2013-03-14 08:30:22 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\Local Settings [2013-03-14 08:30:19 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\AppData\Roaming\{4530AD6C-8F37-48FC-A98E-05BC4DC37899} [2013-03-14 08:29:57 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\AppData\Roaming\{51C471C6-A70A-495C-B2A6-718887CE5203} [2013-03-14 08:29:43 | 000,000,000 | ---D | C] -- C:\Temp [2013-03-12 16:09:34 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\Desktop\dr [2013-03-09 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\Documents\DragonNest [2013-03-08 18:43:14 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFusion [2013-03-08 17:42:33 | 000,000,000 | ---D | C] -- C:\Users\Kwasek\.swt [2013-03-05 18:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013-03-05 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-03-29 18:50:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-03-29 18:35:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2578070770-1231554055-3729939943-1000UA.job [2013-03-29 17:32:14 | 001,662,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-03-29 17:32:14 | 000,738,084 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-03-29 17:32:14 | 000,652,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-03-29 17:32:14 | 000,154,740 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-03-29 17:32:14 | 000,121,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-03-29 17:27:03 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2578070770-1231554055-3729939943-1000UA.job [2013-03-29 16:48:01 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-03-29 16:48:01 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-03-29 16:40:44 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-03-29 16:38:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-03-29 16:38:44 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys [2013-03-29 05:29:42 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll [2013-03-28 20:27:06 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2578070770-1231554055-3729939943-1000Core.job [2013-03-28 15:44:14 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2578070770-1231554055-3729939943-1000Core.job [2013-03-27 21:26:03 | 000,095,134 | ---- | M] () -- C:\Users\Kwasek\Desktop\1364414525431.jpg [2013-03-25 23:25:08 | 000,107,125 | ---- | M] () -- C:\Users\Kwasek\Desktop\6899861_460s_v1.jpg [2013-03-24 19:10:15 | 000,316,301 | ---- | M] () -- C:\Users\Kwasek\Desktop\1364148550159.jpg [2013-03-22 19:30:33 | 000,058,931 | ---- | M] () -- C:\Users\Kwasek\Desktop\487554_460899897315738_1104659071_n.jpg [2013-03-21 00:22:02 | 000,053,111 | ---- | M] () -- C:\Users\Kwasek\Desktop\piwnica2.pdf [2013-03-21 00:04:37 | 000,054,477 | ---- | M] () -- C:\Users\Kwasek\Desktop\piwnica.pdf [2013-03-13 21:57:21 | 000,053,059 | ---- | M] () -- C:\Users\Kwasek\Desktop\typowa.pdf [2013-03-08 18:43:14 | 000,000,870 | ---- | M] () -- C:\Users\Kwasek\Desktop\Dragon Nest Europe.lnk [2013-03-06 22:53:14 | 000,051,424 | ---- | M] () -- C:\Users\Kwasek\Desktop\gazwoda.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-03-27 21:25:51 | 000,095,134 | ---- | C] () -- C:\Users\Kwasek\Desktop\1364414525431.jpg [2013-03-25 23:25:01 | 000,107,125 | ---- | C] () -- C:\Users\Kwasek\Desktop\6899861_460s_v1.jpg [2013-03-24 19:10:14 | 000,316,301 | ---- | C] () -- C:\Users\Kwasek\Desktop\1364148550159.jpg [2013-03-22 19:29:52 | 000,058,931 | ---- | C] () -- C:\Users\Kwasek\Desktop\487554_460899897315738_1104659071_n.jpg [2013-03-21 00:22:01 | 000,053,111 | ---- | C] () -- C:\Users\Kwasek\Desktop\piwnica2.pdf [2013-03-21 00:04:37 | 000,054,477 | ---- | C] () -- C:\Users\Kwasek\Desktop\piwnica.pdf [2013-03-08 18:43:14 | 000,000,870 | ---- | C] () -- C:\Users\Kwasek\Desktop\Dragon Nest Europe.lnk [2013-03-06 22:51:44 | 000,051,424 | ---- | C] () -- C:\Users\Kwasek\Desktop\gazwoda.pdf [2013-03-06 21:30:59 | 000,053,059 | ---- | C] () -- C:\Users\Kwasek\Desktop\typowa.pdf [2013-02-01 15:52:45 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll [2013-02-01 15:52:45 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll [2013-02-01 15:52:45 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll [2012-11-28 22:26:59 | 001,638,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-11-10 01:09:02 | 000,028,978 | ---- | C] () -- C:\Program Files (x86)\Uninstall.ini [2012-10-30 19:52:21 | 000,000,337 | ---- | C] () -- C:\Users\Kwasek\AppData\Local\Perfmon.PerfmonCfg [2012-09-29 16:31:34 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012-09-29 16:31:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012-09-17 14:22:52 | 000,074,080 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe [2012-03-09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-03-09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-01-31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-01-04 01:52:28 | 000,000,000 | ---- | C] () -- C:\Users\Kwasek\AppData\Local\{1CF1F3CF-BCB4-426A-B6CD-66048445346F} [2012-01-04 01:50:39 | 000,000,000 | ---- | C] () -- C:\Users\Kwasek\AppData\Local\{01B00EFE-4791-4D71-A28F-0A955697E073} [2011-12-23 12:01:26 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011-12-16 17:40:50 | 000,000,000 | ---- | C] () -- C:\Users\Kwasek\AppData\Local\{8E34219E-9D00-45BD-BC01-440A1C5F2C19} [2011-11-04 17:33:59 | 000,281,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-11-04 17:33:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-09-28 15:45:56 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011-08-28 12:37:35 | 000,001,278 | ---- | C] () -- C:\Windows\eReg.dat [2011-08-14 13:16:33 | 000,000,124 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini [2011-08-14 12:02:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-03-28 16:37:57 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\.minecraft [2013-03-15 14:08:57 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Audacity [2012-12-15 20:41:16 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Autodesk [2012-08-11 13:16:55 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\CD Label Designer [2011-08-15 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\DAEMON Tools Lite [2013-03-29 18:02:10 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\DreamMail4 [2011-11-18 02:16:28 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\fltk.org [2013-03-28 22:50:04 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\foobar2000 [2012-10-27 09:58:13 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Frogwares [2011-10-13 00:57:38 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\GetRightToGo [2011-11-30 00:36:26 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Leadertech [2011-08-22 15:17:26 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\LolClient [2012-05-28 13:58:45 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\LolClient2 [2012-09-24 21:43:43 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\LOVE [2012-12-15 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Mumble [2011-10-08 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Need for Speed World [2012-12-17 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\NetMeter [2012-01-07 15:36:48 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\OpenOffice.org [2012-04-27 17:19:53 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Opera [2013-02-01 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\PowerUp Software [2011-11-29 14:53:19 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\PunkBuster [2012-10-20 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Rainmeter [2011-10-07 10:52:59 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Rovio [2012-10-19 18:43:16 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Scilab [2012-09-29 16:11:58 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\SuperMemo World [2012-09-03 19:39:56 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\Tibia [2012-04-26 20:17:55 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\TS3Client [2013-03-28 08:55:33 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\uTorrent [2013-03-14 08:30:19 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\{4530AD6C-8F37-48FC-A98E-05BC4DC37899} [2013-03-14 08:29:57 | 000,000,000 | ---D | M] -- C:\Users\Kwasek\AppData\Roaming\{51C471C6-A70A-495C-B2A6-718887CE5203} [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report >