OTL logfile created on: 2013-04-06 17:16:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawid\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 76,36% Memory free 6,00 Gb Paging File | 5,34 Gb Available in Paging File | 89,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,90 Gb Total Space | 6,67 Gb Free Space | 13,36% Space Free | Partition Type: NTFS Drive D: | 220,45 Gb Total Space | 33,25 Gb Free Space | 15,08% Space Free | Partition Type: NTFS Drive E: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 195,31 Gb Total Space | 30,14 Gb Free Space | 15,43% Space Free | Partition Type: NTFS Computer Name: DAWID-KOMPUTER | User Name: Dawid | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-06 17:08:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawid\Downloads\OTL.exe PRC - [2013-03-13 17:15:30 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013-03-08 08:07:18 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-12-10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-03-13 17:15:29 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013-03-08 08:07:18 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-05-15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-03-29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-03-13 17:15:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-03-08 08:07:18 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-03-06 14:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc) SRV - [2013-01-29 15:28:02 | 000,188,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant) SRV - [2013-01-29 14:37:26 | 001,087,792 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService) SRV - [2013-01-08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-12-10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012-05-15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-05-08 19:15:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012-05-08 19:15:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-04-24 23:08:00 | 004,303,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-12-13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010-12-08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-08-05 11:12:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006-05-11 18:40:06 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\Windows\System32\sfrem02.exe -- (sfrem02) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) DRV - [2012-07-24 00:26:55 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-05-15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012-05-08 19:15:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012-05-08 19:15:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012-01-29 13:57:19 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2011-09-16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010-12-13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2010-07-30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-07-30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-07-30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-07-30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010-04-03 21:12:38 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-04-03 21:12:37 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) DRV - [2009-03-25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009-03-25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009-03-25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009-03-25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009-03-25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009-03-25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009-03-25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2005-11-03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2005-08-10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) DRV - [2005-08-10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2004-08-13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003-04-19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl) DRV - [2003-03-02 18:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/?affil=7&uid=f61d4e26-4708-11e2-af39-b05e3f4ac98e IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found IE - HKLM\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No CLSID value found IE - HKLM\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - No CLSID value found IE - HKLM\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2247187 IE - HKLM\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = ${SEARCH_URL}{searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3176921&octid=CT3176921&SearchSource=61&CUI=UN88406023324118292&UM=2&UP=SPAA61D53B-A400-42D6-B414-6507CAC6B12D IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No CLSID value found IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - No CLSID value found IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.) IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - No CLSID value found IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes,DefaultScope = {C7722F35-84BE-4974-831A-21F3363B8219} IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{00D414A9-9A51-41B6-BED5-BC0C7F9E2090}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN55101227911398304&UM=1 IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4 IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=c280d968000000000000000000000000 IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYPL&apn_uid=A036A453-A663-41E3-BB18-2A0E5A3A3C94&apn_sauid=776977A7-94D5-495E-8398-4A8CE14E6393 IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{C7722F35-84BE-4974-831A-21F3363B8219}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176921&CUI=UN88406023324118292&UM=2 IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{C8672574-3B63-47F9-B285-5F749F69B755}: "URL" = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8yKYG6qr&i=26 IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://searchou.com/?affil=7&uid=f61d4e26-4708-11e2-af39-b05e3f4ac98e&q={searchTerms} IE - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..CT3176921.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultengine: "Privitize VPN" FF - prefs.js..browser.search.defaultenginename: "Privitize VPN" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "express-files Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=3&q={searchTerms}&CUI=UN12490106011750111" FF - prefs.js..browser.search.order.1: "Privitize VPN" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "express-files Customized Web Search" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/?gl=PL&hl=pl" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN12490106011750111&UM=UM_ID&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://searchou.com/?affil=7&uid=f61d4e26-4708-11e2-af39-b05e3f4ac98e&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll (Fun Web Products, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: D:\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-03-19 21:08:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013-03-01 07:08:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013-03-01 07:08:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-03-13 17:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-03-08 08:07:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-03-19 21:08:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-03-13 17:40:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-03-08 08:07:17 | 000,000,000 | ---D | M] [2010-07-28 15:06:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Extensions [2013-04-06 16:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawid\AppData\Roaming\mozilla\Firefox\Profiles\k9myiaf5.default-1360944979122\extensions [2013-03-13 17:40:05 | 000,000,985 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\k9myiaf5.default-1360944979122\searchplugins\conduit.xml [2013-04-06 16:42:09 | 000,002,130 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\k9myiaf5.default-1360944979122\searchplugins\MyStart Search.xml [2013-03-12 20:08:04 | 000,002,090 | ---- | M] () -- C:\Users\Dawid\AppData\Roaming\mozilla\firefox\profiles\k9myiaf5.default-1360944979122\searchplugins\Searchou.xml [2013-03-08 08:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-03-08 08:07:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-03-08 08:07:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-08-24 11:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2013-03-01 07:57:49 | 000,002,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-08-28 10:23:30 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013-03-01 07:57:49 | 000,001,619 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-08-31 12:17:40 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2013-03-01 07:57:49 | 000,001,130 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2013-03-01 07:57:49 | 000,001,071 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2013-03-01 07:57:49 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-03-01 07:57:49 | 000,001,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.572_0\ CHR - Extension: No name found = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljjdijhlpcohpfipjoikfcpamknkpde\1\ CHR - Extension: No name found = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.3.0.1_1\ CHR - Extension: No name found = C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\opocjmmaobdeflllpdgbfiepbechajog\1\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet) O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found. O2 - BHO: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found. O2 - BHO: (no name) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No CLSID value found. O2 - BHO: (no name) - {707db484-2428-402d-afb5-d85b387544c7} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (express-files Toolbar) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.) O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (MaganiPiec) - {B7C33596-12FF-661D-D807-7C955E06F64D} - C:\ProgramData\MaganiPiec\513f767ec0eba.dll () O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Dawid\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {707db484-2428-402d-afb5-d85b387544c7} - No CLSID value found. O3 - HKLM\..\Toolbar: (express-files Toolbar) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found. O3 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found. O3 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\Toolbar\WebBrowser: (no name) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - No CLSID value found. O3 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\Toolbar\WebBrowser: (no name) - {707DB484-2428-402D-AFB5-D85B387544C7} - No CLSID value found. O3 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found. O3 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\Toolbar\WebBrowser: (express-files Toolbar) - {88AC3CB6-596B-4217-964C-B6757EF9602D} - C:\Program Files\express-files\prxtbexpr.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000\..\Toolbar\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry) O4 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000..\Run: [] File not found O4 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000..\Run: [bluebirds] C:\Users\Dawid\Bluebirds\BlueBirds.exe (LG Electronics) O4 - HKU\S-1-5-21-580120484-3627193527-1350051763-1000..\Run: [SearchProtect] C:\Users\Dawid\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8437B83E-DEEF-4281-B414-0A3BD0C7FA85}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~1\magnipic\sprote~1.dll) - c:\Program Files\MagniPic\sprotector.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-04-29 11:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{26b66f03-ebed-11de-83d8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{26b66f03-ebed-11de-83d8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{6d80911b-16e5-11e2-a59b-a1c6b9ade582}\Shell - "" = AutoRun O33 - MountPoints2\{6d80911b-16e5-11e2-a59b-a1c6b9ade582}\Shell\AutoRun\command - "" = L:\Startme.exe O33 - MountPoints2\{94f502a3-d4d6-11e1-93b7-bef5b7c2528e}\Shell - "" = AutoRun O33 - MountPoints2\{94f502a3-d4d6-11e1-93b7-bef5b7c2528e}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{9b1295d1-a3fb-11e0-a499-c06736fe5fb0}\Shell - "" = AutoRun O33 - MountPoints2\{9b1295d1-a3fb-11e0-a499-c06736fe5fb0}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{aeaa156f-4a70-11e1-9fd6-aa1d1f1356b6}\Shell - "" = AutoRun O33 - MountPoints2\{aeaa156f-4a70-11e1-9fd6-aa1d1f1356b6}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{c350a75f-18b8-11df-8ee0-002618d65820}\Shell - "" = AutoRun O33 - MountPoints2\{c350a75f-18b8-11df-8ee0-002618d65820}\Shell\AutoRun\command - "" = L:\_autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]ApnUpdater[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]ares[/b] - hkey= - key= - C:\Program Files\Ares\Ares.exe (Ares Development Group) MsConfig - StartUpReg: [b]avgnt[/b] - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MsConfig - StartUpReg: [b]ChomikBox[/b] - hkey= - key= - C:\Program Files\ChomikBox\chomikbox.exe () MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: [b]EA Core[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]facemoods[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]LifeCam[/b] - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: [b]Media Finder[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]MediaGet2[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]NokiaMServer[/b] - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig - StartUpReg: [b]NokiaOviSuite2[/b] - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) MsConfig - StartUpReg: [b]PC Speed Maximizer[/b] - hkey= - key= - C:\Program Files\PC Speed Maximizer\SPMLauncher.exe (Avanquest Software) MsConfig - StartUpReg: [b]ROC_roc_ssl_v12[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SearchProtectAll[/b] - hkey= - key= - C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit) MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: [b]Smart Driver Updater[/b] - hkey= - key= - C:\Program Files\Smart Driver Updater\SDULauncher.exe (Avanquest Software) MsConfig - StartUpReg: [b]Sony Ericsson PC Companion[/b] - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - D:\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]uTorrent[/b] - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) MsConfig - StartUpReg: [b]Vuymezi[/b] - hkey= - key= - C:\Users\Dawid\AppData\Roaming\Ovos\esady.exe (Корпорация Майкрософт) MsConfig - StartUpReg: [b]Wlymyi[/b] - hkey= - key= - C:\Users\Dawid\AppData\Roaming\Wlymyi.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-03-30 13:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013-03-29 13:01:35 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\Slon_Mikser_-_Demonologia_2010(www.YouBeat.eu) [2013-03-26 08:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Crafting guide [2013-03-26 08:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft Crafting guide [2013-03-20 19:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013-03-16 17:58:30 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\mvvc [2013-03-15 18:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v6 [2013-03-15 18:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2013-03-15 18:07:51 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\uTorrent [2013-03-13 17:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\express-files [2013-03-13 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect [2013-03-13 17:40:06 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\SearchProtect [2013-03-13 17:39:10 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\ExpressFiles [2013-03-12 20:08:37 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN [2013-03-12 20:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN [2013-03-12 20:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD [2013-03-12 20:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\MagniPic [2013-03-12 20:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaganiPiec [2013-03-12 20:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MaganiPiec [2013-03-12 18:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe [2013-03-12 18:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro [2013-03-12 18:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BBrOWse2esuave [2013-03-12 18:02:25 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\File Scout [2013-03-12 14:36:36 | 000,000,000 | ---D | C] -- C:\Users\Dawid\AppData\Roaming\DealPly [2013-03-10 14:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dawid\Desktop\world [2013-03-08 08:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013-03-05 20:43:24 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Users\Dawid\AppData\Roaming\Wlymyi.exe [2013-01-01 22:14:39 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Dawid\AppData\Roaming\MinecraftSP.exe [2012-02-03 15:44:06 | 001,718,352 | ---- | C] (Funmoods) -- C:\Users\Dawid\AppData\Local\funmoods.exe [2012-01-14 13:19:33 | 002,371,152 | ---- | C] (DownVision ) -- C:\Users\Dawid\AppData\Local\setup.exe [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-04-06 17:08:25 | 000,737,242 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-04-06 17:08:25 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-04-06 17:08:25 | 000,153,930 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-04-06 17:08:25 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-04-06 17:01:39 | 000,640,072 | ---- | M] () -- C:\Users\Dawid\Desktop\OTL(19450).exe [2013-04-06 16:54:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013-04-06 16:54:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-04-06 16:54:37 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys [2013-04-06 16:42:03 | 000,000,374 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{66BA19C7-255C-4021-B2F7-9C5ECEB2E212}.job [2013-04-05 16:42:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013-04-03 06:12:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-04-02 21:58:32 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-04-02 21:58:31 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-03-30 21:52:31 | 000,000,201 | ---- | M] () -- C:\Users\Dawid\Desktop\Call of Duty Black Ops.url [2013-03-30 21:52:31 | 000,000,201 | ---- | M] () -- C:\Users\Dawid\Desktop\Call of Duty Black Ops - Multiplayer.url [2013-03-30 20:28:11 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dawid.job [2013-03-30 10:57:23 | 000,004,430 | ---- | M] () -- C:\cc_20130330_095721.reg [2013-03-29 17:05:53 | 106,225,660 | ---- | M] () -- C:\Users\Dawid\Desktop\Budujemy w Minecraft SEZON 1 - Mapka.rar [2013-03-29 12:57:36 | 069,715,939 | ---- | M] () -- C:\Users\Dawid\Desktop\Slon_Mikser_-_Demonologia_2010(www.YouBeat.eu).rar [2013-03-29 11:56:14 | 000,000,847 | ---- | M] () -- C:\Users\Dawid\Desktop\Call of Duty.lnk [2013-03-28 09:52:43 | 000,008,704 | ---- | M] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-03-27 10:18:59 | 000,139,648 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013-03-27 10:17:17 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013-03-27 10:16:57 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013-03-25 11:55:20 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\CWK.lnk [2013-03-25 09:43:51 | 000,078,150 | ---- | M] () -- C:\Users\Dawid\.recently-used.xbel [2013-03-24 20:56:59 | 001,790,654 | ---- | M] () -- C:\Users\Dawid\Desktop\mcpatcher-3.0.3.exe [2013-03-20 19:30:19 | 000,001,602 | ---- | M] () -- C:\cc_20130320_183016.reg [2013-03-17 22:38:28 | 000,000,519 | ---- | M] () -- C:\Users\Dawid\Desktop\The Elder Scrolls V Skyrim.lnk [2013-03-16 18:12:15 | 000,005,948 | ---- | M] () -- C:\cc_20130316_171208.reg [2013-03-15 19:15:13 | 006,460,781 | ---- | M] () -- C:\Users\Dawid\Desktop\Nowy Archiwum WinRAR-a.rar [2013-03-15 18:08:10 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013-03-13 17:41:05 | 000,000,009 | ---- | M] () -- C:\END [2013-03-13 17:15:30 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-03-13 17:15:30 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-06 17:01:32 | 000,640,072 | ---- | C] () -- C:\Users\Dawid\Desktop\OTL(19450).exe [2013-03-30 21:52:31 | 000,000,201 | ---- | C] () -- C:\Users\Dawid\Desktop\Call of Duty Black Ops - Multiplayer.url [2013-03-30 20:02:52 | 000,000,201 | ---- | C] () -- C:\Users\Dawid\Desktop\Call of Duty Black Ops.url [2013-03-30 10:57:22 | 000,004,430 | ---- | C] () -- C:\cc_20130330_095721.reg [2013-03-29 16:52:05 | 106,225,660 | ---- | C] () -- C:\Users\Dawid\Desktop\Budujemy w Minecraft SEZON 1 - Mapka.rar [2013-03-29 12:48:33 | 069,715,939 | ---- | C] () -- C:\Users\Dawid\Desktop\Slon_Mikser_-_Demonologia_2010(www.YouBeat.eu).rar [2013-03-29 11:56:14 | 000,000,847 | ---- | C] () -- C:\Users\Dawid\Desktop\Call of Duty.lnk [2013-03-25 19:15:16 | 733,941,760 | ---- | C] () -- C:\Users\Dawid\Desktop\Epoka lodowcowa 3 Era dinozaurów Ice Age 3 Dawn of the Dinosaurs [DVDrip] [PL DUBBING].avi [2013-03-25 11:55:20 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\CWK.lnk [2013-03-25 09:43:51 | 000,078,150 | ---- | C] () -- C:\Users\Dawid\.recently-used.xbel [2013-03-24 20:56:43 | 001,790,654 | ---- | C] () -- C:\Users\Dawid\Desktop\mcpatcher-3.0.3.exe [2013-03-20 19:48:36 | 000,000,485 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Dragonborn.lnk [2013-03-20 19:30:18 | 000,001,602 | ---- | C] () -- C:\cc_20130320_183016.reg [2013-03-16 20:39:20 | 000,000,519 | ---- | C] () -- C:\Users\Dawid\Desktop\The Elder Scrolls V Skyrim.lnk [2013-03-16 18:12:14 | 000,005,948 | ---- | C] () -- C:\cc_20130316_171208.reg [2013-03-15 19:14:39 | 006,460,781 | ---- | C] () -- C:\Users\Dawid\Desktop\Nowy Archiwum WinRAR-a.rar [2013-03-15 18:08:10 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013-03-13 17:39:03 | 000,000,009 | ---- | C] () -- C:\END [2013-03-12 20:08:30 | 000,000,374 | -H-- | C] () -- C:\Windows\tasks\MagniPicUpdaterTask{66BA19C7-255C-4021-B2F7-9C5ECEB2E212}.job [2012-12-16 16:29:52 | 000,009,352 | ---- | C] () -- C:\Users\Dawid\AppData\Local\recently-used.xbel [2012-10-19 20:04:56 | 000,000,000 | -H-- | C] () -- C:\Users\Dawid\AppData\Roaming\ifLigjthhedI [2012-09-23 16:53:40 | 001,087,792 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2012-09-23 16:53:40 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2012-07-27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012-06-16 03:52:40 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempUL3156.html [2012-06-09 12:34:53 | 000,000,080 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\mBot.ini [2012-06-05 17:35:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2012-05-17 17:50:48 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempCX3916.html [2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012-04-17 07:31:22 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012-01-27 20:39:02 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempRZ3552.html [2012-01-18 14:00:02 | 000,077,576 | ---- | C] () -- C:\Users\Dawid\AppData\Local\facemoods.bmp [2012-01-13 19:04:08 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Temptm2100.html [2011-11-29 14:41:52 | 000,077,576 | ---- | C] () -- C:\Users\Dawid\AppData\Local\dealply.bmp [2011-11-27 17:31:37 | 000,139,648 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-11-27 17:31:37 | 000,138,056 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\PnkBstrK.sys [2011-11-27 17:31:21 | 000,282,296 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-11-27 17:31:11 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-11-20 12:28:52 | 000,000,600 | ---- | C] () -- C:\Users\Dawid\AppData\Local\PUTTY.RND [2011-11-11 22:00:37 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Temptp3448.html [2011-09-23 18:03:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011-09-22 19:57:59 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempHd2532.html [2011-09-16 19:16:26 | 000,001,232 | ---- | C] () -- C:\Windows\unins001.dat [2011-09-16 19:14:47 | 000,001,809 | ---- | C] () -- C:\Windows\unins000.dat [2011-08-16 20:04:36 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempCr2140.html [2011-08-16 11:47:02 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempEu3268.html [2011-08-16 11:47:02 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempFB3268.html [2011-08-05 21:17:35 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempwk1852.html [2011-07-07 08:27:19 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempHk2900.html [2011-07-07 08:27:19 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Temphg2900.html [2011-07-06 22:15:49 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempRY2668.html [2011-07-06 22:15:49 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempcr2668.html [2011-07-04 01:03:01 | 000,000,022 | ---- | C] () -- C:\Users\Dawid\AppData\Roaming\esroLoader.ini [2011-07-01 13:09:35 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempwFj632.html [2011-06-26 20:46:26 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempta4028.html [2011-06-26 20:46:26 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempfx4028.html [2011-06-23 15:55:44 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempEA4072.html [2011-06-19 20:23:15 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempLc3232.html [2011-06-19 20:23:15 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempyW3232.html [2011-06-18 12:28:30 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempcwx620.html [2011-06-18 12:28:30 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempdep620.html [2011-06-18 11:28:05 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempWJ2548.html [2011-06-11 01:30:53 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemprQ3904.html [2011-06-11 01:30:53 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempcM3904.html [2011-05-24 13:03:24 | 000,276,232 | ---- | C] () -- C:\Users\Dawid\AppData\Local\ConduitInstaller.exe [2011-05-23 17:10:05 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemppR3156.html [2011-05-21 15:12:44 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempaw3132.html [2011-05-21 15:12:44 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempbF3132.html [2011-05-09 20:41:43 | 000,000,112 | ---- | C] () -- C:\Windows\WININIT.INI [2011-05-02 15:42:37 | 000,000,030 | ---- | C] () -- C:\Windows\TextSpy.ini [2011-04-28 20:52:56 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Temprv2068.html [2011-04-26 18:05:41 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempvq2108.html [2011-04-23 15:16:48 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempFu2340.html [2011-04-21 18:39:52 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempaU3060.html [2011-04-17 00:05:46 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempXp3180.html [2011-04-16 22:13:04 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempNM3104.html [2011-04-10 18:42:58 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempZU3372.html [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011-04-09 16:15:13 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempFT4140.html [2011-04-05 20:05:40 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempnv3248.html [2011-04-05 20:05:40 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempfE3248.html [2011-03-27 21:43:08 | 000,096,768 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Bloson.exe [2011-03-27 19:18:50 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempHT3680.html [2011-03-27 19:18:50 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemppH3680.html [2011-03-26 19:27:01 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempRo1152.html [2011-03-25 20:54:23 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempgU3208.html [2011-03-24 20:03:35 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Templl3364.html [2011-03-21 13:36:30 | 000,026,456 | ---- | C] () -- C:\Users\Dawid\AppData\Local\bloson.bmp [2011-02-11 20:06:47 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempfX2468.html [2011-01-28 19:11:20 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempIe3700.html [2011-01-28 19:11:20 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempAc3700.html [2011-01-23 19:48:05 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempgn3436.html [2011-01-23 19:48:05 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempKG3436.html [2011-01-15 17:35:33 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempYb3208.html [2011-01-15 12:51:07 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempWp1696.html [2010-12-30 19:00:45 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempIr2440.html [2010-12-26 18:58:37 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempwPA900.html [2010-12-23 20:58:55 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempzh3072.html [2010-12-10 18:34:12 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempYH3392.html [2010-12-09 20:26:52 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempWg2396.html [2010-12-09 20:26:52 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempxE2396.html [2010-12-07 19:46:04 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempKc3688.html [2010-12-03 19:10:55 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempQl3404.html [2010-12-03 19:10:55 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempoD3404.html [2010-11-27 00:03:13 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempqX2332.html [2010-11-21 00:01:05 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempWq1396.html [2010-11-21 00:01:05 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempPL1396.html [2010-11-20 19:21:43 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempbI3052.html [2010-11-13 12:14:46 | 000,062,648 | ---- | C] () -- C:\Users\Dawid\AppData\Local\toolbar3.bmp [2010-11-12 12:09:56 | 000,195,108 | ---- | C] () -- C:\Users\Dawid\AppData\Local\lateral3.bmp [2010-11-12 11:44:14 | 000,193,744 | ---- | C] () -- C:\Users\Dawid\AppData\Local\lateral1.bmp [2010-11-12 11:10:58 | 000,193,744 | ---- | C] () -- C:\Users\Dawid\AppData\Local\lateral2.bmp [2010-11-10 22:05:28 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempFb1364.html [2010-11-10 22:05:28 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Temptl1364.html [2010-10-23 09:11:13 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempBf3944.html [2010-10-23 09:11:13 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemprD3944.html [2010-10-23 08:39:10 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempLZ2124.html [2010-10-23 08:39:10 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemplQ2124.html [2010-10-14 17:37:36 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempNS1980.html [2010-10-13 22:12:43 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempMB1028.html [2010-10-13 22:12:43 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempmK1028.html [2010-10-13 21:45:08 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempyT3372.html [2010-10-10 18:02:18 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempqCL800.html [2010-10-06 20:56:16 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempbB3516.html [2010-10-06 19:11:35 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempmx2752.html [2010-10-01 16:46:39 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempzh3548.html [2010-09-30 21:04:31 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempcB2184.html [2010-09-25 17:03:39 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempxJ2080.html [2010-09-25 17:03:39 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempFD2080.html [2010-09-25 10:57:06 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemprfB820.html [2010-09-25 10:57:06 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempWJu820.html [2010-09-24 20:47:11 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempyp1480.html [2010-09-19 21:11:32 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempTiN304.html [2010-09-19 21:11:32 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemppqU304.html [2010-09-18 21:43:30 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempRfT924.html [2010-09-18 12:44:11 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempWs2248.html [2010-09-15 19:54:11 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemptY3156.html [2010-09-15 19:54:11 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempPz3156.html [2010-09-10 19:53:03 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempXM1372.html [2010-09-09 19:39:21 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempYg3096.html [2010-09-09 19:39:21 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempDG3096.html [2010-09-08 19:59:28 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempFd2268.html [2010-09-08 19:59:28 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempDz2268.html [2010-09-07 18:39:33 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempDF3824.html [2010-09-07 18:39:33 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempcz3824.html [2010-09-05 17:26:35 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempBH3184.html [2010-09-05 17:26:35 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempAs3184.html [2010-09-04 10:22:45 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempDq3456.html [2010-09-04 10:22:45 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempTh3456.html [2010-09-03 17:21:45 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemppY2392.html [2010-09-01 19:05:43 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempMT3264.html [2010-08-31 13:05:51 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempKv3940.html [2010-08-31 13:05:51 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemphZ3940.html [2010-08-30 23:56:17 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempUu1424.html [2010-08-30 23:56:17 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempET1424.html [2010-08-30 17:08:21 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempKv3828.html [2010-08-24 19:29:59 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempXp3112.html [2010-08-24 19:29:59 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempTU3112.html [2010-08-23 22:19:11 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempiz2844.html [2010-08-23 22:19:11 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempOc2844.html [2010-08-21 18:49:48 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempQZ3868.html [2010-08-19 23:07:35 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempoL3124.html [2010-08-19 23:07:35 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempNA3124.html [2010-08-18 20:22:48 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempvM3788.html [2010-08-18 20:22:48 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempRg3788.html [2010-08-15 13:05:43 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempUa1316.html [2010-08-13 09:49:39 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemphN2532.html [2010-08-13 09:49:39 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TemprB2532.html [2010-08-13 00:26:04 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempqS3724.html [2010-08-13 00:26:04 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Templf3724.html [2010-08-12 12:52:11 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempbyo708.html [2010-08-12 12:52:11 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempNeq708.html [2010-08-11 20:42:29 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempBT3152.html [2010-08-11 20:42:29 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempTU3152.html [2010-08-11 07:35:49 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempeg2504.html [2010-08-11 07:35:49 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempfZ2504.html [2010-08-10 22:43:58 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Templr3180.html [2010-08-10 22:43:58 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempfu3180.html [2010-08-10 21:41:32 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Templo3500.html [2010-08-10 18:38:05 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempsS2308.html [2010-08-10 18:38:05 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempPQ2308.html [2010-08-10 13:55:33 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempsu3788.html [2010-08-10 13:55:33 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempMm3788.html [2010-08-10 12:10:06 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempSj2884.html [2010-08-09 17:07:46 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempkd2300.html [2010-08-09 17:07:46 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempvf2300.html [2010-08-08 23:33:44 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempdX4560.html [2010-08-08 14:23:00 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempvJ3960.html [2010-08-07 20:08:17 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempWs3920.html [2010-08-07 20:08:17 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Tempgh3920.html [2010-08-07 15:14:11 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempGO3372.html [2010-08-07 15:11:17 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempOJ3396.html [2010-08-03 17:50:36 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempbV1424.html [2010-07-28 20:21:16 | 000,002,432 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempbX3436.html [2010-07-28 20:21:16 | 000,002,089 | ---- | C] () -- C:\Users\Dawid\AppData\Local\TempSu3436.html [2010-04-24 15:06:34 | 000,000,029 | ---- | C] () -- C:\Users\Dawid\.gtk-bookmarks [2010-02-22 18:22:03 | 000,007,621 | ---- | C] () -- C:\Users\Dawid\AppData\Local\Resmon.ResmonCfg [2010-02-13 18:07:14 | 000,008,704 | ---- | C] () -- C:\Users\Dawid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2011-09-30 20:26:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-580120484-3627193527-1350051763-1000\$RD6DMMY\e\u [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-04-02 16:52:23 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\.minecraft [2012-06-05 21:33:48 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\avidemux [2012-06-07 14:29:51 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Avnex [2010-08-09 01:06:34 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Azureus [2011-08-28 10:23:29 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Babylon [2011-05-21 15:42:09 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BabylonToolbar [2013-03-20 22:18:14 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\BitComet [2011-10-12 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2009-12-18 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools [2012-03-20 22:41:08 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DAEMON Tools Lite [2013-03-12 14:36:36 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\DealPly [2012-01-06 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\edxLabs [2013-03-30 18:34:46 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Evyr [2013-03-13 17:39:11 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ExpressFiles [2013-03-12 18:02:25 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\File Scout [2010-09-14 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\fizzy [2010-08-30 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\FOG Downloader [2010-07-29 00:32:15 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Gadu-Gadu 10 [2010-10-09 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GetRightToGo [2013-03-25 08:09:30 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\gtk-2.0 [2013-01-20 20:23:28 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\GZero [2013-01-10 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Igxoyf [2010-11-27 00:19:01 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ImgBurn [2011-03-12 10:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\InterTrust [2011-09-02 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\ipla [2012-06-23 15:47:19 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Kalypso Media [2010-09-26 16:44:25 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Leadertech [2012-05-26 09:59:35 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\MAXON [2013-01-13 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Media Finder [2010-07-18 16:48:31 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Mount&Blade [2011-03-19 20:55:29 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nokia [2011-03-10 19:43:27 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Nokia Ovi Suite [2013-02-28 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenCandy [2010-09-05 17:27:12 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\OpenFM [2011-03-19 13:58:16 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Opera [2013-03-02 11:30:21 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Origin [2013-01-10 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Ovos [2013-01-29 14:34:39 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\PC Speed Maximizer [2011-03-10 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\PC Suite [2012-12-16 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\PerformerSoft [2012-04-07 19:41:05 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Publish Providers [2011-11-27 18:58:53 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\PunkBuster [2012-10-31 18:28:17 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\rigonauts [2013-03-13 17:46:01 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SearchProtect [2011-06-11 18:32:52 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\SFBot [2012-11-30 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\skyz [2013-01-29 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Smart Driver Updater [2010-08-24 22:12:20 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Software Informer [2012-04-07 19:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony [2011-05-09 21:30:52 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sony Creative Software Inc [2010-03-03 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Sports Interactive [2013-03-15 21:20:10 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TS3Client [2013-02-23 12:17:44 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\TuneUp Software [2012-06-05 17:37:23 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Tunngle [2011-05-13 11:31:00 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Unity [2013-04-04 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\uTorrent [2012-12-22 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Dawid\AppData\Roaming\Warner Bros. Interactive Entertainment [2011-04-09 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\Dawid Końpa\AppData\Roaming\Gadu-Gadu 10 [2011-04-08 17:09:38 | 000,000,000 | ---D | M] -- C:\Users\Dawid Końpa\AppData\Roaming\PC Suite [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010-04-06 12:24:14 | 000,002,759 | ---- | M] () -- C:\bink_log.txt [2010-08-27 09:47:31 | 000,043,506 | ---- | M] () -- C:\cc_20100827_094710.reg [2010-09-01 19:05:19 | 000,006,222 | ---- | M] () -- C:\cc_20100901_190510.reg [2012-01-28 18:59:56 | 000,060,384 | ---- | M] () -- C:\cc_20120128_175934.reg [2012-04-19 20:56:31 | 000,199,984 | ---- | M] () -- C:\cc_20120419_205605 19 kwietnia 2012.reg [2012-12-08 21:26:49 | 001,184,770 | ---- | M] () -- C:\cc_20121208_202626.reg [2012-12-31 17:02:29 | 000,008,216 | ---- | M] () -- C:\cc_20121231_160225.reg [2013-02-27 21:45:14 | 000,016,416 | ---- | M] () -- C:\cc_20130227_204506.reg [2013-03-16 18:12:15 | 000,005,948 | ---- | M] () -- C:\cc_20130316_171208.reg [2013-03-20 19:30:19 | 000,001,602 | ---- | M] () -- C:\cc_20130320_183016.reg [2013-03-30 10:57:23 | 000,004,430 | ---- | M] () -- C:\cc_20130330_095721.reg [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2013-03-13 17:41:05 | 000,000,009 | ---- | M] () -- C:\END [2013-04-06 16:54:37 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys [2010-10-09 10:06:00 | 000,000,172 | ---- | M] () -- C:\INSTALL.LOG [2010-04-14 14:23:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-04-14 14:23:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013-04-06 16:54:39 | 3220,299,776 | -HS- | M] () -- C:\pagefile.sys [2010-04-06 12:27:05 | 000,000,360 | ---- | M] () -- C:\sound_bank_log.txt [2012-07-12 12:43:06 | 000,000,447 | ---- | M] () -- C:\user.js [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AD022376 < End of report >