OTL logfile created on: 2013-10-19 18:59:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oo\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,96 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,58% Memory free 15,92 Gb Paging File | 13,26 Gb Available in Paging File | 83,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,28 Gb Total Space | 198,25 Gb Free Space | 68,77% Space Free | Partition Type: NTFS Drive D: | 443,13 Gb Total Space | 415,33 Gb Free Space | 93,73% Space Free | Partition Type: NTFS Drive F: | 190,23 Gb Total Space | 130,56 Gb Free Space | 68,63% Space Free | Partition Type: NTFS Drive G: | 676,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive J: | 6,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: OO-KOMPUTER | User Name: oo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-10-19 18:57:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oo\Downloads\OTL(1).exe PRC - [2013-10-09 02:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013-08-26 19:00:04 | 001,651,144 | ---- | M] (AIMP DevTeam) -- C:\Program Files (x86)\AIMP3\AIMP3.exe PRC - [2013-08-23 05:32:54 | 000,763,312 | ---- | M] (Qihu 360 Software Co., Ltd.) -- C:\Program Files\360\360 Internet Security\safemon\360Tray.exe PRC - [2013-03-27 05:49:14 | 000,288,192 | ---- | M] (Qihu 360 Software Co., Ltd.) -- C:\Program Files\360\360 Internet Security\deepscan\ZhuDongFangYu.exe PRC - [2013-03-14 10:23:22 | 002,607,680 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe PRC - [2012-12-07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012-09-28 08:53:22 | 003,397,552 | ---- | M] () -- C:\Program Files (x86)\Plus Internet\Plus Internet.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-10-09 02:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll MOD - [2013-10-09 02:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll MOD - [2013-10-09 02:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll MOD - [2013-10-09 02:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll MOD - [2013-10-09 02:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll MOD - [2013-10-09 02:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll MOD - [2013-08-26 19:00:04 | 001,733,120 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll MOD - [2013-08-26 19:00:04 | 000,480,256 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Sqlite3.dll MOD - [2013-08-26 19:00:04 | 000,435,200 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll MOD - [2013-08-26 19:00:04 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll MOD - [2013-08-26 19:00:04 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\MACDll.dll MOD - [2013-08-26 19:00:04 | 000,141,768 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll MOD - [2013-08-26 19:00:04 | 000,071,624 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll MOD - [2013-08-26 19:00:04 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp MOD - [2012-09-28 08:53:22 | 003,397,552 | ---- | M] () -- C:\Program Files (x86)\Plus Internet\Plus Internet.exe MOD - [2012-09-28 08:53:18 | 001,105,920 | ---- | M] () -- C:\Program Files (x86)\Plus Internet\NDISAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-08-20 04:25:34 | 000,750,264 | ---- | M] (Qihu 360 Software Co., Ltd.) [Auto | Running] -- C:\Program Files\360\360 Internet Security\360rps.exe -- (360rp) SRV:[b]64bit:[/b] - [2013-03-27 05:49:14 | 000,288,192 | ---- | M] (Qihu 360 Software Co., Ltd.) [Auto | Running] -- C:\Program Files\360\360 Internet Security\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu) SRV:[b]64bit:[/b] - [2013-02-20 06:26:54 | 000,423,144 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\360\360 Internet Security\scan.dll -- (scan) SRV:[b]64bit:[/b] - [2012-08-06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2012-07-28 04:09:45 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2010-04-06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-09-19 20:52:05 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-07-28 09:47:15 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2012-12-07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-07-23 23:12:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2013-07-04 15:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2013-06-13 09:10:00 | 000,304,832 | ---- | M] (Qihu 360 Software Co., Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360Box64.sys -- (360Box64) DRV:[b]64bit:[/b] - [2013-05-08 14:33:04 | 000,190,808 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS -- (BAPIDRV) DRV:[b]64bit:[/b] - [2013-04-10 04:45:43 | 000,064,712 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360AntiHacker64.sys -- (360AntiHacker) DRV:[b]64bit:[/b] - [2013-03-28 04:11:29 | 000,067,272 | ---- | M] (Qihu 360 Software Co., Ltd.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\360AvFlt.sys -- (360AvFlt) DRV:[b]64bit:[/b] - [2013-03-27 09:19:16 | 000,040,640 | ---- | M] (Qihu 360 Software Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\360Camera64.sys -- (360Camera) DRV:[b]64bit:[/b] - [2013-03-27 08:11:12 | 000,213,184 | ---- | M] (Qihu 360 Software Co., Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360FsFlt.sys -- (360FsFlt) DRV:[b]64bit:[/b] - [2012-12-07 18:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:[b]64bit:[/b] - [2012-09-28 08:53:54 | 000,154,112 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:[b]64bit:[/b] - [2012-09-28 08:53:54 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:[b]64bit:[/b] - [2012-09-28 08:53:54 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:[b]64bit:[/b] - [2012-09-28 08:53:54 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:[b]64bit:[/b] - [2012-09-28 08:53:54 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:[b]64bit:[/b] - [2012-07-28 06:07:45 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2012-07-28 03:14:47 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2012-05-14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2012-03-30 16:49:08 | 000,056,448 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2012-03-08 09:53:14 | 000,022,128 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:[b]64bit:[/b] - [2011-08-23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2007-12-10 15:22:10 | 000,144,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s3017unic.sys -- (s3017unic) DRV:[b]64bit:[/b] - [2007-12-10 15:22:06 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s3017obex.sys -- (s3017obex) DRV:[b]64bit:[/b] - [2007-12-10 15:22:04 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s3017nd5.sys -- (s3017nd5) DRV:[b]64bit:[/b] - [2007-12-10 15:22:02 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s3017mgmt.sys -- (s3017mgmt) DRV:[b]64bit:[/b] - [2007-12-10 15:22:00 | 000,146,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s3017mdm.sys -- (s3017mdm) DRV:[b]64bit:[/b] - [2007-12-10 15:22:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s3017mdfl.sys -- (s3017mdfl) DRV:[b]64bit:[/b] - [2007-12-10 15:21:56 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s3017bus.sys -- (s3017bus) DRV:[b]64bit:[/b] - [2007-11-02 15:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm) DRV:[b]64bit:[/b] - [2007-11-02 15:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic) DRV:[b]64bit:[/b] - [2007-11-02 15:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex) DRV:[b]64bit:[/b] - [2007-11-02 15:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5) DRV:[b]64bit:[/b] - [2007-11-02 15:22:28 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mgmt.sys -- (s217mgmt) DRV:[b]64bit:[/b] - [2007-11-02 15:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus) DRV:[b]64bit:[/b] - [2007-11-02 15:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:page IE - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.3 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12 FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.40 FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\oo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\oo\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 24.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 24.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-09-19 20:52:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-09-19 20:52:02 | 000,000,000 | ---D | M] [2013-07-24 03:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oo\AppData\Roaming\mozilla\Extensions [2013-10-19 18:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oo\AppData\Roaming\mozilla\Firefox\Profiles\kfgnv8vy.default\extensions [2013-10-10 19:26:05 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\oo\AppData\Roaming\mozilla\Firefox\Profiles\kfgnv8vy.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013-10-18 19:07:00 | 000,000,000 | ---D | M] (Shumway) -- C:\Users\oo\AppData\Roaming\mozilla\Firefox\Profiles\kfgnv8vy.default\extensions\shumway@research.mozilla.org [2013-10-12 12:54:48 | 001,097,649 | ---- | M] () (No name found) -- C:\Users\oo\AppData\Roaming\mozilla\firefox\profiles\kfgnv8vy.default\extensions\2.0@disconnect.me.xpi [2013-09-06 23:51:59 | 000,282,174 | ---- | M] () (No name found) -- C:\Users\oo\AppData\Roaming\mozilla\firefox\profiles\kfgnv8vy.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-10-10 18:42:47 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\oo\AppData\Roaming\mozilla\firefox\profiles\kfgnv8vy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-02 22:59:12 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\oo\AppData\Roaming\mozilla\firefox\profiles\kfgnv8vy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-19 20:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-09-19 20:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013-09-19 20:52:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012-10-01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.searchgol.com/?babsrc=HP_ss&mntrId=E4DE00A0C6000000&affID=125032&tsp=5035 CHR - Extension: Angry Birds = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\ CHR - Extension: Szukaj w Google = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: 8BitBoy = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakbnhlnmaaiehobobngpgagjkedakep\1.2.5_0\ CHR - Extension: Tank Riders = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdmmodjlfegeieihcdcgcalkgmhgmiae\1.0.3_0\ CHR - Extension: Chrome In-App Payments service = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: 360 WebShield Plug-in = C:\Users\oo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\ O1 HOSTS File: ([2013-07-18 23:01:26 | 000,000,921 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000..\Run: [360sd] C:\Program Files\360\360 Internet Security\360sdrun.exe (Qihu 360 Software Co., Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{087E837D-406F-4793-8DBB-BEFE6DEB885F}: DhcpNameServer = 212.2.96.51 212.2.96.52 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B445E67-196E-44FC-AADA-55A9FB2DB66E}: NameServer = 212.2.96.51 212.2.96.52 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C66027CC-9BDC-40C7-B589-075FFC1E4879}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\ms-help - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3096193654-3651429466-3341903422-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002-02-19 23:06:00 | 000,000,067 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2012-03-17 20:33:46 | 000,000,535 | R--- | M] () - J:\AutoRun.dat -- [ CDFS ] O32 - AutoRun File - [2012-03-16 19:44:40 | 000,328,192 | R--- | M] () - J:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2012-03-20 17:48:49 | 000,000,051 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1a51722d-1704-11e3-b44c-94de800874ca}\Shell - "" = AutoRun O33 - MountPoints2\{1a51722d-1704-11e3-b44c-94de800874ca}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{1a51723d-1704-11e3-b44c-94de800874ca}\Shell - "" = AutoRun O33 - MountPoints2\{1a51723d-1704-11e3-b44c-94de800874ca}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- [2012-03-16 19:44:40 | 000,328,192 | R--- | M] () O33 - MountPoints2\{bb6923e9-f5f3-11e2-8a30-08002700cc15}\Shell - "" = AutoRun O33 - MountPoints2\{bb6923e9-f5f3-11e2-8a30-08002700cc15}\Shell\AutoRun\command - "" = H:\setup.exe AUTORUN=1 O33 - MountPoints2\{ddf77ba1-f3d4-11e2-9fbd-94de800874ca}\Shell - "" = AutoRun O33 - MountPoints2\{ddf77ba1-f3d4-11e2-9fbd-94de800874ca}\Shell\AutoRun\command - "" = G:\_autorun\AUTORUN.EXE -- [2002-02-19 22:06:00 | 000,036,864 | R--- | M] (New World Computing) O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-10-19 18:44:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013-10-19 18:44:33 | 000,000,000 | ---D | C] -- C:\FRST [2013-10-19 13:32:48 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome [2013-10-18 17:48:15 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth VSTi v1.2.1 [2013-10-18 17:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth VSTi v1.2.1 [2013-10-18 17:03:06 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 NonSteam [2013-10-18 17:03:06 | 000,000,000 | ---D | C] -- C:\Counter-Strike 1.6 [2013-10-18 16:58:08 | 332,928,085 | ---- | C] (n/a) -- C:\Users\oo\Desktop\CS16v48_Non_Steam_wersjaNDM.exe [2013-10-15 17:52:09 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Local\Game Dev Tycoon [2013-10-15 17:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Dev Tycoon v1.3.2 [2013-10-15 16:55:18 | 000,000,000 | ---D | C] -- C:\Quake III Arena [2013-10-14 12:45:22 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory [2013-10-14 12:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory [2013-10-14 12:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wolfenstein - Enemy Territory [2013-10-14 10:22:51 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Malwarebytes [2013-10-14 10:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013-10-14 10:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013-10-14 10:22:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013-10-14 10:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013-10-14 10:19:39 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Local\avgchrome [2013-10-12 20:42:15 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\.mono [2013-10-11 18:44:14 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Unity [2013-10-11 18:31:13 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Local\Unity [2013-10-10 20:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013-10-10 19:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox [2013-10-10 17:30:14 | 000,000,000 | ---D | C] -- C:\Users\oo\Desktop\Don't Starve [2013-10-10 17:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013-10-10 17:18:14 | 000,000,000 | ---D | C] -- C:\Users\oo\Documents\Klei [2013-10-08 18:34:52 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\.pokecraft [2013-10-08 17:32:17 | 000,000,000 | ---D | C] -- C:\AMD [2013-10-08 17:11:25 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\.minecraft [2013-10-08 16:26:25 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria [2013-10-08 16:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2013-09-29 18:52:00 | 000,000,000 | --SD | C] -- C:\Users\oo\GG dysk [2013-09-29 17:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2013-09-29 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013-09-29 16:53:38 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\GG [2013-09-29 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Local\GG [2013-09-27 22:05:46 | 000,000,000 | -HSD | C] -- C:\360Rec [2013-09-22 19:35:40 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2013-09-22 19:28:47 | 000,000,000 | ---D | C] -- C:\Users\oo\AppData\Local\Facebook [2013-09-19 20:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-10-19 18:59:14 | 000,000,168 | ---- | M] () -- C:\Users\oo\defogger_reenable [2013-10-19 18:57:07 | 001,661,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-10-19 18:57:07 | 000,737,242 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-10-19 18:57:07 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-10-19 18:57:07 | 000,153,930 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-10-19 18:57:07 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-10-19 18:51:12 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-10-19 18:51:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-10-19 18:51:00 | 2115,178,495 | -HS- | M] () -- C:\hiberfil.sys [2013-10-19 18:50:28 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-10-19 18:50:28 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-10-19 18:45:22 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013-10-19 18:03:17 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-10-19 16:33:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3096193654-3651429466-3341903422-1000UA.job [2013-10-18 20:41:50 | 008,980,898 | ---- | M] () -- C:\Users\oo\Desktop\Don Diablo - Origins(Batman Arkham Origins).mp3 [2013-10-18 20:23:42 | 002,806,733 | ---- | M] () -- C:\Users\oo\Desktop\Origins.wma [2013-10-18 19:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3096193654-3651429466-3341903422-1000Core.job [2013-10-18 17:04:44 | 000,001,864 | ---- | M] () -- C:\Users\oo\Desktop\Counter-Strike 1.6.lnk [2013-10-18 14:24:04 | 332,928,085 | ---- | M] (n/a) -- C:\Users\oo\Desktop\CS16v48_Non_Steam_wersjaNDM.exe [2013-10-17 23:07:14 | 000,001,176 | ---- | M] () -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk [2013-10-15 23:43:20 | 000,001,924 | ---- | M] () -- C:\Users\oo\Desktop\formularz.html [2013-10-15 23:38:32 | 000,083,212 | ---- | M] () -- C:\Users\oo\Desktop\Screen 1.jpg [2013-10-15 23:10:58 | 000,002,043 | ---- | M] () -- C:\Users\oo\Desktop\aaa.html [2013-10-15 17:52:02 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Game Dev Tycoon v1.3.2.lnk [2013-10-14 20:54:29 | 014,328,685 | ---- | M] () -- C:\Users\oo\Desktop\Don Diablo & Example - Hooligans (Extended Mix).mp3 [2013-10-14 19:32:59 | 000,065,796 | ---- | M] () -- C:\Users\oo\Desktop\Bez tytułu.jpg [2013-10-14 18:20:14 | 000,389,358 | ---- | M] () -- C:\Users\oo\Desktop\feniks-1.jpeg [2013-10-14 18:20:14 | 000,006,003 | ---- | M] () -- C:\Users\oo\.recently-used.xbel [2013-10-14 16:20:29 | 000,004,140 | ---- | M] () -- C:\Users\oo\Desktop\Bez nazwy.jpg [2013-10-14 16:20:11 | 000,020,691 | ---- | M] () -- C:\Users\oo\Desktop\Bez nazwy.xcf [2013-10-14 12:45:24 | 000,001,058 | ---- | M] () -- C:\Users\oo\Desktop\Wolfenstein - Enemy Territory.lnk [2013-10-14 10:22:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013-10-14 10:19:38 | 000,000,071 | ---- | M] () -- C:\Windows\wininit.ini [2013-10-10 20:34:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-10-10 20:34:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-10-09 17:22:06 | 003,700,243 | ---- | M] () -- C:\Users\oo\Documents\Cookis - All That Mattered.wma [2013-10-08 16:26:35 | 000,000,740 | ---- | M] () -- C:\Users\oo\Desktop\Terraria.lnk [2013-10-06 22:37:32 | 000,000,245 | ---- | M] () -- C:\Users\oo\Documents\Przykład 4.html [2013-10-06 22:34:34 | 000,000,143 | ---- | M] () -- C:\Users\oo\Documents\Przykład 3.html [2013-10-06 22:28:10 | 000,000,116 | ---- | M] () -- C:\Users\oo\Documents\2.html [2013-10-06 22:28:08 | 000,000,110 | ---- | M] () -- C:\Users\oo\Documents\1.html [2013-10-06 22:28:04 | 000,000,167 | ---- | M] () -- C:\Users\oo\Documents\Przykład 2.html [2013-10-06 22:26:32 | 000,000,138 | ---- | M] () -- C:\Users\oo\Documents\Przykład 1.html [2013-10-03 22:12:23 | 000,000,968 | ---- | M] () -- C:\Users\oo\Desktop\AQQ.lnk [2013-09-29 17:49:21 | 000,001,268 | ---- | M] () -- C:\Users\oo\Desktop\Revo Uninstaller.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-10-19 18:59:14 | 000,000,168 | ---- | C] () -- C:\Users\oo\defogger_reenable [2013-10-18 20:25:10 | 008,980,898 | ---- | C] () -- C:\Users\oo\Desktop\Don Diablo - Origins(Batman Arkham Origins).mp3 [2013-10-18 20:23:42 | 002,806,733 | ---- | C] () -- C:\Users\oo\Desktop\Origins.wma [2013-10-18 17:48:14 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys [2013-10-18 17:04:44 | 000,001,864 | ---- | C] () -- C:\Users\oo\Desktop\Counter-Strike 1.6.lnk [2013-10-15 23:38:32 | 000,083,212 | ---- | C] () -- C:\Users\oo\Desktop\Screen 1.jpg [2013-10-15 22:17:23 | 000,002,043 | ---- | C] () -- C:\Users\oo\Desktop\aaa.html [2013-10-15 21:56:41 | 000,001,924 | ---- | C] () -- C:\Users\oo\Desktop\formularz.html [2013-10-15 17:52:02 | 000,000,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon v1.3.2.lnk [2013-10-15 17:52:02 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Game Dev Tycoon v1.3.2.lnk [2013-10-14 20:48:31 | 014,328,685 | ---- | C] () -- C:\Users\oo\Desktop\Don Diablo & Example - Hooligans (Extended Mix).mp3 [2013-10-14 19:32:59 | 000,065,796 | ---- | C] () -- C:\Users\oo\Desktop\Bez tytułu.jpg [2013-10-14 18:20:14 | 000,006,003 | ---- | C] () -- C:\Users\oo\.recently-used.xbel [2013-10-14 16:20:29 | 000,004,140 | ---- | C] () -- C:\Users\oo\Desktop\Bez nazwy.jpg [2013-10-14 16:20:11 | 000,020,691 | ---- | C] () -- C:\Users\oo\Desktop\Bez nazwy.xcf [2013-10-14 13:38:24 | 000,389,358 | ---- | C] () -- C:\Users\oo\Desktop\feniks-1.jpeg [2013-10-14 12:45:24 | 000,001,058 | ---- | C] () -- C:\Users\oo\Desktop\Wolfenstein - Enemy Territory.lnk [2013-10-14 10:22:42 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013-10-14 10:19:38 | 000,000,071 | ---- | C] () -- C:\Windows\wininit.ini [2013-10-10 19:58:10 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk [2013-10-09 22:47:34 | 011,447,148 | ---- | C] () -- C:\Users\oo\Desktop\Cascada - Fever (N-Vision Club Mix)n-stars.pl.mp3 [2013-10-09 17:22:06 | 003,700,243 | ---- | C] () -- C:\Users\oo\Documents\Cookis - All That Mattered.wma [2013-10-08 16:26:35 | 000,000,740 | ---- | C] () -- C:\Users\oo\Desktop\Terraria.lnk [2013-10-06 22:38:57 | 000,000,245 | ---- | C] () -- C:\Users\oo\Documents\Przykład 4.html [2013-10-06 22:38:57 | 000,000,167 | ---- | C] () -- C:\Users\oo\Documents\Przykład 2.html [2013-10-06 22:38:57 | 000,000,143 | ---- | C] () -- C:\Users\oo\Documents\Przykład 3.html [2013-10-06 22:38:57 | 000,000,138 | ---- | C] () -- C:\Users\oo\Documents\Przykład 1.html [2013-10-06 22:38:57 | 000,000,116 | ---- | C] () -- C:\Users\oo\Documents\2.html [2013-10-06 22:38:57 | 000,000,110 | ---- | C] () -- C:\Users\oo\Documents\1.html [2013-09-29 17:49:21 | 000,001,268 | ---- | C] () -- C:\Users\oo\Desktop\Revo Uninstaller.lnk [2013-09-29 16:53:38 | 000,001,143 | ---- | C] () -- C:\Users\oo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk [2013-09-22 19:28:52 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3096193654-3651429466-3341903422-1000UA.job [2013-09-22 19:28:51 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3096193654-3651429466-3341903422-1000Core.job [2013-09-14 22:23:36 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe [2013-07-28 09:47:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2013-07-25 21:40:55 | 000,007,615 | ---- | C] () -- C:\Users\oo\AppData\Local\Resmon.ResmonCfg [2013-07-19 14:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-07-19 13:54:35 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013-07-19 13:54:35 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013-07-19 13:54:35 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2013-07-19 13:50:22 | 001,636,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-07-19 13:46:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013-07-18 23:01:26 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe [2012-07-02 22:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll [2012-05-10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-02-03 05:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-10-14 09:34:58 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\.minecraft [2013-10-12 20:42:15 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\.mono [2013-10-08 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\.pokecraft [2013-10-18 21:29:49 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\360safe [2013-09-14 22:13:18 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\360SD [2013-10-19 19:01:31 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\AIMP3 [2013-08-22 22:35:01 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\AnvSoft [2013-09-21 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\BitTorrent [2013-07-23 23:23:06 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\DAEMON Tools Lite [2013-07-24 03:29:03 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Dev-Cpp [2013-07-28 14:30:32 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\FlowStone [2013-07-27 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Gadu-Gadu 10 [2013-10-06 12:35:34 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\GG [2013-10-14 16:20:30 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\gtk-2.0 [2013-07-28 14:30:48 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Image-Line [2013-07-28 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\ImgBurn [2013-09-10 21:52:41 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\InterTrust [2013-09-07 21:37:17 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\LolClient [2013-09-04 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Notepad++ [2013-09-06 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Plus Internet [2013-09-13 19:07:45 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Sahmon Games [2013-08-19 13:05:00 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\smc [2013-09-10 21:41:12 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Softland [2013-08-17 16:08:55 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Stardock [2013-10-11 18:44:14 | 000,000,000 | ---D | M] -- C:\Users\oo\AppData\Roaming\Unity [color=#E56717]========== Purity Check ==========[/color] < End of report >