OTL logfile created on: 2011-05-22 17:40:43 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Karol\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 32,75 Gb Free Space | 43,94% Space Free | Partition Type: NTFS Drive D: | 208,92 Gb Total Space | 71,76 Gb Free Space | 34,35% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: KAROL-KOMPUTER | User Name: Karol | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-05-22 01:48:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe PRC - [2011-05-22 00:30:59 | 000,335,872 | -HS- | M] () -- C:\Users\Karol\AppData\Local\evy.exe PRC - [2011-05-14 15:08:21 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2011-01-15 19:45:05 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2010-03-30 04:59:57 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010-02-05 19:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010-02-04 23:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010-01-05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010-01-05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009-12-15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009-12-11 16:50:00 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe PRC - [2009-11-24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009-11-02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009-07-31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009-06-19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-05-22 01:48:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2009-12-08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV - [2011-05-14 15:08:21 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-12-28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-12-11 16:50:00 | 000,239,208 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-03-09 16:43:36 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2010-12-21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:[b]64bit:[/b] - [2009-12-28 08:16:45 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:[b]64bit:[/b] - [2009-10-15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2009-10-05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009-08-23 07:08:07 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:[b]64bit:[/b] - [2009-08-21 06:24:03 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2009-08-12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:[b]64bit:[/b] - [2009-07-20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2008-12-08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2008-05-24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:[b]64bit:[/b] - [2007-07-26 09:28:54 | 000,055,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) DRV:[b]64bit:[/b] - [2006-12-22 20:05:52 | 000,559,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV - [2009-07-03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3212485663-2536987246-658786658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-3212485663-2536987246-658786658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ironto IE - HKU\S-1-5-21-3212485663-2536987246-658786658-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3212485663-2536987246-658786658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.5.2 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-05-04 00:07:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-05-18 23:48:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-05-19 01:03:20 | 000,000,000 | ---D | M] [2010-08-28 17:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karol\AppData\Roaming\mozilla\Extensions [2011-05-21 13:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\1m65s9o2.default\extensions [2011-01-15 19:45:10 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\1m65s9o2.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} [2011-01-15 19:45:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\1m65s9o2.default\extensions\engine@conduit.com [2010-12-08 16:46:22 | 000,000,929 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\1m65s9o2.default\searchplugins\conduit.xml [2010-08-30 21:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010-08-30 21:42:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-08-29 21:38:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-29 21:37:56 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010-11-24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2010-10-21 21:33:49 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-10-21 21:33:49 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2011-04-04 23:26:15 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2010-10-21 21:33:49 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-10-21 21:33:49 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-10-21 21:33:49 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-10-21 21:33:49 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3212485663-2536987246-658786658-1000\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Setwallpaper] File not found O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3212485663-2536987246-658786658-1000..\Run: [ALLUpdate] File not found O4 - HKU\S-1-5-21-3212485663-2536987246-658786658-1000..\Run: [SRS Audio Sandbox] File not found O4 - HKU\S-1-5-21-3212485663-2536987246-658786658-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3212485663-2536987246-658786658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16 O7 - HKU\S-1-5-21-3212485663-2536987246-658786658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1ce92f40-515c-11e0-b623-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1ce92f40-515c-11e0-b623-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{8cca3ac0-4b08-11e0-86e5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8cca3ac0-4b08-11e0-86e5-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{b8e8eb40-5799-11e0-8c91-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b8e8eb40-5799-11e0-8c91-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-3212485663-2536987246-658786658-1000..exefile [open] -- "C:\Users\Karol\AppData\Local\evy.exe" -a "%1" %* () O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-3212485663-2536987246-658786658-1000\...exe [@ = exefile] -- "C:\Users\Karol\AppData\Local\evy.exe" -a "%1" %* () [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-05-22 16:43:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe [2011-05-19 01:04:37 | 000,000,000 | ---D | C] -- C:\Users\Karol\AppData\Roaming\ESET [2011-05-19 01:04:37 | 000,000,000 | ---D | C] -- C:\Users\Karol\AppData\Local\ESET [2011-05-19 01:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2011-05-19 01:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2011-05-19 01:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011-05-18 23:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge [2011-05-18 14:19:29 | 000,000,000 | ---D | C] -- C:\Users\Karol\Desktop\kniga [2011-05-18 00:27:44 | 001,284,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2011-05-18 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\Karol\AppData\Local\ElevatedDiagnostics [2011-05-18 00:18:50 | 002,393,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2011-05-18 00:18:50 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2011-05-18 00:18:50 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2011-05-18 00:18:50 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2011-05-18 00:18:49 | 003,049,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2011-05-18 00:18:49 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2011-05-18 00:18:49 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2011-05-18 00:18:49 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011-05-18 00:18:49 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011-05-18 00:18:49 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011-05-18 00:18:49 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011-05-18 00:18:49 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011-05-18 00:18:49 | 000,088,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2011-05-18 00:18:49 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011-05-18 00:18:47 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011-05-18 00:18:47 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2011-05-11 16:13:11 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011-05-11 16:13:09 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011-05-11 16:13:09 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011-05-11 16:12:53 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011-05-11 16:12:53 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011-05-11 00:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SRS Labs [2011-05-11 00:32:11 | 000,042,880 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\drivers\wowhd_kern_amd64.sys [2011-05-06 14:11:54 | 000,000,000 | ---D | C] -- C:\Users\Karol\AppData\Roaming\Tibia [2011-05-06 14:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia [2011-05-06 14:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia [2011-05-04 13:18:38 | 000,000,000 | RH-D | C] -- C:\Users\Karol\AppData\Roaming\SecuROM [2011-05-04 12:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive [2011-04-29 01:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011-04-27 19:32:13 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011-04-27 19:32:12 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011-04-27 19:32:09 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011-04-27 19:32:09 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011-04-27 19:31:53 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011-04-27 19:31:53 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011-04-27 19:31:53 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011-04-27 19:31:53 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011-04-27 19:31:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011-04-27 19:31:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011-04-27 19:31:52 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011-04-27 19:31:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011-04-27 19:31:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011-04-24 22:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011-04-24 22:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011-04-24 22:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011-04-24 20:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asprate [2011-04-24 20:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asprate [2011-04-23 14:34:06 | 000,000,000 | ---D | C] -- C:\Users\Karol\Desktop\Documents\BFBC2 [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-05-22 17:43:13 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-05-22 17:38:51 | 001,835,008 | -HS- | M] () -- C:\Users\Karol\NTUSER.DAT [2011-05-22 17:38:33 | 000,009,050 | -HS- | M] () -- C:\Users\Karol\AppData\Local\1hae4q380451ms3t48du670jf5554i0sm4bjn3g03klk4t2 [2011-05-22 17:38:20 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-05-22 17:38:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-05-22 17:38:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-05-22 17:38:03 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys [2011-05-22 17:27:05 | 002,351,935 | -H-- | M] () -- C:\Users\Karol\AppData\Local\IconCache.db [2011-05-22 16:49:08 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-05-22 16:49:08 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-05-22 01:48:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe [2011-05-22 00:37:01 | 000,009,180 | -HS- | M] () -- C:\ProgramData\1hae4q380451ms3t48du670jf5554i0sm4bjn3g03klk4t2 [2011-05-22 00:30:59 | 000,335,872 | -HS- | M] () -- C:\Users\Karol\AppData\Local\evy.exe [2011-05-22 00:30:57 | 000,000,000 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\9326758.exe [2011-05-22 00:30:57 | 000,000,000 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\7215999.exe [2011-05-22 00:30:57 | 000,000,000 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\580605.exe [2011-05-22 00:30:57 | 000,000,000 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\1943041.exe [2011-05-22 00:30:56 | 000,335,872 | -HS- | M] () -- C:\Users\Karol\AppData\Local\bml.exe [2011-05-22 00:30:55 | 000,335,872 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\2792882.exe [2011-05-19 12:17:26 | 000,001,874 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011-05-19 12:17:25 | 000,001,192 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011-05-04 12:57:11 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk [2011-05-02 18:03:32 | 000,088,680 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2011-04-29 01:18:08 | 001,647,520 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-04-29 01:18:08 | 000,732,986 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-04-29 01:18:08 | 000,647,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-04-29 01:18:08 | 000,151,626 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-04-29 01:18:08 | 000,118,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-04-26 00:11:28 | 001,623,786 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-05-22 00:31:05 | 000,009,180 | -HS- | C] () -- C:\ProgramData\1hae4q380451ms3t48du670jf5554i0sm4bjn3g03klk4t2 [2011-05-22 00:31:05 | 000,009,050 | -HS- | C] () -- C:\Users\Karol\AppData\Local\1hae4q380451ms3t48du670jf5554i0sm4bjn3g03klk4t2 [2011-05-22 00:30:59 | 000,335,872 | -HS- | C] () -- C:\Users\Karol\AppData\Local\evy.exe [2011-05-22 00:30:57 | 000,000,000 | ---- | C] () -- C:\Users\Karol\AppData\Roaming\9326758.exe [2011-05-22 00:30:57 | 000,000,000 | ---- | C] () -- C:\Users\Karol\AppData\Roaming\7215999.exe [2011-05-22 00:30:57 | 000,000,000 | ---- | C] () -- C:\Users\Karol\AppData\Roaming\580605.exe [2011-05-22 00:30:57 | 000,000,000 | ---- | C] () -- C:\Users\Karol\AppData\Roaming\1943041.exe [2011-05-22 00:30:56 | 000,335,872 | -HS- | C] () -- C:\Users\Karol\AppData\Local\bml.exe [2011-05-22 00:30:54 | 000,335,872 | ---- | C] () -- C:\Users\Karol\AppData\Roaming\2792882.exe [2011-05-11 00:32:11 | 000,064,384 | ---- | C] () -- C:\Windows\SysNative\drivers\csiidecoder_kern_amd64.sys [2011-05-11 00:32:11 | 000,059,904 | ---- | C] () -- C:\Windows\SysNative\drivers\tshd4_kern_amd64.sys [2011-05-11 00:32:11 | 000,055,040 | ---- | C] () -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys [2011-05-04 12:57:11 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk [2011-04-24 22:36:20 | 001,623,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-09-17 14:17:13 | 000,314,368 | ---- | C] () -- C:\Windows\KSGDeInstall.exe [2010-09-02 18:57:17 | 000,001,816 | ---- | C] () -- C:\Windows\hpdj3740.ini [2010-08-30 21:43:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-08-29 19:04:40 | 000,007,168 | ---- | C] () -- C:\Users\Karol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-08-29 18:12:48 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010-08-29 00:26:32 | 002,351,935 | -H-- | C] () -- C:\Users\Karol\AppData\Local\IconCache.db [2010-08-28 19:45:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010-08-28 15:04:50 | 000,109,624 | ---- | C] () -- C:\Users\Karol\AppData\Local\GDIPFONTCACHEV1.DAT [2010-03-30 04:59:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010-03-30 04:41:54 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009-12-11 16:50:00 | 000,095,848 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll [2009-10-26 05:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2009-08-19 10:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe [2009-08-19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009-07-29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 04:34:57 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 04:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006-05-19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [color=#E56717]========== LOP Check ==========[/color] [2010-08-28 15:16:52 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Asus WebStorage [2011-05-09 23:43:41 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\BitComet [2011-03-18 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\DAEMON Tools Lite [2010-09-01 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\DAEMON Tools Net [2011-05-19 01:04:37 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\ESET [2010-08-28 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\EurekaLog [2011-05-20 17:15:20 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\GanymedeNet [2011-05-18 00:04:06 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\ipla [2010-08-28 19:37:38 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\NCH Swift Sound [2010-10-17 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Nowe Gadu-Gadu [2010-08-28 17:21:09 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\OpenFM [2011-04-08 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\RDRM [2011-05-06 14:17:57 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Tibia [2010-09-01 13:23:41 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Tibiacast [2011-04-04 18:22:51 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >