OTL logfile created on: 2012-01-23 21:54:30 - Run 3 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Kotus\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 12,00 Gb Total Physical Memory | 10,28 Gb Available Physical Memory | 85,68% Memory free 12,01 Gb Paging File | 10,27 Gb Available in Paging File | 85,51% Paging File free Paging file location(s): j:\pagefile.sys 18 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 37,27 Gb Total Space | 3,10 Gb Free Space | 8,32% Space Free | Partition Type: NTFS Drive D: | 58,60 Gb Total Space | 2,07 Gb Free Space | 3,53% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 2,46 Gb Free Space | 3,60% Space Free | Partition Type: NTFS Drive F: | 76,63 Gb Total Space | 0,62 Gb Free Space | 0,81% Space Free | Partition Type: NTFS Drive G: | 1,95 Gb Total Space | 0,02 Gb Free Space | 0,80% Space Free | Partition Type: FAT Drive H: | 95,70 Gb Total Space | 1,46 Gb Free Space | 1,52% Space Free | Partition Type: NTFS Drive I: | 292,97 Gb Total Space | 4,25 Gb Free Space | 1,45% Space Free | Partition Type: NTFS Drive J: | 104,43 Gb Total Space | 9,59 Gb Free Space | 9,18% Space Free | Partition Type: NTFS Drive K: | 3,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive L: | 1,86 Gb Total Space | 0,48 Gb Free Space | 25,67% Space Free | Partition Type: FAT32 Computer Name: KOTUS-PC | User Name: Kotus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-01-06 22:34:24 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-12-24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-11-28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-10-25 15:59:16 | 000,244,960 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe PRC - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-08-15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011-06-12 19:54:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kotus\Downloads\OTL.exe PRC - [2011-06-01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011-02-15 12:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2011-02-07 05:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2010-08-19 09:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010-08-19 09:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010-03-06 03:44:40 | 000,500,208 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe PRC - [2009-12-31 13:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Kotus\AppData\Roaming\blueconnect\ouc.exe PRC - [2009-07-07 16:29:58 | 000,282,624 | ---- | M] (BlazeVideo Company) -- C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe PRC - [2007-04-09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-11-28 19:01:22 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2011-10-07 18:47:12 | 000,300,200 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll MOD - [2011-06-12 19:54:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kotus\Downloads\OTL.exe MOD - [2011-02-07 05:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2011-11-23 11:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS) SRV:[b]64bit:[/b] - [2011-10-07 18:47:16 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-01-06 22:34:24 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012-01-06 14:14:35 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-12-24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-10-25 15:59:16 | 000,244,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar) SRV - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-08-15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011-06-01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010-08-19 09:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-09-08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-12-25 01:10:53 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA) DRV:[b]64bit:[/b] - [2011-12-10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011-11-28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2011-09-23 22:48:44 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:[b]64bit:[/b] - [2011-09-23 22:48:44 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:[b]64bit:[/b] - [2011-07-08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2011-03-27 17:56:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011-01-01 09:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:[b]64bit:[/b] - [2010-08-19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2010-06-23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-04-09 14:24:38 | 000,079,360 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2010-04-09 14:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2010-03-20 10:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2009-08-23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:[b]64bit:[/b] - [2009-07-16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:[b]64bit:[/b] - [2009-06-20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009-06-18 08:24:08 | 000,072,216 | ---- | M] (SuperSpeed LLC) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SscRdBus.sys -- (SscRdBus) Virtual bus device (SuperSpeed LLC) DRV:[b]64bit:[/b] - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2007-11-16 15:59:10 | 000,037,376 | ---- | M] (SuperSpeed LLC) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SscRdCls.sys -- (SscRdCls) RAM Disk (SuperSpeed LLC) DRV:[b]64bit:[/b] - [2007-04-12 08:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL) DRV:[b]64bit:[/b] - [2007-04-10 06:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:[b]64bit:[/b] - [2007-04-10 04:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k) DRV:[b]64bit:[/b] - [2007-04-10 04:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k) DRV:[b]64bit:[/b] - [2007-04-10 04:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k) DRV:[b]64bit:[/b] - [2007-04-10 04:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:[b]64bit:[/b] - [2007-04-10 04:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:[b]64bit:[/b] - [2007-04-10 04:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:[b]64bit:[/b] - [2007-04-10 04:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:[b]64bit:[/b] - [2007-04-10 04:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:[b]64bit:[/b] - [2007-04-10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV:[b]64bit:[/b] - [2007-04-10 04:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV - [2011-03-21 21:45:27 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Kotus\Downloads\New folder\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2010-05-27 01:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3018234942-847044455-3349754581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20111113&user_guid=BF7983D9FC274870818CE0C2AB2B82A3&machine_id=65dfb853c985562975abc48735eb6f70&browser=IE&os=win&os_version=6.1-x64-SP0 IE - HKU\S-1-5-21-3018234942-847044455-3349754581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.com/?l=dis&o=102876&gct=hp IE - HKU\S-1-5-21-3018234942-847044455-3349754581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3018234942-847044455-3349754581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "http://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20111113&user_guid=BF7983D9FC274870818CE0C2AB2B82A3&machine_id=65dfb853c985562975abc48735eb6f70&browser=FF&os=win&os_version=6.1-x64-SP0&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-22 21:09:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-10-01 14:38:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-19 22:25:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: I:\Tunderbird\components [2011-10-30 17:52:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: I:\Tunderbird\plugins [2011-03-20 21:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kotus\AppData\Roaming\Mozilla\Extensions [2012-01-22 15:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kotus\AppData\Roaming\Mozilla\Firefox\Profiles\hgko4tum.default\extensions [2012-01-21 22:35:55 | 000,001,210 | ---- | M] () -- C:\Users\Kotus\AppData\Roaming\Mozilla\Firefox\Profiles\hgko4tum.default\searchplugins\search.xml [2011-11-13 22:17:43 | 000,001,390 | ---- | M] () -- C:\Users\Kotus\AppData\Roaming\Mozilla\Firefox\Profiles\hgko4tum.default\searchplugins\yahoo-zugo.xml [2011-06-07 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011-12-18 13:19:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-04-10 15:19:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-06-07 22:21:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2012-01-22 21:09:40 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF () (No name found) -- C:\USERS\KOTUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGKO4TUM.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI () (No name found) -- C:\USERS\KOTUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGKO4TUM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\KOTUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGKO4TUM.DEFAULT\EXTENSIONS\SUPPORT@PLATINUMHIDEIP.COM.XPI [2011-10-01 14:38:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2011-10-01 14:38:30 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allegro-pl.xml [2011-10-01 14:38:30 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fbc-pl.xml [2011-10-01 14:38:30 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-10-01 14:38:30 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-10-01 14:38:30 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-10-01 14:38:30 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-01-21 23:42:44 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 188.119.151.113 www.google-analytics.com. O1 - Hosts: 188.119.151.113 ad-emea.doubleclick.net. O1 - Hosts: 188.119.151.113 www.statcounter.com. O1 - Hosts: 69.72.252.254 www.google-analytics.com. O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net. O1 - Hosts: 69.72.252.254 www.statcounter.com. O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll () O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [AsioReg] File not found O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:[b]64bit:[/b] - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO) O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO) O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited) O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3018234942-847044455-3349754581-1000..\Run: [BlazeServoTool] C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe (BlazeVideo Company) O4 - HKU\S-1-5-21-3018234942-847044455-3349754581-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3018234942-847044455-3349754581-1000..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKU\S-1-5-21-3018234942-847044455-3349754581-1000..\Run: [Pando Media Booster] File not found O4 - HKU\S-1-5-21-3018234942-847044455-3349754581-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-3018234942-847044455-3349754581-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-21-3018234942-847044455-3349754581-1001..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-10-25 18:02:36 | 000,000,000 | ---D | M] - H:\Auto Hide IP 4.6.7.2 + Crack [1337x] [Ahmed] -- [ NTFS ] O32 - AutoRun File - [2009-07-14 10:29:38 | 000,000,122 | R--- | M] () - K:\autorun.inf -- [ UDF ] O33 - MountPoints2\{441cb948-ccec-11e0-bbcf-20cf30e3d6d8}\Shell - "" = AutoRun O33 - MountPoints2\{441cb948-ccec-11e0-bbcf-20cf30e3d6d8}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{441cb957-ccec-11e0-bbcf-20cf30e3d6d8}\Shell - "" = AutoRun O33 - MountPoints2\{441cb957-ccec-11e0-bbcf-20cf30e3d6d8}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{5b8c657b-3f5f-11e1-a8b9-20cf30e3d6d8}\Shell - "" = AutoRun O33 - MountPoints2\{5b8c657b-3f5f-11e1-a8b9-20cf30e3d6d8}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{73c670d6-5329-11e0-a644-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{73c670d6-5329-11e0-a644-806e6f6e6963}\Shell\AutoRun\command - "" = K:\setup.exe -- [2009-07-14 10:29:38 | 000,106,760 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{a21f68be-5636-11e0-803a-20cf30e3d6d8}\Shell - "" = AutoRun O33 - MountPoints2\{a21f68be-5636-11e0-803a-20cf30e3d6d8}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a O33 - MountPoints2\{b27f98f6-2328-11e1-b195-20cf30e3d6d8}\Shell - "" = AutoRun O33 - MountPoints2\{b27f98f6-2328-11e1-b195-20cf30e3d6d8}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{ba7fe1fc-1c2e-11e1-bce1-20cf30e3d6d8}\Shell - "" = AutoRun O33 - MountPoints2\{ba7fe1fc-1c2e-11e1-bce1-20cf30e3d6d8}\Shell\AutoRun\command - "" = O:\AutoRun.exe O33 - MountPoints2\{c1e94c4c-f810-11e0-9454-20cf30e3d6d8}\Shell - "" = AutoRun O33 - MountPoints2\{c1e94c4c-f810-11e0-9454-20cf30e3d6d8}\Shell\AutoRun\command - "" = L:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-01-24 06:46:46 | 000,000,000 | ---D | C] -- C:\FRST [2012-01-22 21:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012-01-22 21:11:03 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012-01-22 21:11:02 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012-01-22 21:11:00 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2012-01-22 21:10:57 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012-01-22 21:10:56 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012-01-22 21:10:52 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012-01-22 21:10:52 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012-01-22 21:09:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012-01-22 21:09:24 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012-01-22 21:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012-01-22 21:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012-01-22 16:15:15 | 000,000,000 | ---D | C] -- C:\Users\Kotus\AppData\Roaming\Malwarebytes [2012-01-22 16:15:10 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-01-22 16:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-01-22 16:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-01-22 16:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-01-15 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Kotus\AppData\Roaming\NationRed [2012-01-07 16:44:14 | 000,086,016 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\cttele.dll [2012-01-07 16:43:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\data [2012-01-07 16:43:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\data [2012-01-07 16:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard [2012-01-07 16:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro [2012-01-07 16:13:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012-01-07 15:05:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2012-01-07 15:05:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\pl-PL [2012-01-07 15:05:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\pl [2012-01-07 15:05:06 | 000,000,000 | ---D | C] -- C:\Windows\pl-PL [2012-01-07 15:05:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL [2012-01-07 15:04:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pl [2012-01-07 14:59:52 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\pl-PL\bfe.dll.mui [2012-01-07 14:59:51 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\pl-PL\tcpip.sys.mui [2012-01-07 14:59:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\pl-PL\scfilter.sys.mui [2012-01-07 14:59:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\pl-PL\qwavedrv.sys.mui [2012-01-07 14:59:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\pl-PL\pacer.sys.mui [2012-01-07 14:59:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\pl-PL\ndiscap.sys.mui [2012-01-07 14:59:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\volsnap.sys.mui [2012-01-07 14:59:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\usbport.sys.mui [2012-01-07 14:59:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vhdmp.sys.mui [2012-01-07 14:59:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\portcls.sys.mui [2012-01-07 14:59:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\wd.sys.mui [2012-01-07 14:59:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\usbhub.sys.mui [2012-01-07 14:59:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\tpm.sys.mui [2012-01-07 14:59:08 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\pl-PL\pscr.sys.mui [2012-01-07 14:59:08 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\umbus.sys.mui [2012-01-07 14:59:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\serscan.sys.mui [2012-01-07 14:59:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\pcmcia.sys.mui [2012-01-07 14:59:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\i8042prt.sys.mui [2012-01-07 14:59:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\serial.sys.mui [2012-01-07 14:59:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\sermouse.sys.mui [2012-01-07 14:59:00 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\mouclass.sys.mui [2012-01-07 14:59:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\parport.sys.mui [2012-01-07 14:59:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\ataport.sys.mui [2012-01-07 14:59:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\rndismpx.sys.mui [2012-01-07 14:59:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\rndismp6.sys.mui [2012-01-07 14:59:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\mouhid.sys.mui [2012-01-07 14:59:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vwifibus.sys.mui [2012-01-07 14:59:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\MTConfig.sys.mui [2012-01-07 14:58:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\mpio.sys.mui [2012-01-07 14:58:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\msdsm.sys.mui [2012-01-07 14:58:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\amdide.sys.mui [2012-01-07 14:58:57 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\afd.sys.mui [2012-01-07 14:58:54 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\bfe.dll.mui [2012-01-07 14:58:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\wdf01000.sys.mui [2012-01-07 14:58:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\usbrpm.sys.mui [2012-01-07 14:58:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\ws2ifsl.sys.mui [2012-01-07 14:58:53 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\tcpip.sys.mui [2012-01-07 14:58:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\tunnel.sys.mui [2012-01-07 14:58:53 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\modem.sys.mui [2012-01-07 14:58:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\fvevol.sys.mui [2012-01-07 14:58:46 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\scfilter.sys.mui [2012-01-07 14:58:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\rdbss.sys.mui [2012-01-07 14:58:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\pacer.sys.mui [2012-01-07 14:58:42 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\qwavedrv.sys.mui [2012-01-07 14:58:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\partmgr.sys.mui [2012-01-07 14:58:32 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\ntfs.sys.mui [2012-01-07 14:58:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\ndis.sys.mui [2012-01-07 14:58:32 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\nwifi.sys.mui [2012-01-07 14:58:32 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\ndisuio.sys.mui [2012-01-07 14:58:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\ndiscap.sys.mui [2012-01-07 14:58:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\mountmgr.sys.mui [2012-01-07 14:58:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\luafv.sys.mui [2012-01-07 14:58:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\http.sys.mui [2012-01-07 14:58:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\fltmgr.sys.mui [2012-01-07 14:58:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\volmgrx.sys.mui [2012-01-07 14:58:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\pnpmem.sys.mui [2012-01-07 14:58:18 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrSerIb.sys.mui [2012-01-07 14:58:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\pci.sys.mui [2012-01-07 14:58:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\IPMIDrv.sys.mui [2012-01-07 14:58:18 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\kbdclass.sys.mui [2012-01-07 14:58:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vdrvroot.sys.mui [2012-01-07 14:58:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\isapnp.sys.mui [2012-01-07 14:58:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\ULIAGPKX.SYS.mui [2012-01-07 14:58:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\mssmbios.sys.mui [2012-01-07 14:58:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\NV_AGP.SYS.mui [2012-01-07 14:58:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\kbdhid.sys.mui [2012-01-07 14:58:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\AGP440.sys.mui [2012-01-07 14:58:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\processr.sys.mui [2012-01-07 14:58:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\intelppm.sys.mui [2012-01-07 14:58:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\amdppm.sys.mui [2012-01-07 14:58:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\amdk8.sys.mui [2012-01-07 14:58:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\bthport.sys.mui [2012-01-07 14:58:17 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\bthpan.sys.mui [2012-01-07 14:58:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\wacompen.sys.mui [2012-01-07 14:58:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\hdaudbus.sys.mui [2012-01-07 14:58:17 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\HdAudio.sys.mui [2012-01-07 14:58:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\hidbth.sys.mui [2012-01-07 14:58:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\Dot4usb.sys.mui [2012-01-07 14:58:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\disk.sys.mui [2012-01-07 14:58:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\BTHUSB.SYS.mui [2012-01-07 14:58:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\cdrom.sys.mui [2012-01-07 14:58:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\bthenum.sys.mui [2012-01-07 14:58:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\ohci1394.sys.mui [2012-01-07 14:58:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\1394ohci.sys.mui [2012-01-07 14:58:16 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrSerId.sys.mui [2012-01-07 14:58:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\acpi.sys.mui [2012-01-07 14:58:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\battc.sys.mui [2012-01-07 14:58:16 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\pl-PL\atikmdag.sys.mui [2012-01-07 14:58:16 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\GAGP30KX.SYS.mui [2012-01-07 14:58:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\UAGP35.SYS.mui [2012-01-07 14:58:16 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrParwdm.sys.mui [2012-01-04 19:24:14 | 000,000,000 | ---D | C] -- C:\Users\Kotus\Desktop\Klucz [2011-12-28 19:12:42 | 000,000,000 | ---D | C] -- C:\Users\Kotus\AppData\Roaming\Opera [2011-12-28 19:12:42 | 000,000,000 | ---D | C] -- C:\Users\Kotus\AppData\Local\Opera [2011-12-28 19:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2011-12-25 01:11:31 | 000,000,000 | ---D | C] -- C:\Users\Kotus\Documents\BlazeVideo [2011-12-25 01:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BlazeVideo [2011-12-25 01:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlazeDTV 6.0 [2011-12-25 01:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlazeVideo [2011-12-25 01:09:36 | 000,028,672 | ---- | C] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll [2011-12-25 01:09:32 | 000,507,392 | ---- | C] (ITETech ) -- C:\Windows\SysNative\drivers\AF15BDA.sys [2011-12-24 23:21:24 | 000,000,000 | ---D | C] -- C:\Users\Kotus\AppData\Roaming\Broken Rules [2011-11-13 22:24:08 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2007-04-09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2007-04-09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-01-23 22:00:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-01-23 22:00:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-01-23 21:50:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-01-23 21:35:06 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-23 21:35:06 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-23 21:35:06 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-23 21:35:06 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-23 21:35:06 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-23 21:26:00 | 001,661,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-01-23 21:26:00 | 000,737,226 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-01-23 21:26:00 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-01-23 21:26:00 | 000,153,914 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-01-23 21:26:00 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-01-22 21:11:04 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012-01-22 21:10:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012-01-22 16:15:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-01-21 23:42:44 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012-01-21 00:20:57 | 000,281,880 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012-01-21 00:20:57 | 000,281,880 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012-01-21 00:20:49 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012-01-19 22:29:54 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-01-19 22:25:51 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-01-19 18:35:35 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012-01-15 19:31:59 | 000,050,282 | ---- | M] () -- C:\Users\Kotus\Desktop\2035125781.jpg [2012-01-15 13:13:42 | 000,033,999 | ---- | M] () -- C:\Users\Kotus\Desktop\wingsofprey_logo.gif [2012-01-15 12:18:12 | 285,551,494 | ---- | M] () -- C:\Users\Kotus\Desktop\AlicePL.7z [2012-01-15 11:39:28 | 042,559,456 | ---- | M] () -- C:\Users\Kotus\Desktop\DS2PL.7z [2012-01-14 19:23:22 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012-01-08 11:11:15 | 004,958,588 | ---- | M] () -- C:\Windows\{00000004-00000000-00000007-00001102-00000004-20021102}.CDF [2012-01-08 11:11:15 | 004,958,588 | ---- | M] () -- C:\Windows\{00000004-00000000-00000007-00001102-00000004-20021102}.BAK [2012-01-08 11:10:17 | 004,828,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-01-07 21:12:49 | 001,636,578 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-01-07 15:04:32 | 000,337,158 | ---- | M] () -- C:\Windows\SysNative\perfi015.dat [2012-01-07 15:04:32 | 000,038,710 | ---- | M] () -- C:\Windows\SysNative\perfd015.dat [2012-01-06 22:34:24 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012-01-05 23:01:43 | 000,024,226 | ---- | M] () -- C:\Users\Kotus\Desktop\battlefield1943_logo.png [2011-12-31 00:01:45 | 000,654,240 | ---- | M] () -- C:\Users\Kotus\Desktop\capture.ts [2011-12-28 19:12:40 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011-12-25 01:11:11 | 000,000,014 | ---- | M] () -- C:\Windows\SysWow64\systeminfo.dll [2011-12-25 01:10:53 | 000,507,392 | ---- | M] (ITETech ) -- C:\Windows\SysNative\drivers\AF15BDA.sys [2011-12-25 01:10:53 | 000,028,672 | ---- | M] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll [2011-12-25 01:10:53 | 000,000,140 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin [2011-12-25 01:10:42 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\BlazeDTV 6.0.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-01-22 21:11:04 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012-01-22 21:10:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012-01-22 16:15:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-01-19 22:25:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012-01-19 22:25:51 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-01-15 19:31:57 | 000,050,282 | ---- | C] () -- C:\Users\Kotus\Desktop\2035125781.jpg [2012-01-15 13:13:41 | 000,033,999 | ---- | C] () -- C:\Users\Kotus\Desktop\wingsofprey_logo.gif [2012-01-15 11:48:32 | 285,551,494 | ---- | C] () -- C:\Users\Kotus\Desktop\AlicePL.7z [2012-01-15 11:38:52 | 042,559,456 | ---- | C] () -- C:\Users\Kotus\Desktop\DS2PL.7z [2012-01-08 03:34:45 | 000,034,240 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-08 03:34:45 | 000,034,240 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-08 03:34:45 | 000,030,528 | ---- | C] () -- C:\Windows\SysNative\BMXCtrlState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-08 03:34:45 | 000,030,528 | ---- | C] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-08 03:34:45 | 000,011,564 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx [2012-01-07 16:44:16 | 004,958,588 | ---- | C] () -- C:\Windows\{00000004-00000000-00000007-00001102-00000004-20021102}.BAK [2012-01-07 16:44:14 | 004,958,588 | ---- | C] () -- C:\Windows\{00000004-00000000-00000007-00001102-00000004-20021102}.CDF [2012-01-07 15:06:22 | 000,337,158 | ---- | C] () -- C:\Windows\SysNative\perfi015.dat [2012-01-07 15:06:20 | 000,737,226 | ---- | C] () -- C:\Windows\SysNative\perfh015.dat [2012-01-07 15:06:20 | 000,153,914 | ---- | C] () -- C:\Windows\SysNative\perfc015.dat [2012-01-07 15:06:20 | 000,038,710 | ---- | C] () -- C:\Windows\SysNative\perfd015.dat [2012-01-05 23:01:41 | 000,024,226 | ---- | C] () -- C:\Users\Kotus\Desktop\battlefield1943_logo.png [2011-12-28 19:12:40 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011-12-28 19:12:40 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011-12-26 22:02:40 | 000,654,240 | ---- | C] () -- C:\Users\Kotus\Desktop\capture.ts [2011-12-25 01:11:11 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll [2011-12-25 01:10:42 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\BlazeDTV 6.0.lnk [2011-12-25 01:09:36 | 000,000,140 | ---- | C] () -- C:\Windows\SysNative\AF15IRTBL.bin [2011-12-07 20:52:44 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe [2011-11-13 22:17:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011-11-13 22:17:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011-11-13 22:17:34 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011-10-15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011-07-31 22:19:49 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011-07-09 22:14:22 | 001,636,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-06-28 20:42:24 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011-04-09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-03-28 00:13:44 | 000,007,607 | ---- | C] () -- C:\Users\Kotus\AppData\Local\Resmon.ResmonCfg [2011-03-20 23:54:38 | 000,281,880 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-03-20 23:54:27 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011-03-20 23:54:27 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-03-20 23:05:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011-03-20 22:16:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011-03-20 22:16:01 | 000,033,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011-03-20 22:03:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009-04-02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2009-02-19 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe [2007-04-12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll [2007-04-09 12:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2007-04-09 12:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2007-04-09 12:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll [2007-04-09 12:32:32 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe [2007-04-09 12:24:30 | 000,325,821 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2007-04-09 12:24:30 | 000,046,273 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2007-04-09 12:19:20 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat [2007-04-09 12:19:20 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat [2007-04-09 12:19:18 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2006-10-02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2005-06-16 10:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll [color=#E56717]========== LOP Check ==========[/color] [2011-06-05 12:25:08 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\.minecraft [2011-08-10 23:09:45 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\AtomZombieData [2011-10-25 18:04:02 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\AutoHideIP [2011-08-22 21:20:02 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\blueconnect [2011-12-24 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Broken Rules [2011-07-05 21:36:04 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Colibri Games [2011-03-27 18:36:49 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\DAEMON Tools Lite [2011-06-10 22:22:16 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\DisneyInteractiveStudios [2011-05-04 19:50:53 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Gadu-Gadu 10 [2011-08-21 17:30:12 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Lazy 8 Studios [2011-07-31 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\LolClient [2011-03-27 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\LucasArts [2011-11-16 00:39:43 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\mm [2011-06-10 20:40:36 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\MotioninJoy [2012-01-15 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\NationRed [2011-07-01 19:44:28 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\OnLive App [2011-12-28 19:12:42 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Opera [2011-10-21 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Origin [2011-10-25 19:42:53 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\PlatinumHideIP [2011-07-01 21:51:24 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\TeamViewer [2011-09-24 02:04:41 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\The Creative Assembly [2011-10-30 17:52:39 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Thunderbird [2011-06-10 22:36:13 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Tibia [2011-03-27 12:36:01 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Ubisoft [2011-11-28 23:08:58 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\uTorrent [2011-11-01 21:17:34 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\Voxatron [2011-12-08 13:50:43 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\webex [2011-07-09 22:32:10 | 000,000,000 | ---D | M] -- C:\Users\Kotus\AppData\Roaming\XRay Engine [2011-11-10 14:42:43 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DBC416F8 < End of report >