OTL logfile created on: 2012-03-06 18:31:20 - Run 10 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\AMD\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,14% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 27,35 Gb Total Space | 10,40 Gb Free Space | 38,02% Space Free | Partition Type: NTFS Drive D: | 102,54 Gb Total Space | 16,02 Gb Free Space | 15,62% Space Free | Partition Type: NTFS Drive E: | 102,99 Gb Total Space | 37,29 Gb Free Space | 36,21% Space Free | Partition Type: NTFS Drive H: | 1,89 Gb Total Space | 0,20 Gb Free Space | 10,81% Space Free | Partition Type: FAT Computer Name: AMD-MACHINE | User Name: AMD | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-03-05 15:36:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\AMD\Desktop\OTL.exe PRC - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-05-30 10:25:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009-07-14 02:39:46 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\SysNative\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll -- (pnmsrv) SRV - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011-05-30 10:25:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-03-21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- D:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-04-13 20:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-12-10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011-11-08 16:07:23 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:[b]64bit:[/b] - [2011-11-08 16:07:23 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:[b]64bit:[/b] - [2011-07-25 12:21:52 | 000,241,880 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\scrcamhrdrv_x64.sys -- (PCWinSoft) DRV:[b]64bit:[/b] - [2011-07-19 11:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth) DRV:[b]64bit:[/b] - [2011-05-22 15:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether) DRV:[b]64bit:[/b] - [2011-03-21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:[b]64bit:[/b] - [2011-03-21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2009-07-14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-12 14:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB) DRV:[b]64bit:[/b] - [2009-02-09 07:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:[b]64bit:[/b] - [2009-02-09 07:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:[b]64bit:[/b] - [2008-11-11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:[b]64bit:[/b] - [2008-11-11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:[b]64bit:[/b] - [2008-11-11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV - [2011-03-21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- D:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-05-12 14:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys -- (FlashUSB) DRV - [2007-02-07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2001-10-25 23:40:02 | 000,031,776 | ---- | M] (Alfa Corporation) [Kernel | Boot | Stopped] -- C:\Windows\system32\Drivers\AFPAnsi.sys -- (AFPAnsi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1396035045-3181242471-1236992741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-1396035045-3181242471-1236992741-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-1396035045-3181242471-1236992741-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=WSV5&o=13728&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=W2&apn_dtid=YYYYYYYYPL&apn_uid=D0858061-AEF8-474E-B4C8-55311A2D243B&apn_sauid=0BCFC154-52AA-46AB-B23F-0FB7DCACFC30 IE - HKU\S-1-5-21-1396035045-3181242471-1236992741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programy\Java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\WebScout FileBulldog Toolbar\tbcore3.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKLM\..\Toolbar: (WebScout FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\WebScout FileBulldog Toolbar\tbcore3.dll () O3:[b]64bit:[/b] - HKU\S-1-5-21-1396035045-3181242471-1236992741-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKU\S-1-5-21-1396035045-3181242471-1236992741-1000\..\Toolbar\WebBrowser: (WebScout FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\WebScout FileBulldog Toolbar\tbcore3.dll () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1396035045-3181242471-1236992741-1000..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA033E33-9FB5-4A55-839E-0F93194FB3C0}: DhcpNameServer = 8.8.8.8 8.8.4.4 O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-1396035045-3181242471-1236992741-1000 Winlogon: Shell - (C:\Users\AMD\AppData\Local\aceac5ab\X) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-05-28 09:25:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{15c37124-0785-11e1-90ef-886f808be3ee}\Shell - "" = AutoRun O33 - MountPoints2\{15c37124-0785-11e1-90ef-886f808be3ee}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{420ce978-087a-11e1-bbbc-cf28ef7e05ef}\Shell - "" = AutoRun O33 - MountPoints2\{420ce978-087a-11e1-bbbc-cf28ef7e05ef}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{ec96b178-bb93-11e0-95a5-d170a0372fed}\Shell - "" = AutoRun O33 - MountPoints2\{ec96b178-bb93-11e0-95a5-d170a0372fed}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Nvsetup.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\USBAutoRun.exe O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-03-06 15:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012-03-06 15:54:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-03-06 15:54:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-03-06 15:54:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012-03-06 15:41:06 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\AMD\Desktop\OTL.exe [2012-03-06 10:18:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012-03-06 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\AMD\DoctorWeb [2012-03-05 17:22:22 | 000,000,000 | ---D | C] -- C:\Users\AMD\Desktop\apki [2012-03-04 18:25:27 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Roaming\Malwarebytes [2012-03-04 18:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-03-04 18:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-03-04 18:25:19 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-02-29 10:41:25 | 000,000,000 | ---D | C] -- C:\Users\AMD\Documents\Codemasters [2012-02-29 10:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2012-02-19 15:35:06 | 000,000,000 | ---D | C] -- C:\Users\AMD\AppData\Local\Skyrim [2012-02-19 15:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911 [2012-02-12 19:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2012-02-11 13:58:38 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012-02-11 13:58:38 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012-02-11 13:58:38 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012-02-11 13:58:38 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012-02-11 13:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2012-02-07 14:33:55 | 000,000,000 | ---D | C] -- C:\Users\AMD\Nowy folder (2) [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-03-06 18:29:19 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-03-06 18:29:19 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-03-06 18:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-03-06 18:21:58 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012-03-06 16:00:40 | 000,002,048 | ---- | M] () -- C:\Windows\SysNative\consrv.dll [2012-03-06 15:54:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012-03-06 15:54:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-03-06 15:54:13 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-03-06 15:54:13 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012-03-06 15:49:22 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_trash.cmd [2012-03-06 14:39:37 | 001,686,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-03-06 14:39:37 | 000,749,472 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-03-06 14:39:37 | 000,655,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-03-06 14:39:37 | 000,157,964 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-03-06 14:39:37 | 000,124,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-03-06 13:38:46 | 000,589,450 | ---- | M] () -- C:\Users\AMD\Desktop\Mark Sixma feat. Amba Sheperd - Cupid's Casualty (Radio Edit) (4clubbers.pl).mp3 [2012-03-06 09:14:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\setup_xp.ini [2012-03-05 17:29:53 | 009,602,524 | ---- | M] () -- C:\Users\AMD\Desktop\Lana del Rey - diet mountain dew (Tommy Noble rmx) [www.4clubbers.pl].mp3 [2012-03-05 15:36:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\AMD\Desktop\OTL.exe [2012-03-04 18:25:22 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-03-04 14:49:17 | 000,140,840 | ---- | M] () -- C:\Users\AMD\.recently-used.xbel [2012-03-01 10:38:52 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012-03-01 10:38:52 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012-03-01 10:38:52 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012-03-01 10:38:52 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012-02-29 19:29:06 | 000,012,738 | ---- | M] () -- C:\Users\AMD\Desktop\cache — skrót.lnk [2012-02-28 15:40:54 | 008,663,036 | ---- | M] () -- C:\Users\AMD\Desktop\Edycja pliku FRAMEWORK-RES.apk PORADNIK.odt [2012-02-27 14:22:30 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2012-02-22 15:02:37 | 011,662,392 | ---- | M] () -- C:\Users\AMD\Desktop\Wolfgang Gartner & Tiesto feat. Luciana - ID.avi [2012-02-21 09:31:32 | 000,085,091 | ---- | M] () -- C:\Users\AMD\Desktop\pelnomocnictwo_instrukcja1.pdf [2012-02-20 18:07:22 | 000,000,674 | ---- | M] () -- C:\Users\AMD\Desktop\Update Service.lnk [2012-02-14 13:26:11 | 000,000,674 | ---- | M] () -- C:\Users\AMD\Desktop\GIMP 2.lnk [2012-02-06 13:57:58 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-03-06 13:38:41 | 000,589,450 | ---- | C] () -- C:\Users\AMD\Desktop\Mark Sixma feat. Amba Sheperd - Cupid's Casualty (Radio Edit) (4clubbers.pl).mp3 [2012-03-06 09:14:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\setup_xp.ini [2012-03-05 17:12:32 | 009,602,524 | ---- | C] () -- C:\Users\AMD\Desktop\Lana del Rey - diet mountain dew (Tommy Noble rmx) [www.4clubbers.pl].mp3 [2012-03-04 18:25:22 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-03-04 14:49:17 | 000,140,840 | ---- | C] () -- C:\Users\AMD\.recently-used.xbel [2012-02-29 19:29:06 | 000,012,738 | ---- | C] () -- C:\Users\AMD\Desktop\cache — skrót.lnk [2012-02-29 08:54:14 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_trash.cmd [2012-02-27 14:07:04 | 008,663,036 | ---- | C] () -- C:\Users\AMD\Desktop\Edycja pliku FRAMEWORK-RES.apk PORADNIK.odt [2012-02-22 14:59:57 | 011,662,392 | ---- | C] () -- C:\Users\AMD\Desktop\Wolfgang Gartner & Tiesto feat. Luciana - ID.avi [2012-02-21 09:49:49 | 000,085,091 | ---- | C] () -- C:\Users\AMD\Desktop\pelnomocnictwo_instrukcja1.pdf [2012-02-20 18:06:21 | 000,000,674 | ---- | C] () -- C:\Users\AMD\Desktop\Update Service.lnk [2012-02-14 13:26:11 | 000,000,674 | ---- | C] () -- C:\Users\AMD\Desktop\GIMP 2.lnk [2011-11-14 13:59:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011-11-13 12:58:09 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011-10-15 17:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2011-10-15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011-10-14 08:19:28 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011-10-13 16:27:48 | 000,000,632 | ---- | C] () -- C:\Windows\Edofma.INI [2011-10-07 09:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\Route.INI [2011-10-01 16:51:59 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011-09-19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011-09-19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011-09-14 13:22:26 | 000,000,002 | ---- | C] () -- C:\Windows\pvpeformr.dll [2011-09-13 10:48:44 | 001,636,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-08-27 09:10:57 | 000,000,091 | ---- | C] () -- C:\Windows\mp3wavcon.ini [2011-08-27 09:08:30 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\SySmp3con.dat [2011-08-27 09:08:26 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011-07-09 16:37:05 | 000,000,193 | ---- | C] () -- C:\Windows\MBMTool.INI [2011-07-06 18:01:58 | 000,007,603 | ---- | C] () -- C:\Users\AMD\AppData\Local\resmon.resmoncfg [2011-06-27 09:24:51 | 000,005,632 | ---- | C] () -- C:\Users\AMD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-04 08:15:44 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini [2011-05-30 10:25:21 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-05-30 10:25:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-05-02 23:30:50 | 001,144,147 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll [2011-05-02 23:27:54 | 003,935,545 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2011-05-02 21:23:46 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2011-05-02 21:19:34 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2011-05-02 21:19:20 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011-03-18 22:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2011-03-18 22:29:56 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2011-03-18 22:28:30 | 001,557,504 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2011-03-18 22:27:08 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2011-03-18 22:26:44 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2011-03-18 22:25:38 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2011-03-18 22:25:24 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2011-03-03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011-03-03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2011-03-03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011-03-03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011-03-03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011-03-03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011-03-03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011-03-03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2011-03-03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011-03-03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2011-03-03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011-03-03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011-03-03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2011-02-22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011-02-22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010-08-18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini [color=#E56717]========== LOP Check ==========[/color] [2011-07-31 14:24:32 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Auslogics [2011-10-11 15:32:45 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Babylon [2011-09-11 08:21:42 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\BANDISOFT [2012-03-06 16:35:52 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Complitly [2011-09-10 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Cool Record Edit Pro [2012-03-06 15:23:05 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\DAEMON Tools Lite [2011-07-19 16:16:26 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Day 1 Studios [2011-12-23 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\EurekaLog [2011-11-22 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Evolved [2011-05-30 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Foxit [2011-09-10 16:34:42 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Free Sound Recorder [2011-12-07 10:49:36 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Gadu-Gadu 10 [2012-03-04 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\gtk-2.0 [2012-01-22 22:15:09 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\HD Tune Pro [2011-10-24 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\inkscape [2011-08-11 09:58:30 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\LG Electronics [2011-10-15 11:53:09 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Locktime [2011-11-18 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\NapiProjekt [2011-06-22 13:42:16 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Nokia [2011-08-31 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\OpenFM [2012-01-28 10:00:26 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Opera [2011-05-30 10:25:19 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\PunkBuster [2011-12-15 12:16:13 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Rovio [2011-09-29 10:58:23 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\screenrecorder [2011-11-05 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Sony [2011-09-29 19:09:31 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\StoneNext [2011-09-14 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\streamripper [2012-01-20 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Trine2 [2011-11-22 17:11:11 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\Ubisoft [2011-06-27 09:24:45 | 000,000,000 | ---D | M] -- C:\Users\AMD\AppData\Roaming\XnView [2012-03-06 10:18:46 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:820563D3 < End of report >