OTL logfile created on: 2012-07-05 09:40:15 - Run 3
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Piotrek\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,87 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 66,75% Memory free
7,74 Gb Paging File | 6,34 Gb Available in Paging File | 81,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 12,15 Gb Free Space | 12,46% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 68,09 Gb Free Space | 33,97% Space Free | Partition Type: NTFS
 
Computer Name: PIOTREK-PC | User Name: Piotrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-07-05 00:05:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Piotrek\Downloads\OTL.exe
PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007-08-06 12:51:08 | 001,847,296 | ---- | M] (IVO Software Sp. z o.o.) -- D:\Expressivo\expressivo.exe
PRC - [2003-10-06 12:08:10 | 000,065,536 | ---- | M] () -- D:\UniSpiker-2.6\uni_spiker-2.6.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011-09-27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-09-27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010-01-30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2003-10-06 12:08:40 | 000,081,920 | ---- | M] () -- D:\UniSpiker-2.6\voice_api.dll
MOD - [2003-10-06 12:08:28 | 000,045,056 | ---- | M] () -- D:\UniSpiker-2.6\unispiker_api.dll
MOD - [2003-10-06 12:08:10 | 000,065,536 | ---- | M] () -- D:\UniSpiker-2.6\uni_spiker-2.6.exe
MOD - [2003-10-06 12:07:44 | 000,110,592 | ---- | M] () -- D:\UniSpiker-2.6\plugins\mail.dll
MOD - [2003-10-06 12:07:30 | 000,036,864 | ---- | M] () -- D:\UniSpiker-2.6\plugins\keyboard.dll
MOD - [2003-10-06 12:07:22 | 000,040,960 | ---- | M] () -- D:\UniSpiker-2.6\plugins\clock.dll
MOD - [2003-10-06 12:07:14 | 000,032,768 | ---- | M] () -- D:\UniSpiker-2.6\plugins\clipboard.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2010-11-11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2010-11-11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2010-08-09 04:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:[b]64bit:[/b] - [2009-09-12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-05-19 17:19:30 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011-04-19 23:30:38 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-09-08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011-04-25 23:35:21 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011-02-11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011-01-21 07:36:02 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-10-24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2010-09-23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2010-04-06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:[b]64bit:[/b] - [2010-04-06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:[b]64bit:[/b] - [2010-04-06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:[b]64bit:[/b] - [2010-01-13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:[b]64bit:[/b] - [2009-07-30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:[b]64bit:[/b] - [2009-07-28 19:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-04 20:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:[b]64bit:[/b] - [2009-07-02 12:51:46 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009-07-02 09:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:[b]64bit:[/b] - [2009-06-29 08:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:[b]64bit:[/b] - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2008-08-14 10:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2007-11-09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:[b]64bit:[/b] - [2005-11-03 16:40:56 | 000,089,600 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:[b]64bit:[/b] - [2005-08-10 14:46:20 | 000,068,608 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:[b]64bit:[/b] - [2005-05-16 15:21:16 | 000,007,168 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2010-01-29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\URLSearchHook: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-19 17:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-11 03:35:13 | 000,000,000 | ---D | M]
 
[2011-04-18 21:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piotrek\AppData\Roaming\Mozilla\Extensions
[2012-05-07 20:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\f9qpyt9j.default\extensions
[2012-01-30 03:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-04-23 14:46:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-07-12 15:59:50 | 000,010,043 | ---- | M] () (No name found) -- C:\USERS\PIOTREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9QPYT9J.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI
[2012-05-19 17:19:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009-07-31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2012-04-04 23:34:32 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-04-04 23:34:32 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-04-04 23:34:32 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-04-04 23:34:32 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-04-04 23:34:32 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-04-04 23:34:32 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Expressivo\integr\ih-iexplorer\IH_iexplorer_x64.dll (IVO Software Sp. z o.o.)
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Expressivo\integr\ih-iexplorer\IH_iexplorer_x64.dll (IVO Software Sp. z o.o.)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Expressivo] D:\Expressivo\expressivo.exe (IVO Software Sp. z o.o.)
O4 - Startup: C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UniSpiker-2.6.lnk = D:\UniSpiker-2.6\uni_spiker-2.6.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer\Add_UrlO.htm File not found
O8:[b]64bit:[/b] - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer\Add_AllO.htm File not found
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer\Add_UrlO.htm File not found
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer\Add_AllO.htm File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DA76890-D736-4D23-B5C7-CF1678B7EF88}: DhcpNameServer = 172.16.50.2 82.145.69.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FC6DD9E-08A2-4F14-B1E7-B76B7AD49A62}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FC6DD9E-08A2-4F14-B1E7-B76B7AD49A62}: NameServer = 8.8.8.8,8.8.4.4
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{32841cc0-6f84-11e0-8902-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{32841cc0-6f84-11e0-8902-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{685c840e-69ee-11e0-864a-001e6575b16e}\Shell - "" = AutoRun
O33 - MountPoints2\{685c840e-69ee-11e0-864a-001e6575b16e}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-07-05 09:25:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-07-05 09:05:01 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2012-07-05 09:05:01 | 000,287,304 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys
[2012-07-03 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\RadonLabs
[2012-06-28 13:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012-06-28 13:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012-06-28 13:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012-06-28 13:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012-06-28 13:49:32 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012-06-28 13:49:32 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012-06-28 13:49:32 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012-06-28 13:49:32 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012-06-28 13:49:31 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012-06-28 13:49:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012-06-28 13:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IQ Publishing
[2012-06-28 13:14:43 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Desktop\z nokii
[2012-06-28 11:52:37 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Desktop\inne z neta
[2012-06-28 11:52:18 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Desktop\ekonometria wyklady
[2012-06-28 00:40:04 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\NBA LIVE 08
[2012-06-18 04:14:45 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Desktop\herb
[2012-06-14 21:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012-06-14 21:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2012-06-11 03:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LizardTech
[2012-06-11 03:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LizardTech
[2 C:\Users\Piotrek\Desktop\*.tmp files -> C:\Users\Piotrek\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-07-05 09:42:11 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-05 09:42:11 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-05 09:39:21 | 000,862,570 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-07-05 09:39:21 | 000,710,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-07-05 09:39:21 | 000,144,498 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-07-05 09:35:07 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-05 09:34:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-05 09:32:29 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-05 09:32:28 | 001,485,264 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012-07-05 09:05:07 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2012-07-05 09:05:01 | 000,287,304 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys
[2012-07-05 01:33:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-04 20:10:09 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\DRIV3R DEMO.lnk
[2012-07-03 09:24:01 | 000,029,694 | ---- | M] () -- C:\Users\Piotrek\Desktop\e20c3c5fbb20d697f0753a66dd92bf36.png
[2012-07-01 09:59:40 | 000,055,477 | ---- | M] () -- C:\Users\Piotrek\Documents\bilet pks.pdf
[2012-06-15 20:20:20 | 000,036,054 | ---- | M] () -- C:\Users\Piotrek\Desktop\1339769861_lg53zs_500.jpg
[2012-06-14 12:16:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2012-06-14 02:05:19 | 000,046,032 | ---- | M] () -- C:\Users\Piotrek\Desktop\1339410479_by_fagaz.jpg
[2012-06-11 23:37:33 | 000,172,280 | ---- | M] () -- C:\Users\Piotrek\Desktop\e373b35baaffd8b22377745eb03e932d.jpg
[2012-06-11 23:35:38 | 000,126,018 | ---- | M] () -- C:\Users\Piotrek\Desktop\1339353910_by_dahu_500.jpg
[2012-06-11 03:32:35 | 002,038,999 | ---- | M] () -- C:\Users\Piotrek\Documents\StrozikTomaszS4195.djvu
[2 C:\Users\Piotrek\Desktop\*.tmp files -> C:\Users\Piotrek\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-07-04 20:10:09 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\DRIV3R DEMO.lnk
[2012-07-03 09:38:21 | 000,029,694 | ---- | C] () -- C:\Users\Piotrek\Desktop\e20c3c5fbb20d697f0753a66dd92bf36.png
[2012-07-01 09:59:39 | 000,055,477 | ---- | C] () -- C:\Users\Piotrek\Documents\bilet pks.pdf
[2012-06-15 20:21:54 | 000,036,054 | ---- | C] () -- C:\Users\Piotrek\Desktop\1339769861_lg53zs_500.jpg
[2012-06-14 12:16:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2012-06-14 02:08:13 | 000,046,032 | ---- | C] () -- C:\Users\Piotrek\Desktop\1339410479_by_fagaz.jpg
[2012-06-11 23:43:04 | 000,172,280 | ---- | C] () -- C:\Users\Piotrek\Desktop\e373b35baaffd8b22377745eb03e932d.jpg
[2012-06-11 23:39:30 | 000,126,018 | ---- | C] () -- C:\Users\Piotrek\Desktop\1339353910_by_dahu_500.jpg
[2012-06-11 03:32:33 | 002,038,999 | ---- | C] () -- C:\Users\Piotrek\Documents\StrozikTomaszS4195.djvu
[2012-02-28 22:27:24 | 000,000,367 | ---- | C] () -- C:\Windows\pdf2word.INI
[2011-11-23 21:57:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011-11-23 21:55:16 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011-10-08 15:33:46 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011-07-14 17:58:12 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011-05-08 01:06:48 | 000,006,656 | ---- | C] () -- C:\Users\Piotrek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-23 14:47:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-04-19 23:30:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011-04-18 21:18:46 | 000,870,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-04-18 21:12:33 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-04-18 21:12:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-04-18 21:12:32 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-04-18 21:12:32 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-04-18 21:12:32 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-04-18 21:08:59 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
[2011-04-18 21:08:59 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
[2011-04-18 21:08:59 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2011-04-18 21:08:59 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
[2011-04-18 21:08:59 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
[2011-04-18 21:08:59 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
[2011-04-18 21:08:59 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe
[2011-02-11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011-02-11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011-02-11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2002-10-22 18:51:40 | 000,319,488 | R--- | C] () -- C:\Users\Piotrek\AppData\Roaming\MafiaSetup.exe
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011-04-25 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Atari
[2011-04-26 16:26:53 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\avidemux
[2011-11-06 00:49:51 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Cream Software
[2012-01-30 03:08:59 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Expressivo
[2012-05-31 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Gadu-Gadu 10
[2012-06-27 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\ipla
[2011-04-20 22:43:49 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\IrfanView
[2011-04-22 10:09:32 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\IVONA ControlCenter
[2011-07-30 23:35:23 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Leadertech
[2011-07-29 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Offline Explorer
[2011-04-19 00:27:31 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\OpenFM
[2012-01-25 17:43:41 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Photo! 3D Album
[2011-04-27 00:26:22 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Publish Providers
[2011-11-23 21:57:57 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Samsung
[2011-04-27 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Sony
[2011-04-18 21:33:15 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\WinBatch
[2012-03-30 14:02:12 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Windows Live Writer
[2012-05-08 16:44:49 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:9C783D4D

< End of report >