OTL logfile created on: 2012-07-08 21:37:20 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\OTL 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,93 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 79,20% Memory free 15,87 Gb Paging File | 13,97 Gb Available in Paging File | 88,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,48 Gb Total Space | 491,51 Gb Free Space | 84,53% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 542,54 Gb Free Space | 91,00% Space Free | Partition Type: NTFS Drive F: | 959,47 Mb Total Space | 545,05 Mb Free Space | 56,81% Space Free | Partition Type: FAT Computer Name: KASIA-PC | User Name: kasia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-08 00:50:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\OTL\OTL.exe PRC - [2012-06-06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012-04-16 14:27:24 | 000,025,464 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe PRC - [2011-11-02 17:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2010-08-12 13:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010-07-01 13:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010-07-01 13:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010-06-27 00:03:40 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe PRC - [2010-03-11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010-03-03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010-01-28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe PRC - [2010-01-14 08:30:16 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe PRC - [2009-12-29 17:35:50 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe PRC - [2009-07-20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009-01-30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-28 12:28:56 | 000,438,296 | ---- | M] () -- C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll MOD - [2012-06-28 12:28:54 | 003,972,120 | ---- | M] () -- C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll MOD - [2012-06-28 12:27:40 | 000,554,520 | ---- | M] () -- C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll MOD - [2012-06-28 12:27:38 | 000,117,784 | ---- | M] () -- C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll MOD - [2012-06-28 12:27:29 | 000,140,328 | ---- | M] () -- C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll MOD - [2012-06-28 12:27:28 | 000,262,184 | ---- | M] () -- C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll MOD - [2012-06-28 12:27:26 | 002,386,984 | ---- | M] () -- C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll MOD - [2011-09-27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-09-27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009-07-20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-11-02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:[b]64bit:[/b] - [2009-07-20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-06-05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-05-10 18:47:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012-05-10 18:47:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010-08-12 13:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010-07-01 13:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010-07-01 13:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010-03-11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010-03-03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010-01-28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010-01-14 08:30:16 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe -- (QDLService2kDell) Qualcomm Gobi 2000 Download Service (Dell) SRV - [2009-12-29 17:35:50 | 000,083,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-05-10 18:47:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2012-05-10 18:47:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2012-02-15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011-10-27 03:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:[b]64bit:[/b] - [2011-10-27 03:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:[b]64bit:[/b] - [2011-10-27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:[b]64bit:[/b] - [2011-10-27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:[b]64bit:[/b] - [2011-10-27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:[b]64bit:[/b] - [2011-10-19 17:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:[b]64bit:[/b] - [2010-08-20 12:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:[b]64bit:[/b] - [2010-08-20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:[b]64bit:[/b] - [2010-07-15 06:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2010-07-12 12:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt) DRV:[b]64bit:[/b] - [2010-06-23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - [2010-05-31 06:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:[b]64bit:[/b] - [2010-04-27 18:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2010-04-27 18:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2010-03-26 16:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:[b]64bit:[/b] - [2010-03-03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009-11-02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:[b]64bit:[/b] - [2009-09-17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2009-06-17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2009-06-17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009-02-17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:[b]64bit:[/b] - [2007-02-16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007-02-16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\..\SearchScopes,DefaultScope = {95344BAF-16EF-44B2-A7BC-40CA72CF6B78} IE - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\..\SearchScopes\{89B55BD8-55F9-43A8-99AF-864C465EAFA0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=AE4CE5D5-677D-4E41-AD32-2877021F9C26&apn_sauid=2681093F-A63D-483A-8981-4F456C7310A4 IE - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\..\SearchScopes\{95344BAF-16EF-44B2-A7BC-40CA72CF6B78}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kasia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kasia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Wirtualna Polska (Enabled) CHR - default_search_provider: search_url = http://szukaj.wp.pl/szukaj.html?szukaj={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kasia\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime Alternative\plugins\npqtplugin6.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011-11-07 19:10:32 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:[b]64bit:[/b] - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4:[b]64bit:[/b] - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000..\Run: [Corel Photo Downloader] c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000..\Run: [SpeedUpMyPC] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1588705976-2148342748-1080016788-1000\..Trusted Domains: monitor.pl ([system] https in Zaufane witryny) O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E0CD8440-E404-4930-A9BD-FEB89A21A873} https://system.infomonitor.pl/scripts/SP_RAX.CAB (RAX SYSTEM BIG (InfoMonitor)) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{488BC432-68E6-4FC2-9778-1353FF0EF18E}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A73A8D2D-EF79-4526-A0B5-7724BCAA95C7}: DhcpNameServer = 62.179.1.62 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{120406c8-104f-11e1-8f37-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{120406c8-104f-11e1-8f37-c0cb38a9a66e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{13a40541-0706-11e1-b8ba-f04da25db918}\Shell - "" = AutoRun O33 - MountPoints2\{13a40541-0706-11e1-b8ba-f04da25db918}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{14a25eb8-0b6c-11e1-bddf-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{14a25eb8-0b6c-11e1-bddf-c0cb38a9a66e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{1ca545a5-06fc-11e1-8cca-f04da25db918}\Shell - "" = AutoRun O33 - MountPoints2\{1ca545a5-06fc-11e1-8cca-f04da25db918}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{81df9aaf-0a5e-11e1-8a2a-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{81df9aaf-0a5e-11e1-8a2a-c0cb38a9a66e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{95fb4413-0877-11e1-89d4-f04da25db918}\Shell - "" = AutoRun O33 - MountPoints2\{95fb4413-0877-11e1-89d4-f04da25db918}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9ff3cdd8-0a53-11e1-851b-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{9ff3cdd8-0a53-11e1-851b-c0cb38a9a66e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9ff3cde5-0a53-11e1-851b-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{9ff3cde5-0a53-11e1-851b-c0cb38a9a66e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a15586d5-0983-11e1-90b0-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{a15586d5-0983-11e1-90b0-c0cb38a9a66e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a15586e0-0983-11e1-90b0-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{a15586e0-0983-11e1-90b0-c0cb38a9a66e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a15586e9-0983-11e1-90b0-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{a15586e9-0983-11e1-90b0-c0cb38a9a66e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a1ff8b97-097b-11e1-8acb-c0cb38a9a66e}\Shell - "" = AutoRun O33 - MountPoints2\{a1ff8b97-097b-11e1-8acb-c0cb38a9a66e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ef040609-0559-11e1-996a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ef040609-0559-11e1-996a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoRcd.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-08 21:36:24 | 000,000,000 | ---D | C] -- C:\OTL [2012-07-08 21:24:39 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Local\Mozilla [2012-07-08 21:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012-07-07 17:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft [2012-07-07 17:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft [2012-07-07 12:39:51 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\ImgBurn [2012-07-07 11:52:13 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\Uniblue [2012-07-07 11:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012-07-07 11:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2012-07-07 11:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012-07-07 11:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012-07-07 00:14:25 | 012,633,984 | ---- | C] (Microsoft Corporation) -- C:\Users\kasia\Desktop\mseinstall.exe [2012-07-06 16:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak PhotoStudio [2012-07-06 16:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Systweak [2012-07-06 12:03:30 | 000,018,856 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2012-07-06 12:03:30 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\Systweak [2012-07-06 12:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro [2012-07-06 12:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro [2012-07-06 10:28:35 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\Malwarebytes [2012-07-06 10:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-07-06 10:28:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-07-06 10:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-07-06 10:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-07-05 23:53:04 | 000,000,000 | ---D | C] -- C:\Users\kasia\Desktop\samsung [2012-07-04 01:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012-07-04 00:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2012-07-04 00:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2012-07-04 00:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-07-03 22:14:45 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\ESET [2012-07-03 22:14:45 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Local\ESET [2012-07-03 22:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012-07-03 22:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012-06-29 15:50:02 | 000,000,000 | ---D | C] -- C:\Users\kasia\Desktop\hab [2012-06-29 15:37:36 | 000,000,000 | ---D | C] -- C:\Users\kasia\Desktop\Magda [2012-06-27 15:49:48 | 000,000,000 | ---D | C] -- C:\Users\kasia\Desktop\obrazki [2012-06-23 14:18:19 | 000,000,000 | ---D | C] -- C:\Users\kasia\filmy [2012-06-23 09:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012-06-23 09:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012-06-23 09:30:06 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012-06-23 09:30:06 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-06-23 09:30:06 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-06-23 09:30:06 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012-06-23 09:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012-06-23 09:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012-06-22 21:59:32 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\DivX [2012-06-22 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\kasia\AppData\Roaming\Media Player Classic [2012-06-19 17:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012-06-18 21:38:52 | 000,000,000 | ---D | C] -- C:\Users\kasia\Desktop\Nowy folder [2012-06-12 11:17:33 | 000,000,000 | ---D | C] -- C:\Users\kasia\Desktop\rz [2012-06-11 23:10:00 | 000,000,000 | ---D | C] -- C:\Users\kasia\Desktop\nowe [1 C:\Users\kasia\Desktop\*.tmp files -> C:\Users\kasia\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-08 21:42:15 | 002,621,440 | ---- | M] () -- C:\Users\kasia\ntuser.dat [2012-07-08 21:37:40 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-07-08 21:37:40 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-07-08 21:37:40 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-07-08 21:37:40 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-07-08 21:37:40 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-07-08 21:17:17 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-08 21:09:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1588705976-2148342748-1080016788-1000UA.job [2012-07-08 20:58:37 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-08 20:58:37 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012-07-08 20:58:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-07-08 20:58:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-08 20:58:22 | 2094,301,183 | -HS- | M] () -- C:\hiberfil.sys [2012-07-08 10:51:03 | 004,886,840 | -H-- | M] () -- C:\Users\kasia\AppData\Local\IconCache.db [2012-07-07 23:32:12 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [2012-07-07 22:09:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1588705976-2148342748-1080016788-1000Core.job [2012-07-07 17:31:07 | 745,953,264 | ---- | M] () -- C:\Users\kasia\Desktop\IMAGE.img [2012-07-07 17:31:01 | 000,004,215 | ---- | M] () -- C:\Users\kasia\Desktop\IMAGE.ccd [2012-07-07 17:19:39 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk [2012-07-07 15:01:11 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2012-07-07 11:52:12 | 000,001,138 | ---- | M] () -- C:\Users\kasia\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk [2012-07-07 11:52:12 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk [2012-07-07 11:50:58 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012-07-07 01:01:11 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-07-07 00:50:58 | 000,524,288 | -HS- | M] () -- C:\Users\kasia\ntuser.dat{cea41bc2-c775-11e1-815b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2012-07-07 00:50:58 | 000,524,288 | -HS- | M] () -- C:\Users\kasia\ntuser.dat{cea41bc2-c775-11e1-815b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2012-07-07 00:50:58 | 000,065,536 | -HS- | M] () -- C:\Users\kasia\ntuser.dat{cea41bc2-c775-11e1-815b-806e6f6e6963}.TM.blf [2012-07-07 00:18:30 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif [2012-07-07 00:17:13 | 000,012,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-07 00:17:13 | 000,012,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-07 00:14:32 | 012,633,984 | ---- | M] (Microsoft Corporation) -- C:\Users\kasia\Desktop\mseinstall.exe [2012-07-06 16:23:33 | 000,001,660 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin [2012-07-06 16:23:26 | 002,621,440 | -HS- | M] () -- C:\Users\kasia\ntuser.dat.bak [2012-07-06 16:10:31 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2012-07-06 16:02:41 | 000,001,079 | ---- | M] () -- C:\Users\kasia\Application Data\Microsoft\Internet Explorer\Quick Launch\Systweak PhotoStudio.lnk [2012-07-06 15:58:37 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk [2012-07-06 10:28:30 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-06 00:52:28 | 000,524,288 | -HS- | M] () -- C:\Users\kasia\ntuser.dat{767ac9c5-c6ee-11e1-9eef-c0cb38a9a66e}.TMContainer00000000000000000002.regtrans-ms [2012-07-06 00:52:28 | 000,524,288 | -HS- | M] () -- C:\Users\kasia\ntuser.dat{767ac9c5-c6ee-11e1-9eef-c0cb38a9a66e}.TMContainer00000000000000000001.regtrans-ms [2012-07-06 00:52:28 | 000,065,536 | -HS- | M] () -- C:\Users\kasia\ntuser.dat{767ac9c5-c6ee-11e1-9eef-c0cb38a9a66e}.TM.blf [2012-06-30 15:36:13 | 000,626,164 | ---- | M] () -- C:\Users\kasia\Desktop\2012-06-29 20.42.34.jpg [2012-06-30 10:48:20 | 000,002,401 | ---- | M] () -- C:\Users\kasia\Desktop\Google Chrome.lnk [2012-06-27 18:39:22 | 000,662,314 | ---- | M] () -- C:\Users\kasia\Desktop\2012-05-12 14.25.57 (2).jpg [2012-06-26 18:29:59 | 000,001,318 | ---- | M] () -- C:\Users\kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk [2012-06-23 09:30:00 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012-06-23 09:30:00 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012-06-23 09:30:00 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-06-23 09:30:00 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-06-23 09:30:00 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012-06-20 22:02:00 | 001,283,129 | ---- | M] () -- C:\Users\kasia\Desktop\Scan_Doc0049.pdf [2012-06-19 23:09:25 | 000,010,245 | ---- | M] () -- C:\Users\kasia\Desktop\normalne.dotx [2012-06-14 12:07:34 | 000,018,856 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [1 C:\Users\kasia\Desktop\*.tmp files -> C:\Users\kasia\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-07 17:26:54 | 745,953,264 | ---- | C] () -- C:\Users\kasia\Desktop\IMAGE.img [2012-07-07 17:26:43 | 000,004,215 | ---- | C] () -- C:\Users\kasia\Desktop\IMAGE.ccd [2012-07-07 17:23:25 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2012-07-07 17:19:39 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk [2012-07-07 11:52:14 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012-07-07 11:52:12 | 000,001,138 | ---- | C] () -- C:\Users\kasia\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk [2012-07-07 11:52:12 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk [2012-07-07 11:50:58 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012-07-07 11:50:58 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012-07-07 01:00:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012-07-07 01:00:46 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-07-06 16:24:29 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{cea41bc2-c775-11e1-815b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2012-07-06 16:24:29 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{cea41bc2-c775-11e1-815b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2012-07-06 16:24:29 | 000,065,536 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{cea41bc2-c775-11e1-815b-806e6f6e6963}.TM.blf [2012-07-06 16:19:26 | 000,001,660 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin [2012-07-06 16:05:29 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif [2012-07-06 16:02:41 | 000,001,079 | ---- | C] () -- C:\Users\kasia\Application Data\Microsoft\Internet Explorer\Quick Launch\Systweak PhotoStudio.lnk [2012-07-06 12:03:35 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2012-07-06 12:03:35 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2012-07-06 12:03:29 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk [2012-07-06 10:28:30 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-06 00:40:19 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{767ac9c5-c6ee-11e1-9eef-c0cb38a9a66e}.TMContainer00000000000000000002.regtrans-ms [2012-07-06 00:40:19 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{767ac9c5-c6ee-11e1-9eef-c0cb38a9a66e}.TMContainer00000000000000000001.regtrans-ms [2012-07-06 00:40:19 | 000,065,536 | -HS- | C] () -- C:\Users\kasia\ntuser.dat{767ac9c5-c6ee-11e1-9eef-c0cb38a9a66e}.TM.blf [2012-06-30 15:22:12 | 000,626,164 | ---- | C] () -- C:\Users\kasia\Desktop\2012-06-29 20.42.34.jpg [2012-06-27 18:39:18 | 000,662,314 | ---- | C] () -- C:\Users\kasia\Desktop\2012-05-12 14.25.57 (2).jpg [2012-06-26 18:29:59 | 000,001,318 | ---- | C] () -- C:\Users\kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk [2012-06-20 22:02:00 | 001,283,129 | ---- | C] () -- C:\Users\kasia\Desktop\Scan_Doc0049.pdf [2012-06-19 23:09:25 | 000,010,245 | ---- | C] () -- C:\Users\kasia\Desktop\normalne.dotx [2012-06-05 00:43:09 | 000,003,584 | ---- | C] () -- C:\Users\kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-17 02:13:07 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012-01-17 02:13:07 | 000,000,008 | RHS- | C] () -- C:\ProgramData\D71809E3A9.sys [2011-11-07 21:40:30 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{4a967fac-0978-11e1-b5a8-c0cb38a9a66e}.TMContainer00000000000000000002.regtrans-ms [2011-11-07 21:40:30 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{4a967fac-0978-11e1-b5a8-c0cb38a9a66e}.TMContainer00000000000000000001.regtrans-ms [2011-11-07 21:40:30 | 000,065,536 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{4a967fac-0978-11e1-b5a8-c0cb38a9a66e}.TM.blf [2011-11-03 15:59:55 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011-11-03 14:29:36 | 000,121,160 | ---- | C] () -- C:\Users\kasia\AppData\Local\GDIPFONTCACHEV1.DAT [2011-11-02 16:08:54 | 004,886,840 | -H-- | C] () -- C:\Users\kasia\AppData\Local\IconCache.db [2011-11-02 15:59:53 | 002,621,440 | -HS- | C] () -- C:\Users\kasia\ntuser.dat.bak [2011-11-02 15:59:53 | 002,621,440 | ---- | C] () -- C:\Users\kasia\ntuser.dat [2011-11-02 15:59:53 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011-11-02 15:59:53 | 000,524,288 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011-11-02 15:59:53 | 000,065,536 | -HS- | C] () -- C:\Users\kasia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011-11-02 15:59:53 | 000,000,020 | -HS- | C] () -- C:\Users\kasia\ntuser.ini [2011-09-16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011-09-16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011-09-16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011-09-16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011-09-16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 24 bytes -> C:\Windows:8E6AF738322E6822 < End of report >