OTL logfile created on: 2012-08-02 14:50:20 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Milka\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,75 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 74,82% Memory free 5,70 Gb Paging File | 5,11 Gb Available in Paging File | 89,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 57,62 Gb Free Space | 40,00% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 74,02 Gb Free Space | 51,39% Space Free | Partition Type: NTFS Computer Name: MILKA-PC | User Name: Milka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-02 01:37:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Milka\Desktop\OTL.exe PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-10-27 13:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-07-27 18:07:59 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-19 16:40:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-06-20 09:44:11 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008-12-18 21:05:40 | 000,653,856 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2008-10-27 13:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008-10-04 04:09:02 | 000,069,632 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010-09-05 10:12:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010-01-04 11:30:56 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010-01-04 11:30:56 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010-01-04 11:30:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2008-12-29 07:38:06 | 000,109,920 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-11-21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008-11-04 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-10-09 17:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008-10-09 17:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008-10-09 17:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008-09-05 23:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008-08-25 13:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008-08-19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2006-11-02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\..\SearchScopes\{222B3924-A0D0-4B10-8000-65949B453C15}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\..\SearchScopes\{5BBD7072-638A-4B69-9805-812421F2ACF4}: "URL" = http://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.93.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-19 16:40:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-08-02 14:47:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-19 16:40:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-08-02 14:47:29 | 000,000,000 | ---D | M] [2011-07-06 20:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milka\AppData\Roaming\mozilla\Extensions [2012-08-02 14:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Milka\AppData\Roaming\mozilla\Firefox\Profiles\yqyxa1gu.default\extensions [2012-06-21 10:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-07-19 16:40:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-02-19 23:27:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-06-26 07:12:16 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-26 07:12:16 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-26 07:12:16 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-26 07:12:16 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-26 07:12:16 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-26 07:12:16 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O7 - HKU\S-1-5-21-1532760675-3050612240-3899385916-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.30.129.149 217.30.137.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A15270-231A-4601-BCE4-E747DF9645E4}: DhcpNameServer = 212.2.96.54 212.2.96.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4650D9-7F02-4489-8E07-A3AA50B85E3B}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF5B322-98C1-4409-BD47-7ECB04DB6F50}: DhcpNameServer = 212.2.96.54 212.2.96.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4BF9BA-75E9-4726-A3DF-5812B6D96E31}: DhcpNameServer = 212.2.96.53 212.2.96.51 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B0DC41-1B03-4D95-8360-8CBD4A69B8D9}: DhcpNameServer = 217.30.129.149 217.30.137.200 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Milka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Milka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3409a607-4aa7-11e0-ae53-001e101f8aaa}\Shell - "" = AutoRun O33 - MountPoints2\{3409a607-4aa7-11e0-ae53-001e101f8aaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{379385f3-1b6f-11e1-890a-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{379385f3-1b6f-11e1-890a-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4e64759f-a805-11e0-b318-001e101fb4df}\Shell - "" = AutoRun O33 - MountPoints2\{4e64759f-a805-11e0-b318-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{503809b1-4d65-11e0-a48d-00235a61ba0f}\Shell\AutoRun\command - "" = F:\POPITI/dozicu.exe O33 - MountPoints2\{503809b1-4d65-11e0-a48d-00235a61ba0f}\Shell\explore\command - "" = F:\POPITI/dozicu.exe O33 - MountPoints2\{503809b1-4d65-11e0-a48d-00235a61ba0f}\Shell\open\command - "" = F:\POPITI/dozicu.exe O33 - MountPoints2\{6c721722-b6db-11e0-a0e6-001e101f3315}\Shell - "" = AutoRun O33 - MountPoints2\{6c721722-b6db-11e0-a0e6-001e101f3315}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{713c5d23-a7f8-11e0-b36a-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{713c5d23-a7f8-11e0-b36a-001e101f8924}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8c297825-b8c5-11df-a180-00235a61ba0f}\Shell - "" = AutoRun O33 - MountPoints2\{8c297825-b8c5-11df-a180-00235a61ba0f}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{8c297825-b8c5-11df-a180-00235a61ba0f}\Shell\dinstall\command - "" = G:\Quake3\directx7\dxsetup.exe O33 - MountPoints2\{8d26899b-497c-11e0-b6b6-00235a61ba0f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\HAIhAEp.Exe O33 - MountPoints2\{b12caa64-19a2-11e1-acba-001e101fe5e1}\Shell - "" = AutoRun O33 - MountPoints2\{b12caa64-19a2-11e1-acba-001e101fe5e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bb2c75c3-a891-11e0-be12-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{bb2c75c3-a891-11e0-be12-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c30a61a2-4a93-11e0-97b8-00235a61ba0f}\Shell - "" = AutoRun O33 - MountPoints2\{c30a61a2-4a93-11e0-97b8-00235a61ba0f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c30a61cd-4a93-11e0-97b8-001e101f63cf}\Shell - "" = AutoRun O33 - MountPoints2\{c30a61cd-4a93-11e0-97b8-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-02 08:18:34 | 000,000,000 | ---D | C] -- C:\_OTL [2012-08-02 01:37:07 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Milka\Desktop\OTL.exe [2012-08-02 00:22:31 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012-07-29 08:21:53 | 000,000,000 | ---D | C] -- C:\Users\Milka\AppData\Roaming\hellomoto [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-02 14:50:13 | 002,883,584 | -HS- | M] () -- C:\Users\Milka\ntuser.dat [2012-08-02 14:48:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-02 14:48:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-02 14:48:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-08-02 14:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-02 14:48:39 | 2951,073,792 | -HS- | M] () -- C:\hiberfil.sys [2012-08-02 14:47:55 | 000,524,288 | -HS- | M] () -- C:\Users\Milka\ntuser.dat{c2124f16-86ab-11e0-bf8e-00235a61ba0f}.TMContainer00000000000000000001.regtrans-ms [2012-08-02 14:47:55 | 000,065,536 | -HS- | M] () -- C:\Users\Milka\ntuser.dat{c2124f16-86ab-11e0-bf8e-00235a61ba0f}.TM.blf [2012-08-02 14:47:54 | 006,291,456 | -H-- | M] () -- C:\Users\Milka\AppData\Local\IconCache.db [2012-08-02 14:47:09 | 000,139,471 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-08-02 14:46:37 | 000,614,881 | ---- | M] () -- C:\Users\Milka\Desktop\adwcleaner.exe [2012-08-02 01:37:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Milka\Desktop\OTL.exe [2012-08-02 00:17:51 | 000,139,471 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-08-01 20:42:51 | 000,000,590 | ---- | M] () -- C:\Windows\wininit.ini [2012-08-01 20:10:16 | 000,007,592 | ---- | M] () -- C:\Users\Milka\AppData\Local\d3d9caps.dat [2012-07-29 08:10:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Penx.dat [2012-07-29 08:09:16 | 001,495,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-07-29 08:09:16 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-07-29 08:09:16 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-07-29 08:09:16 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-07-29 08:09:16 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-07-29 08:07:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-07-27 18:07:58 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-07-27 18:07:58 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-07-26 19:40:56 | 000,060,702 | ---- | M] () -- C:\Users\Milka\Desktop\10,2011.pdf [2012-07-26 19:39:51 | 000,061,660 | ---- | M] () -- C:\Users\Milka\Desktop\11,2011.pdf [2012-07-26 19:38:11 | 000,062,574 | ---- | M] () -- C:\Users\Milka\Desktop\12,2011.pdf [2012-07-26 19:36:53 | 000,058,093 | ---- | M] () -- C:\Users\Milka\Desktop\01,2012.pdf [2012-07-26 19:36:14 | 000,056,502 | ---- | M] () -- C:\Users\Milka\Desktop\07,2012.pdf [2012-07-26 19:36:03 | 000,056,449 | ---- | M] () -- C:\Users\Milka\Desktop\06,2012.pdf [2012-07-26 19:35:51 | 000,057,057 | ---- | M] () -- C:\Users\Milka\Desktop\05,2012.pdf [2012-07-26 19:35:34 | 000,056,546 | ---- | M] () -- C:\Users\Milka\Desktop\04,2012.pdf [2012-07-26 19:35:07 | 000,057,179 | ---- | M] () -- C:\Users\Milka\Desktop\03.2012.pdf [2012-07-26 19:33:55 | 000,059,318 | ---- | M] () -- C:\Users\Milka\Desktop\02.2012.pdf [2012-07-26 18:40:11 | 000,034,824 | ---- | M] () -- C:\Users\Milka\Desktop\transfer_20120726.pdf [2012-07-26 18:38:05 | 000,035,376 | ---- | M] () -- C:\Users\Milka\Desktop\placed_order_276641_20120726.pdf [2012-07-10 22:35:04 | 000,219,648 | ---- | M] () -- C:\Users\Milka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-02 14:46:37 | 000,614,881 | ---- | C] () -- C:\Users\Milka\Desktop\adwcleaner.exe [2012-08-02 00:17:36 | 2951,073,792 | -HS- | C] () -- C:\hiberfil.sys [2012-07-29 08:10:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Penx.dat [2012-07-26 19:40:56 | 000,060,702 | ---- | C] () -- C:\Users\Milka\Desktop\10,2011.pdf [2012-07-26 19:39:51 | 000,061,660 | ---- | C] () -- C:\Users\Milka\Desktop\11,2011.pdf [2012-07-26 19:38:11 | 000,062,574 | ---- | C] () -- C:\Users\Milka\Desktop\12,2011.pdf [2012-07-26 19:36:53 | 000,058,093 | ---- | C] () -- C:\Users\Milka\Desktop\01,2012.pdf [2012-07-26 19:36:14 | 000,056,502 | ---- | C] () -- C:\Users\Milka\Desktop\07,2012.pdf [2012-07-26 19:36:03 | 000,056,449 | ---- | C] () -- C:\Users\Milka\Desktop\06,2012.pdf [2012-07-26 19:35:51 | 000,057,057 | ---- | C] () -- C:\Users\Milka\Desktop\05,2012.pdf [2012-07-26 19:35:34 | 000,056,546 | ---- | C] () -- C:\Users\Milka\Desktop\04,2012.pdf [2012-07-26 19:35:07 | 000,057,179 | ---- | C] () -- C:\Users\Milka\Desktop\03.2012.pdf [2012-07-26 19:33:55 | 000,059,318 | ---- | C] () -- C:\Users\Milka\Desktop\02.2012.pdf [2012-07-26 18:40:11 | 000,034,824 | ---- | C] () -- C:\Users\Milka\Desktop\transfer_20120726.pdf [2012-07-26 18:38:04 | 000,035,376 | ---- | C] () -- C:\Users\Milka\Desktop\placed_order_276641_20120726.pdf [2011-08-30 21:00:06 | 000,007,592 | ---- | C] () -- C:\Users\Milka\AppData\Local\d3d9caps.dat [2011-07-07 18:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Xpen.dat [2011-07-06 20:08:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-05-25 10:48:46 | 000,524,288 | -HS- | C] () -- C:\Users\Milka\ntuser.dat{c2124f16-86ab-11e0-bf8e-00235a61ba0f}.TMContainer00000000000000000002.regtrans-ms [2011-05-25 10:48:46 | 000,524,288 | -HS- | C] () -- C:\Users\Milka\ntuser.dat{c2124f16-86ab-11e0-bf8e-00235a61ba0f}.TMContainer00000000000000000001.regtrans-ms [2011-05-25 10:48:46 | 000,065,536 | -HS- | C] () -- C:\Users\Milka\ntuser.dat{c2124f16-86ab-11e0-bf8e-00235a61ba0f}.TM.blf [2011-04-24 20:09:00 | 000,000,525 | ---- | C] () -- C:\Windows\QIII.INI [2011-04-23 21:12:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011-02-15 17:01:29 | 000,000,590 | ---- | C] () -- C:\Windows\wininit.ini [2010-09-05 10:12:43 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009-05-16 09:05:24 | 000,024,206 | ---- | C] () -- C:\Users\Milka\AppData\Roaming\UserTile.png [2009-04-27 14:42:00 | 000,139,471 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009-04-27 14:41:58 | 000,139,471 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009-04-26 18:41:19 | 000,219,648 | ---- | C] () -- C:\Users\Milka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-04-26 16:02:07 | 006,291,456 | -H-- | C] () -- C:\Users\Milka\AppData\Local\IconCache.db [2009-04-26 15:50:34 | 000,081,448 | ---- | C] () -- C:\Users\Milka\AppData\Local\GDIPFONTCACHEV1.DAT [2009-04-26 15:47:43 | 002,883,584 | -HS- | C] () -- C:\Users\Milka\ntuser.dat [2009-04-26 15:47:43 | 000,524,288 | -HS- | C] () -- C:\Users\Milka\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009-04-26 15:47:43 | 000,524,288 | -HS- | C] () -- C:\Users\Milka\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009-04-26 15:47:43 | 000,065,536 | -HS- | C] () -- C:\Users\Milka\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009-04-26 15:47:43 | 000,000,020 | -HS- | C] () -- C:\Users\Milka\ntuser.ini [color=#E56717]========== LOP Check ==========[/color] [2009-02-05 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2009-02-05 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2009-05-16 22:44:23 | 000,000,000 | -HSD | M] -- C:\Users\Milka\AppData\Roaming\.# [2009-02-05 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\Acer GameZone Console [2012-02-25 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\Canon [2011-07-07 14:25:35 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\Codeton [2010-09-05 11:39:09 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\DAEMON Tools Lite [2009-07-11 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\Flood Light Games [2011-07-07 23:41:22 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\Gadu-Gadu [2012-07-29 08:22:01 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\hellomoto [2012-08-02 00:15:26 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\ipla [2012-01-18 23:21:42 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\iPlus [2009-08-01 09:59:10 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\Leadertech [2009-05-16 14:02:55 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\Meridian93 [2012-04-09 19:39:52 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\ObviousIdea [2009-05-16 09:05:24 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\PeerNetworking [2011-07-25 22:41:29 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\PowerCinema [2009-05-03 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\SoftDMA [2012-05-02 08:08:01 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\uTorrent [2012-04-09 19:44:47 | 000,000,000 | ---D | M] -- C:\Users\Milka\AppData\Roaming\VSO [2009-02-05 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Mirek\AppData\Roaming\Acer GameZone Console [2009-04-26 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Mirek\AppData\Roaming\PeerNetworking [2009-04-26 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Mirek\AppData\Roaming\PowerCinema [2012-08-02 14:47:57 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:05113FB9 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4220A65C @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:73933431 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7CACEF61 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:793F316E @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:C99F6ECA @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DAFD38AE @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:F880DE59 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:F3176E45 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:753F86A9 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:F65733F1 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:AB689DEA < End of report >