OTL logfile created on: 2012-08-28 20:05:46 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Admin\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,49 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 68,37% Memory free 8,37 Gb Paging File | 7,35 Gb Available in Paging File | 87,75% Paging File free Paging file location(s): c:\pagefile.sys 5000 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,90 Gb Total Space | 10,09 Gb Free Space | 6,73% Space Free | Partition Type: NTFS Drive D: | 315,76 Gb Total Space | 25,69 Gb Free Space | 8,14% Space Free | Partition Type: NTFS Drive E: | 7,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ADMIN-KOMPUTER | User Name: Admin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-28 19:48:42 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2012-06-27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- D:\Programy\Gadu-Gadjhjhj\gg.exe PRC - [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-08-18 00:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll MOD - [2012-08-18 00:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll MOD - [2012-08-18 00:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll MOD - [2012-08-18 00:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll MOD - [2012-08-18 00:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll MOD - [2012-08-15 19:17:05 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll MOD - [2012-01-08 15:41:12 | 000,093,696 | ---- | M] () -- D:\Programy\FileZilla FTP Client\fzshellext.dll MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\gglog.dll MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\ggipcradioproxy.dll MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\ggipc.dll MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\ggcrypto.dll MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\ggcommon.dll MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\QtWebKit4.dll MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\QtScript4.dll MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\QtXml4.dll MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\QtSvg4.dll MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\QtNetwork4.dll MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\QtGui4.dll MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\QtCore4.dll MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\imageformats\qtiff4.dll MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\imageformats\qmng4.dll MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\imageformats\qjpeg4.dll MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\imageformats\qgif4.dll MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\imageformats\qsvg4.dll MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- D:\Programy\Gadu-Gadjhjhj\zlib1.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- D:\Programy\ESET Smart Security 5\ekrn.exe -- (ekrn) SRV - [2012-08-15 19:17:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-06-27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012-06-11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012-05-23 04:02:24 | 000,217,600 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012-04-05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- D:\Gry\Tribes Ascend\HiPatchService.exe -- (HiPatchService) SRV - [2012-04-05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Stopped] -- D:\Programy\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012-04-05 13:08:24 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-10-11 03:27:12 | 000,102,752 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2010-11-22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010-04-06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010-01-19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Stopped] -- C:\Windows\System32\XSrvSetup.exe -- (JMB36X) SRV - [2009-12-10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009-10-13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Stopped] -- C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009-08-27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-06-17 17:13:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2008-08-07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007-02-22 19:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Admin\AppData\Local\Temp\uwrdakob.sys -- (uwrdakob) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\cpu.sys -- (cpu) DRV - [2012-08-27 09:59:08 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2012-08-27 09:58:42 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012-08-23 16:02:39 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2012-06-30 23:45:32 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012-06-11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012-05-23 05:14:42 | 008,733,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012-05-23 03:08:16 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012-05-09 15:24:36 | 000,346,176 | ---- | M] (PassMark Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\OSFMount\OSFMount.sys -- (OSFMount) DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-03-14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2012-03-14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2012-03-14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2012-03-14 08:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2012-03-14 08:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF) DRV - [2012-02-23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012-01-09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2012-01-09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012-01-09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012-01-09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011-10-11 03:28:10 | 000,067,424 | ---- | M] (BlueStack Systems) [Kernel | Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv) DRV - [2011-07-29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011-07-29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011-05-16 19:01:00 | 000,111,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010-12-21 07:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010-12-21 07:55:02 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd) DRV - [2010-12-21 07:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010-12-21 07:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010-05-18 11:25:52 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3) DRV - [2010-04-27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010-01-28 16:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010-01-27 10:58:32 | 000,098,928 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2009-09-16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:02:53 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86) DRV - [2009-04-24 16:03:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice) DRV - [2009-04-24 16:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice) DRV - [2009-03-27 14:23:12 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009-02-03 17:45:07 | 000,059,520 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2008-12-26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) DRV - [2008-02-13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2007-08-08 18:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2007-07-15 04:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip) DRV - [2007-04-21 16:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tenCapture.sys -- (tenCapture) DRV - [2007-02-08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006-07-10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-418616799-4038682857-2268346840-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-418616799-4038682857-2268346840-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-418616799-4038682857-2268346840-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-418616799-4038682857-2268346840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-418616799-4038682857-2268346840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@ganymede/SOCCER,version=1.0: C:\Program Files\Ganymede\Plugins\SOCCER\NPSOCCER.dll (Ganymede Technologies) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Programy\Nokia\PC Suite 7.1\Nokia PC Suite 7\bkmrksync\ [2012-08-02 15:49:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programy\Firefox 4\components [2011-06-03 22:15:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programy\Firefox 4\plugins [2012-07-24 12:41:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-16 20:16:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-24 22:37:55 | 000,000,000 | ---D | M] [2011-02-09 14:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012-07-31 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\55q4ykia.default\extensions [2012-06-21 20:43:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\55q4ykia.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-04-03 18:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-04-03 18:36:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011-12-21 10:04:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2002-09-16 15:32:04 | 000,138,752 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npImagine.dll [2011-07-15 13:25:10 | 000,624,800 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPSOCCER.dll [2011-12-21 07:04:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-12-21 07:04:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-12-21 07:04:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-12-21 07:04:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-12-21 07:04:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-12-21 07:04:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Imagine Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npImagine.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = D:\Programy\Firefox 4\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Winamp Application Detector (Enabled) = D:\Programy\Firefox 4\plugins\npwachk.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files\OnLive\Plugin\npolgdet.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Angry Birds = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Battlefield 3 Stats - All stats about BF3 = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffkchgejjecamjagaidkieglmefcmla\2012.1.12.51598_0\ CHR - Extension: AT_Reas = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinoconpnefhjndafimindldhibbcdae\2_0\ CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\ CHR - Extension: Downloads = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: League of Legends - Free Online Game | LoL - League of Legends = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjiejmcianfifpjmlnlhphddaacfkfdb\2011.12.5.37880_0\ O1 HOSTS File: ([2011-04-15 20:14:41 | 000,001,071 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 avatar.heroes.nexon.com # Vindictus Korean Avatar Server O1 - Hosts: 127.0.0.1 gamelog.nexon.com # Vindictus Log Server O1 - Hosts: 127.0.0.1 avatar.vindictus.nexon.net # Vindictus US Avatar Server O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Admin\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - D:\Programy\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (IVONA Reader) - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [Bonus.SSR.FR10] D:\Programy\ReaderFine\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TNOD UP] D:\Programy\TNOD\TNODUP.exe (Tukero[X]Team) O4 - HKLM..\Run: [TrayServer] D:\Programy\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\Trayserver_EN.exe (MAGIX AG) O4 - HKLM..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard driver\StartAutorun.exe PS2USBKbdDrv.exe File not found O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [DTlite] C:\Users\Admin\AppData\Roaming\Microsoft\DTlite.exe ( ) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [Gadu-Gadu 10] D:\Programy\Gadu-Gadjhjhj\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [IROElauncher] C:\Program Files\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe (Nektra S.A.) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [IVONA ControlCenter] C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVO Software Sp. z o.o.) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [IVONA Reader] C:\Program Files\IVONA\IVONA Reader\IVONA Reader.exe (IVONA Software Sp. z o.o.) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [RocketDock] D:\Programy\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [Steam] D:\Programy\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-418616799-4038682857-2268346840-1000..\Run: [wsctf.exe] wsctf.exe File not found O4 - HKLM..\RunOnce: [DES2] C:\Program Files\GIGABYTE\EnergySaver2\des2.exe () O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK = D:\Gry\Driver Parallel Lines\Register\RegistrationReminder.exe () O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Admin\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Admin\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: Ściągnij przy poomocy FlashGet3 - C:\Users\Admin\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet3 - C:\Users\Admin\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Users\Admin\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Admin\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86EF17B1-6FFA-4225-8D32-24E8888B9430}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008-03-31 10:08:02 | 000,000,082 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{0e8048ac-3449-11e0-aa91-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0e8048ac-3449-11e0-aa91-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cda_menu.exe -- [2010-08-03 14:51:45 | 004,685,312 | R--- | M] () O33 - MountPoints2\{aff54320-3446-11e0-a59a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{aff54320-3446-11e0-a59a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-28 19:48:37 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012-08-28 15:14:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2012 [2012-08-28 15:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2012 [2012-08-27 22:28:17 | 004,738,846 | ---- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe [2012-08-27 20:21:14 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012-08-24 18:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder [2012-08-22 14:45:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs [2012-08-17 23:03:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO [2012-08-17 23:03:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\LIMBO.v1.0r4.multi9.cracked-THETA_up_by_Dawidos0026 [2012-08-16 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Codeton [2012-08-16 21:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paseczek [2012-08-16 21:08:08 | 003,390,995 | ---- | C] (Codeton Software ) -- C:\Users\Admin\Desktop\Paseczek-1.1.0.365(dobreprogramy.pl).exe [2012-08-11 16:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2012-08-02 21:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2012-08-02 21:53:19 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\SER9PL.sys [2012-08-02 21:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix [2012-08-02 21:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2012-08-02 17:30:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2012-08-02 17:29:53 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2012-08-02 17:29:53 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2012-08-02 17:29:53 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll [2012-08-02 17:29:53 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll [2012-08-02 17:29:53 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2012-08-02 17:29:53 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2012-08-02 17:29:53 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2012-08-02 17:29:53 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2012-08-02 17:29:53 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll [2012-08-02 17:29:53 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll [2012-08-02 17:29:52 | 002,417,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2012-08-02 17:29:52 | 001,497,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2012-08-02 17:29:52 | 000,645,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2012-08-02 17:29:52 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll [2012-08-02 17:29:52 | 000,192,104 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll [2012-08-02 17:29:52 | 000,087,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll [2012-08-02 17:29:52 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll [2012-08-02 17:29:52 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll [2012-08-02 17:29:52 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll [2012-08-02 17:29:51 | 007,783,768 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2012-08-02 17:29:51 | 007,161,696 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2012-08-02 17:29:51 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat [2012-08-02 17:29:51 | 003,173,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2012-08-02 17:29:51 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012-08-02 17:29:51 | 001,185,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll [2012-08-02 17:29:51 | 000,709,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll [2012-08-02 17:29:51 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2012-08-02 17:29:51 | 000,351,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2012-08-02 17:29:51 | 000,350,552 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2012-08-02 17:29:51 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2012-08-02 17:29:51 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2012-08-02 17:29:51 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2012-08-02 17:29:51 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012-08-02 17:29:51 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2012-08-02 17:29:51 | 000,105,824 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2012-08-02 17:29:51 | 000,091,488 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2012-08-02 17:29:51 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2012-08-02 17:29:51 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2012-08-02 17:29:51 | 000,061,792 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2012-08-02 17:29:50 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012-08-02 17:29:50 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2012-08-02 17:29:50 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2012-08-02 17:29:50 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2012-08-02 17:29:50 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2012-08-02 17:29:50 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2012-08-02 17:29:50 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2012-08-02 17:29:50 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2012-08-02 17:29:50 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll [2012-08-02 17:29:50 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll [2012-08-02 17:29:50 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2012-08-02 17:29:50 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2012-08-02 17:29:50 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll [2012-08-02 17:29:50 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll [2012-08-02 17:29:50 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2012-08-02 17:29:50 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2012-08-02 17:29:50 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2012-08-02 17:29:50 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2012-08-02 17:29:49 | 000,176,736 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2012-08-02 17:29:49 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2012-08-02 17:29:48 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012-08-02 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\PC Suite [2012-08-02 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nokia [2012-08-02 15:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012-08-02 15:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite [2012-08-02 15:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite [2012-08-02 15:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012-08-02 15:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012-08-02 15:49:45 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2012-08-02 15:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012-08-02 15:49:26 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2012-08-02 15:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2012-08-02 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2012-08-01 15:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prototype 2 [24 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Users\Admin\AppData\Local\*.tmp files -> C:\Users\Admin\AppData\Local\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-28 19:48:42 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012-08-28 19:40:34 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\nz1jbkrz.exe [2012-08-28 19:38:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-28 19:38:20 | 2811,879,424 | -HS- | M] () -- C:\hiberfil.sys [2012-08-28 19:30:10 | 000,000,146 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012-08-28 19:29:56 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2012-08-28 15:14:38 | 000,000,022 | -HS- | M] () -- C:\Users\Admin\AppData\Roaming\Windows1569_SettingsRepository.bin [2012-08-28 15:14:38 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys [2012-08-28 15:14:33 | 000,001,853 | ---- | M] () -- C:\Users\Admin\Desktop\jv16 PowerTools 2012.lnk [2012-08-28 15:13:44 | 010,951,008 | ---- | M] () -- C:\Users\Admin\Desktop\jv16pt_setup_hb.exe [2012-08-28 11:49:39 | 279,800,228 | ---- | M] () -- C:\Users\Admin\Documents\kopia po purefix.reg [2012-08-27 22:28:58 | 004,738,846 | ---- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe [2012-08-27 21:54:20 | 000,176,642 | ---- | M] () -- C:\Users\Admin\Documents\cc_20120827_215411.reg [2012-08-27 12:17:52 | 000,041,080 | ---- | M] () -- C:\Users\Admin\Desktop\dane2.PNG [2012-08-27 12:17:40 | 000,006,757 | ---- | M] () -- C:\Users\Admin\Desktop\dane1.PNG [2012-08-27 10:12:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-08-27 10:06:42 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-27 10:06:42 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-27 09:59:08 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys [2012-08-27 09:59:08 | 000,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref [2012-08-27 09:58:42 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2012-08-27 09:58:33 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-08-26 23:44:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2012-08-26 23:31:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-08-26 22:47:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-418616799-4038682857-2268346840-1000UA.job [2012-08-26 21:47:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-418616799-4038682857-2268346840-1000Core.job [2012-08-24 18:35:19 | 000,000,705 | ---- | M] () -- C:\Users\Public\Desktop\Update NOD32 license.lnk [2012-08-23 16:02:39 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\etdrv.sys [2012-08-17 23:03:30 | 000,000,598 | ---- | M] () -- C:\Users\Admin\Desktop\LIMBO.lnk [2012-08-17 22:53:20 | 074,762,210 | ---- | M] () -- C:\Users\Admin\Desktop\LIMBO.v1.0r4.multi9.cracked-THETA_up_by_Dawidos0026.rar [2012-08-17 18:12:53 | 001,273,556 | ---- | M] () -- C:\Users\Admin\Desktop\turniej gamescom.PNG [2012-08-17 16:32:58 | 000,047,378 | ---- | M] () -- C:\Users\Admin\Desktop\rss.php [2012-08-16 21:09:17 | 003,390,995 | ---- | M] (Codeton Software ) -- C:\Users\Admin\Desktop\Paseczek-1.1.0.365(dobreprogramy.pl).exe [2012-08-15 19:17:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-08-15 19:17:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-08-15 15:33:32 | 001,307,158 | ---- | M] () -- C:\Users\Admin\Desktop\staty pro.PNG [2012-08-11 16:31:41 | 000,000,956 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK [2012-08-08 22:10:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012-08-03 23:52:54 | 005,542,222 | ---- | M] () -- C:\Users\Admin\Documents\sabaton dupstep.mp3 [2012-08-03 23:49:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\sabaton dupstep.mp3 [2012-08-03 12:24:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\RLauncher.exe [2012-08-03 10:51:16 | 003,859,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-08-02 21:57:36 | 000,000,256 | ---- | M] () -- C:\dk2.mem [2012-08-02 17:30:46 | 001,394,138 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-08-02 17:30:46 | 000,876,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-08-02 17:30:46 | 000,374,478 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-08-02 17:30:46 | 000,332,992 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-08-02 15:59:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012-08-02 15:59:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012-07-30 16:20:48 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012-07-30 16:20:39 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012-07-30 16:20:13 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [24 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Users\Admin\AppData\Local\*.tmp files -> C:\Users\Admin\AppData\Local\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-28 19:40:32 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\nz1jbkrz.exe [2012-08-28 19:30:09 | 000,000,146 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012-08-28 19:29:56 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2012-08-28 15:14:38 | 000,000,022 | -HS- | C] () -- C:\Users\Admin\AppData\Roaming\Windows1569_SettingsRepository.bin [2012-08-28 15:14:38 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys [2012-08-28 15:14:33 | 000,001,853 | ---- | C] () -- C:\Users\Admin\Desktop\jv16 PowerTools 2012.lnk [2012-08-28 15:12:13 | 010,951,008 | ---- | C] () -- C:\Users\Admin\Desktop\jv16pt_setup_hb.exe [2012-08-28 11:49:30 | 279,800,228 | ---- | C] () -- C:\Users\Admin\Documents\kopia po purefix.reg [2012-08-27 21:54:14 | 000,176,642 | ---- | C] () -- C:\Users\Admin\Documents\cc_20120827_215411.reg [2012-08-27 12:17:52 | 000,041,080 | ---- | C] () -- C:\Users\Admin\Desktop\dane2.PNG [2012-08-27 12:17:39 | 000,006,757 | ---- | C] () -- C:\Users\Admin\Desktop\dane1.PNG [2012-08-24 18:35:19 | 000,000,705 | ---- | C] () -- C:\Users\Public\Desktop\Update NOD32 license.lnk [2012-08-17 23:03:30 | 000,000,598 | ---- | C] () -- C:\Users\Admin\Desktop\LIMBO.lnk [2012-08-17 22:29:45 | 074,762,210 | ---- | C] () -- C:\Users\Admin\Desktop\LIMBO.v1.0r4.multi9.cracked-THETA_up_by_Dawidos0026.rar [2012-08-17 18:12:53 | 001,273,556 | ---- | C] () -- C:\Users\Admin\Desktop\turniej gamescom.PNG [2012-08-17 16:32:57 | 000,047,378 | ---- | C] () -- C:\Users\Admin\Desktop\rss.php [2012-08-15 15:33:31 | 001,307,158 | ---- | C] () -- C:\Users\Admin\Desktop\staty pro.PNG [2012-08-11 16:31:41 | 000,000,956 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK [2012-08-03 23:51:54 | 005,542,222 | ---- | C] () -- C:\Users\Admin\Documents\sabaton dupstep.mp3 [2012-08-03 23:49:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\sabaton dupstep.mp3 [2012-08-03 12:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RLauncher.exe [2012-08-02 21:57:36 | 000,000,256 | ---- | C] () -- C:\dk2.mem [2012-08-02 21:53:19 | 000,026,719 | ---- | C] () -- C:\Windows\System32\SERSPL.VXD [2012-08-02 17:29:51 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012-08-02 15:59:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012-08-02 15:59:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012-07-20 12:25:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ROT13 by Arturr300 v0.5.exe [2012-07-20 12:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ROT13 by arturr300.exe [2012-07-01 12:38:50 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Local\llftool.4.25.agreement [2012-06-28 21:20:59 | 000,693,760 | ---- | C] () -- C:\Windows\System32\ficthumbhdlr_x86.dll [2012-06-28 21:20:59 | 000,679,936 | ---- | C] () -- C:\Windows\System32\ficdecds_x86.dll [2012-06-27 15:33:42 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012-06-27 15:33:42 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012-06-27 15:33:42 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012-06-27 15:33:42 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012-06-27 15:33:42 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012-05-24 22:37:57 | 000,000,004 | ---- | C] () -- C:\Windows\System32\proc1208289865.bin [2012-05-22 22:28:32 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012-05-22 22:24:51 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe [2012-05-03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012-04-14 23:43:48 | 011,661,715 | ---- | C] () -- C:\Program Files\Microsoft Games for Windows - LIVE.rar [2012-04-12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012-03-27 19:49:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012-03-09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012-02-15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012-02-15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012-01-24 17:41:38 | 000,001,496 | ---- | C] () -- C:\Users\Admin\AppData\Local\Adobe Zapisz dla Internetu 12.0 Prefs [2012-01-20 23:15:54 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012-01-20 23:15:54 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012-01-20 23:15:54 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012-01-20 23:07:15 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll.bak [2011-12-04 16:16:01 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011-11-26 16:08:25 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-10-25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011-09-30 01:12:52 | 000,138,056 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PnkBstrK.sys [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-09-10 23:35:53 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND [2011-08-02 13:02:56 | 000,188,776 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011-07-18 16:35:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\PowerOnOff.ini [2011-07-11 15:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{DCE0EB57-B919-4741-ABEF-2DD60E918610} [2011-06-30 15:35:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\level.dat [2011-06-25 16:52:05 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-06-25 16:51:36 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-06-05 22:34:41 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Preferencje Adobe CS5 dla formatu GIF [2011-05-29 22:06:18 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2011-05-29 19:22:26 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011-05-28 18:54:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011-05-28 18:53:27 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011-05-26 22:58:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pierwszy program.exe [2011-05-08 13:32:02 | 000,007,608 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2011-04-15 20:11:45 | 000,000,465 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Current.prx [2011-04-05 20:37:24 | 000,139,264 | ---- | C] () -- C:\Users\Admin\uninstall.exe [2011-04-05 20:37:19 | 000,032,652 | ---- | C] () -- C:\Users\Admin\uninstall.ini [2011-03-24 21:43:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011-03-20 00:13:01 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-03-19 23:06:48 | 000,009,760 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PStrip.bk! [2011-03-19 21:07:39 | 000,037,888 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-19 17:55:04 | 000,000,305 | ---- | C] () -- C:\Windows\System32\secushr.dat [2011-03-19 17:09:29 | 000,000,248 | ---- | C] () -- C:\Windows\System32\secustat.dat [2011-03-19 17:06:49 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011-03-08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011-03-08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011-03-08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011-03-08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011-03-08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011-03-01 18:59:20 | 000,194,560 | ---- | C] () -- C:\Windows\System32\XPTable.dll_new [2011-02-10 23:40:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011-02-10 20:15:13 | 000,009,336 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PStrip.bko [2011-02-10 18:19:24 | 000,009,737 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PStrip.bak [2011-02-10 18:17:07 | 000,010,061 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PStrip.ini [2011-02-09 22:24:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-02-09 15:06:01 | 000,001,024 | ---- | C] () -- C:\Users\Admin\.rnd [2011-02-09 14:57:49 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2011-02-09 14:50:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-02-09 14:45:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-02-09 14:35:57 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011-02-09 14:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\System32\CommCmd.dll [2011-02-09 14:29:52 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe [2011-02-09 14:29:52 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys [2011-02-09 14:29:45 | 000,072,304 | R--- | C] () -- C:\Windows\System32\XSrvSetup.exe [2011-02-09 14:29:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011-02-09 14:26:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [color=#E56717]========== LOP Check ==========[/color] [2012-08-13 18:43:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft [2012-08-14 23:18:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AIMP3 [2011-03-08 21:05:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AnvSoft [2012-08-03 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity [2011-04-22 17:35:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Avnex [2012-06-29 23:06:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BITS [2012-07-16 22:38:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BlackBean [2011-03-13 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2012-08-16 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Codeton [2012-08-01 15:12:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2011-02-09 14:58:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ESET [2012-06-14 20:17:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla [2011-03-19 17:06:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGet [2011-03-19 17:06:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGetBHO [2011-03-20 12:19:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gadu-Gadu 10 [2012-05-24 22:37:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GanymedeNet [2012-04-15 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GetRightToGo [2012-04-07 14:25:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GG [2012-01-07 16:23:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GG Tools [2012-03-21 15:47:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GHISLER [2012-01-10 22:00:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gzegzolka XP [2011-02-09 14:54:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2011-06-06 19:31:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IVONA ControlCenter [2011-06-06 19:31:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IVONA Reader [2011-06-29 18:32:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient [2012-05-22 13:38:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient2 [2011-03-18 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2011-02-11 16:02:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mikrotik [2012-06-28 21:20:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mirillis [2011-07-20 22:53:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Moyea [2011-09-26 20:19:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NapiProjekt [2011-04-16 18:57:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World [2012-08-02 16:03:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia [2012-04-12 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2012-02-12 00:27:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OnLive App [2011-03-26 13:36:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenFM [2011-02-09 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2012-07-20 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin [2012-01-21 14:06:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Pamela [2012-01-21 14:16:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Pamela Call Recorder [2011-03-11 00:25:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PandoraRecovery [2012-08-02 15:59:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite [2011-06-13 17:48:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Publish Providers [2011-09-21 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\pymclevel [2011-05-14 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung [2011-05-08 19:04:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Screaming Bee [2012-05-21 19:16:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Soldat [2011-06-18 19:40:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony [2011-11-06 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thinstall [2012-06-13 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 3 [2012-02-06 20:29:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2011-06-27 20:19:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tunngle [2011-06-15 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Youtube Downloader HD [2012-07-15 17:23:46 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 943 bytes -> C:\ProgramData\TEMP:24721E3C @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:A11EF047 < End of report >