OTL logfile created on: 2012-08-30 18:01:12 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\FS\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,87 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 77,09% Memory free 5,97 Gb Paging File | 5,29 Gb Available in Paging File | 88,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 192,06 Gb Total Space | 155,74 Gb Free Space | 81,09% Space Free | Partition Type: NTFS Drive D: | 97,03 Gb Total Space | 52,52 Gb Free Space | 54,12% Space Free | Partition Type: NTFS Computer Name: FS-PC | User Name: FS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-30 17:56:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\FS\Downloads\OTL.exe PRC - [2012-07-04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe PRC - [2012-06-13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012-06-13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012-03-19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-07-16 19:01:30 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008-04-25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-07-04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2008-04-25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012-03-19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012-02-22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011-12-23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011-12-23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011-12-23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2008-06-26 06:25:58 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008-05-27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008-05-02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-04-03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.pah.org.pl/nasze-dzialania/8/pajacyk" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012-08-28 15:30:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-08-27 14:52:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-08-27 14:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FS\AppData\Roaming\Mozilla\Extensions [2012-08-27 14:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-07-14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-07-14 03:22:43 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-07-14 03:22:43 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-07-14 03:22:43 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-07-14 03:22:43 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-07-14 03:22:43 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-07-14 03:22:43 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (Fujitsu Siemens) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (Fujitsu Siemens) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-3779560217-3215316334-2817261142-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6320AA0D-2AC3-4BF0-9E4B-6CD32673EDEF}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012-08-28 17:51:51 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-08-28 17:51:52 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-30 17:50:55 | 000,404,680 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-08-28 17:51:51 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2012-08-28 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\Microsoft Games [2012-08-28 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\vlc [2012-08-28 12:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012-08-28 12:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView [2012-08-28 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\IrfanView [2012-08-28 12:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2012-08-28 12:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012-08-27 23:47:15 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\AVG2012 [2012-08-27 23:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012-08-27 23:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012-08-27 23:44:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012-08-27 23:44:14 | 000,000,000 | ---D | C] -- C:\$AVG [2012-08-27 23:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012-08-27 23:33:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012-08-27 23:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012-08-27 16:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012-08-27 16:30:04 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX [2012-08-27 16:30:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL [2012-08-27 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster [2012-08-27 16:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2012-08-27 15:12:49 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\Macromedia [2012-08-27 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\Mozilla [2012-08-27 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\Mozilla [2012-08-27 14:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012-08-27 14:43:19 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\Malwarebytes [2012-08-27 14:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-08-27 14:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-08-27 14:43:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012-08-27 14:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012-08-27 14:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Process Explorer 15.22 [2012-08-27 14:25:09 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\GHISLER [2012-08-27 13:52:48 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012-08-27 13:33:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2012-08-27 13:33:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012-08-27 13:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012-08-27 13:24:10 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2012-08-27 13:24:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012-08-27 13:24:01 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2012-08-27 13:24:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2012-08-27 13:24:01 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2012-08-27 13:24:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2012-08-27 13:24:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012-08-27 13:24:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe [2012-08-27 13:23:58 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012-08-27 13:23:57 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012-08-27 13:23:56 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-08-27 13:23:56 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012-08-27 13:23:56 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012-08-27 13:23:56 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012-08-27 13:23:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012-08-27 13:23:56 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012-08-27 13:23:56 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012-08-27 13:23:56 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2012-08-27 13:23:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-08-27 13:23:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012-08-27 13:23:50 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2012-08-27 13:23:49 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2012-08-27 13:23:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2012-08-27 13:23:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2012-08-27 13:23:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012-08-27 13:23:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2012-08-27 13:23:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2012-08-27 13:23:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2012-08-27 13:23:29 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012-08-27 13:23:29 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2012-08-27 13:22:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2012-08-27 13:22:59 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2012-08-27 13:22:54 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2012-08-27 13:22:54 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2012-08-27 13:22:43 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-08-27 13:22:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2012-08-27 13:22:30 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2012-08-27 13:22:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2012-08-27 13:22:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2012-08-27 13:22:22 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012-08-27 13:22:22 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012-08-27 13:22:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2012-08-27 13:22:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2012-08-27 13:22:20 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2012-08-27 13:22:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2012-08-27 13:22:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2012-08-27 13:22:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2012-08-27 13:22:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2012-08-27 13:22:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2012-08-27 13:22:11 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2012-08-27 13:22:11 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2012-08-27 13:22:10 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2012-08-27 13:22:08 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2012-08-27 13:22:08 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2012-08-27 13:22:01 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2012-08-27 13:22:01 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2012-08-27 13:21:47 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2012-08-27 13:21:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012-08-27 13:21:45 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2012-08-27 13:21:45 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2012-08-27 13:21:45 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2012-08-27 13:21:41 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012-08-27 13:21:41 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012-08-27 13:21:38 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2012-08-27 13:21:37 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2012-08-27 13:21:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012-08-27 13:21:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2012-08-27 13:21:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012-08-27 13:21:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2012-08-27 13:21:32 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2012-08-27 13:21:31 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2012-08-27 13:21:30 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2012-08-27 13:21:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2012-08-27 13:21:28 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2012-08-27 13:21:24 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2012-08-27 13:21:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2012-08-27 13:21:18 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2012-08-27 13:21:16 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012-08-27 13:21:14 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2012-08-27 12:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander [2012-08-27 12:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\totalcmd [2012-08-27 12:35:45 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\GHISLER [2012-08-21 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\Macromedia [2012-08-21 17:59:28 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\Adobe [2012-08-21 17:59:09 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\Google [2012-08-21 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\VirtualStore [2012-08-21 06:47:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012-08-21 06:42:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012-08-20 22:02:38 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\Google [2012-08-20 22:02:33 | 000,000,000 | R--D | C] -- C:\Users\FS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012-08-20 22:02:33 | 000,000,000 | R--D | C] -- C:\Users\FS\Searches [2012-08-20 22:02:33 | 000,000,000 | R--D | C] -- C:\Users\FS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012-08-20 22:02:23 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\Identities [2012-08-20 22:02:22 | 000,000,000 | R--D | C] -- C:\Users\FS\Contacts [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Ustawienia lokalne [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\AppData\Local\Temporary Internet Files [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Szablony [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\SendTo [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Recent [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\PrintHood [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\NetHood [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Documents\Moje wideo [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Documents\Moje obrazy [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Moje dokumenty [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Documents\Moja muzyka [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Menu Start [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\AppData\Local\Historia [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Dane aplikacji [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\AppData\Local\Dane aplikacji [2012-08-20 22:02:14 | 000,000,000 | -HSD | C] -- C:\Users\FS\Cookies [2012-08-20 22:02:13 | 000,000,000 | --SD | C] -- C:\Users\FS\AppData\Roaming\Microsoft [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Videos [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Saved Games [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Pictures [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Music [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Links [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Favorites [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Downloads [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Documents [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\Desktop [2012-08-20 22:02:13 | 000,000,000 | R--D | C] -- C:\Users\FS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012-08-20 22:02:13 | 000,000,000 | -H-D | C] -- C:\Users\FS\AppData [2012-08-20 22:02:13 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\Temp [2012-08-20 22:02:13 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\Microsoft [2012-08-20 22:02:13 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Roaming\Media Center Programs [2012-08-20 22:02:13 | 000,000,000 | ---D | C] -- C:\Users\FS\AppData\Local\Adobe [2012-08-20 22:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Fujitsu Siemens Computers [2012-08-20 22:01:44 | 000,000,000 | ---D | C] -- C:\fsc-reg [2012-08-20 22:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8 [2012-08-20 21:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012-08-20 21:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2012-08-20 21:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero [2012-08-20 21:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fujitsu Siemens Computers [2012-08-20 21:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Fujitsu Siemens Computers [2012-08-20 21:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012-08-20 21:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012-08-20 21:57:30 | 000,014,848 | ---- | C] (Fujitsu Siemens Computers) -- C:\Windows\System32\Fujitsu-Siemens.scr [2012-08-20 21:57:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2012-08-20 21:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012-08-20 21:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012-08-20 21:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-30 17:55:42 | 000,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-08-30 17:55:42 | 000,634,118 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-08-30 17:55:42 | 000,146,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-08-30 17:55:42 | 000,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-08-30 17:50:55 | 000,404,680 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-08-30 17:50:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-30 17:50:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-30 17:50:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-30 17:50:13 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys [2012-08-30 17:10:52 | 105,340,250 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012-08-30 17:10:23 | 000,022,607 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012-08-28 12:16:21 | 000,006,656 | ---- | M] () -- C:\Users\FS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-08-28 11:57:29 | 000,000,728 | ---- | M] () -- C:\Users\FS\Desktop\Heroes III WOG.lnk [2012-08-27 14:15:40 | 000,229,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-08-21 07:41:02 | 000,000,009 | ---- | M] () -- C:\DVD.TAG [2012-08-21 06:49:28 | 000,067,891 | ---- | M] () -- C:\Windows\System32\license.rtf [2012-08-20 22:00:47 | 000,001,024 | ---- | M] () -- C:\.rnd [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-30 17:10:52 | 105,340,250 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012-08-30 17:10:23 | 000,022,607 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012-08-28 12:15:42 | 000,006,656 | ---- | C] () -- C:\Users\FS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-08-28 11:56:23 | 000,000,728 | ---- | C] () -- C:\Users\FS\Desktop\Heroes III WOG.lnk [2012-08-27 14:52:08 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-08-27 13:22:20 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2012-08-21 07:41:02 | 000,000,009 | ---- | C] () -- C:\DVD.TAG [2012-08-21 06:42:29 | 3079,262,208 | -HS- | C] () -- C:\hiberfil.sys [2012-08-20 22:02:34 | 000,000,955 | ---- | C] () -- C:\Users\FS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012-08-20 22:02:32 | 000,000,950 | ---- | C] () -- C:\Users\FS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012-08-20 22:02:21 | 000,000,921 | ---- | C] () -- C:\Users\FS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012-08-20 22:00:46 | 000,001,024 | ---- | C] () -- C:\.rnd [2012-08-20 21:56:28 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [color=#E56717]========== LOP Check ==========[/color] [2012-08-27 23:47:15 | 000,000,000 | ---D | M] -- C:\Users\FS\AppData\Roaming\AVG2012 [2012-08-28 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\FS\AppData\Roaming\GHISLER [2012-08-28 12:14:23 | 000,000,000 | ---D | M] -- C:\Users\FS\AppData\Roaming\IrfanView [2012-08-30 17:48:32 | 000,015,378 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >