OTL logfile created on: 2012-11-30 16:22:43 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\userx\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 25,22% Memory free 4,00 Gb Paging File | 2,33 Gb Available in Paging File | 58,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,21 Gb Total Space | 22,33 Gb Free Space | 11,44% Space Free | Partition Type: NTFS Drive D: | 270,45 Gb Total Space | 73,94 Gb Free Space | 27,34% Space Free | Partition Type: NTFS Computer Name: USERX-KOMPUTER | User Name: userx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-11-30 16:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\userx\Desktop\OTL.exe PRC - [2012-11-27 21:11:56 | 000,878,480 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-11-27 21:10:05 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012-11-19 21:48:16 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012-11-19 21:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2012-11-08 22:03:22 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012-11-06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe PRC - [2012-10-24 14:11:20 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe PRC - [2012-10-22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe PRC - [2012-10-02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-08-28 14:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2012-08-15 08:45:15 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe PRC - [2012-08-03 15:06:06 | 001,086,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012-08-01 15:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2012-08-01 15:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012-08-01 15:07:00 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2012-08-01 15:06:58 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-07-02 20:09:07 | 000,224,416 | ---- | M] (Beijing ELEX Technology Co., Ltd.) -- C:\Program Files\Software Plate\svcgdp.exe PRC - [2011-05-05 13:44:38 | 013,345,376 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2011-03-22 19:38:10 | 001,596,032 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe PRC - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-11-30 16:05:56 | 000,257,024 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\winamp.lng MOD - [2012-11-30 16:05:56 | 000,161,792 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\vis_milk2.lng MOD - [2012-11-30 16:05:56 | 000,087,552 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\vis_avs.lng MOD - [2012-11-30 16:05:56 | 000,041,984 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\pmp_wifi.lng MOD - [2012-11-30 16:05:56 | 000,036,864 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ombrowser.lng MOD - [2012-11-30 16:05:56 | 000,016,896 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\out_ds.lng MOD - [2012-11-30 16:05:56 | 000,014,336 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_wire.lng MOD - [2012-11-30 16:05:56 | 000,010,752 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\pmp_usb.lng MOD - [2012-11-30 16:05:56 | 000,010,752 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\pmp_android.lng MOD - [2012-11-30 16:05:56 | 000,008,192 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_transcode.lng MOD - [2012-11-30 16:05:56 | 000,007,680 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\vis_nsfs.lng MOD - [2012-11-30 16:05:56 | 000,007,168 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\out_wave.lng MOD - [2012-11-30 16:05:56 | 000,006,656 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\pmp_ipod.lng MOD - [2012-11-30 16:05:56 | 000,006,144 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\tagz.lng MOD - [2012-11-30 16:05:56 | 000,006,144 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\out_disk.lng MOD - [2012-11-30 16:05:56 | 000,005,632 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_rg.lng MOD - [2012-11-30 16:05:56 | 000,004,608 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\pmp_activesync.lng MOD - [2012-11-30 16:05:56 | 000,004,096 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\pmp_p4s.lng MOD - [2012-11-30 16:05:56 | 000,003,584 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\winampa.lng MOD - [2012-11-30 16:05:56 | 000,003,584 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\pmp_njb.lng MOD - [2012-11-30 16:05:56 | 000,003,072 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\playlist.lng MOD - [2012-11-30 16:05:55 | 000,066,560 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\burnlib.lng MOD - [2012-11-30 16:05:55 | 000,054,272 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_local.lng MOD - [2012-11-30 16:05:55 | 000,047,616 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_disc.lng MOD - [2012-11-30 16:05:55 | 000,046,080 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_pmp.lng MOD - [2012-11-30 16:05:55 | 000,040,448 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\gen_jumpex.lng MOD - [2012-11-30 16:05:55 | 000,022,528 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_mp3.lng MOD - [2012-11-30 16:05:55 | 000,022,016 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\gen_ff.lng MOD - [2012-11-30 16:05:55 | 000,021,504 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\gen_ml.lng MOD - [2012-11-30 16:05:55 | 000,020,992 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_midi.lng MOD - [2012-11-30 16:05:55 | 000,018,432 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_mod.lng MOD - [2012-11-30 16:05:55 | 000,014,848 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_wm.lng MOD - [2012-11-30 16:05:55 | 000,014,336 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_online.lng MOD - [2012-11-30 16:05:55 | 000,013,312 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_playlists.lng MOD - [2012-11-30 16:05:55 | 000,013,312 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_cdda.lng MOD - [2012-11-30 16:05:55 | 000,012,800 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_plg.lng MOD - [2012-11-30 16:05:55 | 000,012,800 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\dsp_sps.lng MOD - [2012-11-30 16:05:55 | 000,011,264 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_vorbis.lng MOD - [2012-11-30 16:05:55 | 000,011,264 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_nsv.lng MOD - [2012-11-30 16:05:55 | 000,011,264 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\gen_hotkeys.lng MOD - [2012-11-30 16:05:55 | 000,011,264 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\auth.lng MOD - [2012-11-30 16:05:55 | 000,010,240 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\enc_aacplus.lng MOD - [2012-11-30 16:05:55 | 000,009,216 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_downloads.lng MOD - [2012-11-30 16:05:55 | 000,008,704 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_history.lng MOD - [2012-11-30 16:05:55 | 000,008,704 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_devices.lng MOD - [2012-11-30 16:05:55 | 000,007,680 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\gen_tray.lng MOD - [2012-11-30 16:05:55 | 000,007,168 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_autotag.lng MOD - [2012-11-30 16:05:55 | 000,007,168 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_dshow.lng MOD - [2012-11-30 16:05:55 | 000,007,168 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\gen_orgler.lng MOD - [2012-11-30 16:05:55 | 000,007,168 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\gen_crasher.lng MOD - [2012-11-30 16:05:55 | 000,006,144 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_flac.lng MOD - [2012-11-30 16:05:55 | 000,006,144 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\enc_wma.lng MOD - [2012-11-30 16:05:55 | 000,005,632 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_wave.lng MOD - [2012-11-30 16:05:55 | 000,005,632 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\enc_lame.lng MOD - [2012-11-30 16:05:55 | 000,005,120 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_impex.lng MOD - [2012-11-30 16:05:55 | 000,005,120 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_bookmarks.lng MOD - [2012-11-30 16:05:55 | 000,005,120 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_avi.lng MOD - [2012-11-30 16:05:55 | 000,004,608 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_mp4.lng MOD - [2012-11-30 16:05:55 | 000,004,608 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_mkv.lng MOD - [2012-11-30 16:05:55 | 000,004,096 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_orb.lng MOD - [2012-11-30 16:05:55 | 000,004,096 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\enc_wav.lng MOD - [2012-11-30 16:05:55 | 000,004,096 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\enc_flac.lng MOD - [2012-11-30 16:05:55 | 000,003,584 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_nowplaying.lng MOD - [2012-11-30 16:05:55 | 000,003,584 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\ml_addons.lng MOD - [2012-11-30 16:05:55 | 000,003,584 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_swf.lng MOD - [2012-11-30 16:05:55 | 000,003,584 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_linein.lng MOD - [2012-11-30 16:05:55 | 000,003,584 | ---- | M] () -- C:\Users\userx\AppData\Local\Temp\WLZ2EFC.tmp\in_flv.lng MOD - [2012-11-27 21:12:02 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2012-11-27 21:12:02 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012-11-27 21:12:02 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012-11-27 21:12:02 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012-11-27 21:12:02 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012-11-27 21:12:02 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012-11-27 21:12:02 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012-11-27 21:12:02 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012-11-27 21:12:02 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012-11-27 21:12:02 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012-11-27 21:12:02 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012-11-27 21:12:02 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012-11-27 21:10:05 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012-11-08 22:03:22 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012-11-08 22:03:22 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2012-10-24 14:11:18 | 020,317,008 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll MOD - [2012-10-24 14:11:13 | 001,099,616 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll MOD - [2012-10-24 14:11:13 | 000,902,480 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll MOD - [2012-10-24 14:11:13 | 000,190,816 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll MOD - [2012-10-24 14:11:13 | 000,123,232 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll MOD - [2012-10-09 19:19:17 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012-08-03 15:07:06 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll MOD - [2012-08-03 15:06:50 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012-08-03 15:06:50 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll MOD - [2012-08-03 15:06:48 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012-08-03 15:06:46 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll MOD - [2012-08-03 15:06:44 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll MOD - [2012-08-03 15:06:44 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012-08-03 15:06:42 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll MOD - [2012-08-03 15:06:42 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012-08-03 15:06:42 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012-08-03 15:06:40 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012-08-03 15:06:40 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll MOD - [2012-08-03 15:06:36 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012-08-03 15:06:32 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll MOD - [2012-08-03 15:06:32 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll MOD - [2012-08-03 15:06:30 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll MOD - [2012-08-03 15:06:02 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll MOD - [2012-08-03 15:05:24 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012-07-02 10:29:08 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll MOD - [2012-07-02 10:29:08 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll MOD - [2012-07-02 10:28:20 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2011-06-27 14:37:11 | 000,623,616 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s MOD - [2011-06-27 14:37:11 | 000,154,624 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s MOD - [2011-06-27 14:37:11 | 000,103,936 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s MOD - [2011-06-27 14:37:11 | 000,090,112 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s MOD - [2011-06-27 14:37:11 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s MOD - [2011-06-27 14:37:11 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll MOD - [2011-06-27 14:37:11 | 000,047,616 | ---- | M] () -- C:\Program Files\Winamp\zlib.dll MOD - [2011-06-27 14:37:11 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s MOD - [2011-06-27 14:37:11 | 000,021,504 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s MOD - [2011-06-27 14:37:11 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s MOD - [2011-06-27 14:37:11 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s MOD - [2011-06-27 14:37:11 | 000,016,384 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s MOD - [2011-06-27 14:37:11 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s MOD - [2011-06-27 14:37:11 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s MOD - [2011-06-27 14:37:10 | 000,237,056 | ---- | M] () -- C:\Program Files\Winamp\System\aacPlusDecoder.w5s MOD - [2011-06-27 14:37:10 | 000,174,080 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s MOD - [2011-06-27 14:37:10 | 000,044,544 | ---- | M] () -- C:\Program Files\Winamp\System\devices.w5s MOD - [2011-06-27 14:37:10 | 000,023,040 | ---- | M] () -- C:\Program Files\Winamp\System\albumart.w5s MOD - [2011-06-27 14:37:10 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s MOD - [2011-06-27 14:37:09 | 000,293,888 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll MOD - [2011-06-27 14:37:09 | 000,240,640 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll MOD - [2011-06-27 14:37:09 | 000,200,704 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll MOD - [2011-06-27 14:37:09 | 000,171,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll MOD - [2011-06-27 14:37:09 | 000,126,464 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll MOD - [2011-06-27 14:37:09 | 000,118,272 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll MOD - [2011-06-27 14:37:09 | 000,113,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_wifi.dll MOD - [2011-06-27 14:37:09 | 000,083,456 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll MOD - [2011-06-27 14:37:09 | 000,082,944 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll MOD - [2011-06-27 14:37:09 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_android.dll MOD - [2011-06-27 14:37:09 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll MOD - [2011-06-27 14:37:09 | 000,053,760 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll MOD - [2011-06-27 14:37:09 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll MOD - [2011-06-27 14:37:09 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll MOD - [2011-06-27 14:37:09 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll MOD - [2011-06-27 14:37:09 | 000,031,744 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll MOD - [2011-06-27 14:37:09 | 000,022,528 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll MOD - [2011-06-27 14:37:09 | 000,020,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll MOD - [2011-06-27 14:37:09 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll MOD - [2011-06-27 14:37:08 | 000,313,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wm.dll MOD - [2011-06-27 14:37:08 | 000,288,768 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll MOD - [2011-06-27 14:37:08 | 000,252,416 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll MOD - [2011-06-27 14:37:08 | 000,250,368 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_devices.dll MOD - [2011-06-27 14:37:08 | 000,165,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll MOD - [2011-06-27 14:37:08 | 000,074,752 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_nsv.dll MOD - [2011-06-27 14:37:08 | 000,050,688 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll MOD - [2011-06-27 14:37:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mkv.dll MOD - [2011-06-27 14:37:08 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll MOD - [2011-06-27 14:37:08 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll MOD - [2011-06-27 14:37:08 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_swf.dll MOD - [2011-06-27 14:37:08 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll MOD - [2011-06-27 14:37:07 | 001,737,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll MOD - [2011-06-27 14:37:07 | 000,410,624 | ---- | M] () -- C:\Program Files\Winamp\nsutil.dll MOD - [2011-06-27 14:37:07 | 000,340,992 | ---- | M] () -- C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac MOD - [2011-06-27 14:37:07 | 000,312,832 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll MOD - [2011-06-27 14:37:07 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll MOD - [2011-06-27 14:37:07 | 000,183,808 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll MOD - [2011-06-27 14:37:07 | 000,180,224 | ---- | M] () -- C:\Program Files\Winamp\libmp4v2.dll MOD - [2011-06-27 14:37:07 | 000,109,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll MOD - [2011-06-27 14:37:07 | 000,102,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll MOD - [2011-06-27 14:37:07 | 000,079,360 | ---- | M] () -- C:\Program Files\Winamp\nde.dll MOD - [2011-06-27 14:37:07 | 000,072,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_dshow.dll MOD - [2011-06-27 14:37:07 | 000,068,608 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_avi.dll MOD - [2011-06-27 14:37:07 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll MOD - [2011-06-27 14:37:07 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll MOD - [2011-06-27 14:37:07 | 000,043,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flv.dll MOD - [2011-06-27 14:37:07 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll MOD - [2011-06-27 14:37:07 | 000,025,600 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll MOD - [2011-06-27 14:37:07 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll MOD - [2011-05-05 13:45:28 | 000,217,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\gglog.dll MOD - [2011-05-05 13:45:26 | 000,123,488 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll MOD - [2011-05-05 13:45:24 | 000,017,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipc.dll MOD - [2011-05-05 13:45:22 | 000,027,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcrypto.dll MOD - [2011-05-05 13:45:18 | 000,356,960 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcommon.dll MOD - [2011-04-16 04:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll MOD - [2011-02-17 10:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtScript4.dll MOD - [2011-02-17 10:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtXml4.dll MOD - [2011-02-17 10:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtSvg4.dll MOD - [2011-02-17 10:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll MOD - [2011-02-17 10:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtGui4.dll MOD - [2011-02-17 10:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtCore4.dll MOD - [2010-08-06 20:00:32 | 000,311,296 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll MOD - [2010-08-06 20:00:32 | 000,274,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll MOD - [2010-08-06 20:00:32 | 000,143,360 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll MOD - [2010-08-06 20:00:32 | 000,027,648 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll MOD - [2010-08-06 20:00:32 | 000,018,944 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll MOD - [2010-03-19 08:33:38 | 000,059,904 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\zlib1.dll MOD - [2009-07-13 16:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll MOD - [2009-07-13 16:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (PCSpeedUpService) SRV - [2012-11-19 21:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-11-08 22:03:22 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012-10-24 14:11:20 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012-10-09 19:19:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-10-02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-08-01 15:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-07-02 20:09:07 | 000,224,416 | ---- | M] (Beijing ELEX Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Software Plate\svcgdp.exe -- (svcgdp) SRV - [2010-06-21 08:49:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009-12-15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abauc3ab) DRV - [2012-11-08 22:03:22 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012-10-18 19:20:00 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012-10-15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012-09-21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012-09-21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2012-06-27 14:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012-02-09 21:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012-01-09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012-01-09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012-01-09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012-01-09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-06-26 12:04:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-06-26 12:04:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-04-07 16:38:54 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2009-07-07 13:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis) DRV - [2009-07-07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp) DRV - [2009-03-18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008-05-13 15:00:16 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2006-12-22 19:05:34 | 000,449,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=opc&from=opc&uid=WDC_WD5000AAKS-00UU3A0_WD-WCAYU363017830178&ts=1350762303 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=opc&from=opc&uid=WDC_WD5000AAKS-00UU3A0_WD-WCAYU363017830178&ts=1350762303 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=opc&from=opc&uid=WDC_WD5000AAKS-00UU3A0_WD-WCAYU363017830178&ts=1350762303 IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=opc&from=opc&uid=WDC_WD5000AAKS-00UU3A0_WD-WCAYU363017830178&ts=1350762303 IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms} IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=3012_5&babsrc=SP_ss&mntrId=58cf244f000000000000940c6d8dd546 IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms} IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={FC8F0023-A837-4294-8831-9E3454AFBAF2}&mid=ded144077a7d47d185e6bdb90fcada9f-5a2f6bab27038223e92eb6436abbde0eb1c4a0be&lang=pl&ds=AVG&pr=fr&d=2012-11-26 22:13:44&v=13.2.0.4&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyO6I6iSz&i=26 IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\SearchScopes\{EE50263C-1875-4AFE-8BFC-9CBD07D510D9}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421; [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "v9" FF - prefs.js..browser.search.order.1: "v9" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "v9" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?utm_source=b&utm_medium=opc&from=opc&uid=WDC_WD5000AAKS-00UU3A0_WD-WCAYU363017830178&ts=1350762303" FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: 5003446e01e7c@5003446e01eb5.info:1.0 FF - prefs.js..extensions.enabledItems: 500dbdad50e74@500dbdad50ead.info:1.0 FF - prefs.js..extensions.enabledItems: 50534e6f8164d@50534e6f81686.com:7.1 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.137.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.3 FF - prefs.js..extensions.enabledItems: ytd@mybrowserbar.com:6.3 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1 FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.746 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191 FF - prefs.js..extensions.enabledItems: avg@toolbar:12.2.5.32 FF - prefs.js..extensions.enabledItems: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.506 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=417&sr=0&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\userx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012-01-01 21:56:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012-11-26 20:27:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5003446e01e7c@5003446e01eb5.info: C:\Users\userx\AppData\Roaming\Mozilla\Firefox\Profiles\fkcft0zm.default\extensions\5003446e01e7c@5003446e01eb5.info [2012-07-15 23:39:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\500dbdad50e74@500dbdad50ead.info: C:\Users\userx\AppData\Roaming\Mozilla\Firefox\Profiles\fkcft0zm.default\extensions\500dbdad50e74@500dbdad50ead.info [2012-07-23 22:10:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\50534e6f8164d@50534e6f81686.com: C:\Users\userx\AppData\Roaming\Mozilla\Firefox\Profiles\fkcft0zm.default\extensions\50534e6f8164d@50534e6f81686.com [2012-09-14 16:31:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012-10-13 18:39:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-17 17:52:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-30 07:23:42 | 000,000,000 | ---D | M] [2012-10-13 18:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userx\AppData\Roaming\mozilla\Extensions [2012-11-18 23:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions [2011-06-27 14:37:05 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2012-11-18 23:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011-06-13 17:38:49 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2012-10-14 22:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-07-20 12:57:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-07-15 23:39:59 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\5003446e01e7c@5003446e01eb5.info [2012-07-23 22:10:35 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\500dbdad50e74@500dbdad50ead.info [2012-09-14 16:31:41 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\50534e6f8164d@50534e6f81686.com [2012-03-30 18:17:14 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\battlefieldheroespatcher@ea.com [2011-06-13 17:38:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\engine@conduit.com [2012-03-18 16:39:18 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\ffxtlbr@babylon.com [2012-09-14 16:33:08 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\ffxtlbr@incredibar.com [2012-11-18 23:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userx\AppData\Roaming\mozilla\Firefox\Profiles\fkcft0zm.default\extensions\staged-xpis [2012-11-18 23:38:48 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\userx\AppData\Roaming\mozilla\firefox\profiles\fkcft0zm.default\extensions\staged-xpis\{73a6fe31-595d-460b-a920-fcc0f8843232}\tmp.xpi [2011-07-30 12:10:22 | 000,002,354 | ---- | M] () -- C:\Users\userx\AppData\Roaming\mozilla\firefox\profiles\fkcft0zm.default\searchplugins\aol-web-search.xml [2012-09-14 16:32:55 | 000,002,203 | ---- | M] () -- C:\Users\userx\AppData\Roaming\mozilla\firefox\profiles\fkcft0zm.default\searchplugins\MyStart Search.xml [2012-01-23 01:52:04 | 000,002,515 | ---- | M] () -- C:\Users\userx\AppData\Roaming\mozilla\firefox\profiles\fkcft0zm.default\searchplugins\Search_Results.xml [2012-10-13 18:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-10-13 18:21:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010-06-21 09:19:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-21 09:18:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-03-22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-02-18 02:49:36 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-11-27 21:10:07 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-07-27 15:08:46 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-02-18 02:49:36 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-18 02:49:36 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-18 02:49:36 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-01-23 01:52:04 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-10-20 20:45:05 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml [2012-02-18 02:49:36 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-18 02:49:36 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DownloadnSave Class) - {24CFC545-EEF2-CDAA-784E-ACC8B9764162} - C:\ProgramData\DownloadnSave\bhoclass.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000..\Run: [] File not found O4 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4252676272-2371586129-3660312933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.134.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CC5168A-45B0-4962-9440-FA41690CA357}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EE72E8F-C170-4AD2-8253-39F43A05D7BC}: DhcpNameServer = 194.204.152.34 194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADCF92E8-24E9-4F17-B2C9-8D3AA8B53B57}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1e47be23-7d09-11df-88c8-6cf0492e336c}\Shell - "" = AutoRun O33 - MountPoints2\{1e47be23-7d09-11df-88c8-6cf0492e336c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{349f3cc0-1a90-11e2-bfc6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{349f3cc0-1a90-11e2-bfc6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{e52a3c69-7d0f-11df-abb5-6cf0492e336c}\Shell - "" = AutoRun O33 - MountPoints2\{e52a3c69-7d0f-11df-abb5-6cf0492e336c}\Shell\AutoRun\command - "" = I:\Launch.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-11-30 16:20:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\userx\Desktop\OTL.exe [2012-11-28 21:41:30 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012-11-28 21:41:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012-11-28 21:40:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012-11-28 21:40:47 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012-11-28 21:40:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012-11-28 21:39:05 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012-11-28 21:39:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012-11-28 21:39:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012-11-28 21:38:49 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012-11-28 16:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012-11-28 16:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012-11-26 22:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autonomiczny składnik AVG LinkScanner [2012-11-26 22:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012-11-26 22:08:31 | 000,000,000 | -H-D | C] -- C:\$AVG [2012-11-26 20:27:37 | 000,000,000 | ---D | C] -- C:\Users\userx\AppData\Local\AVG Secure Search [2012-11-26 20:26:50 | 000,000,000 | ---D | C] -- C:\Users\userx\AppData\Local\Avg2013 [2012-11-23 15:15:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012-11-21 20:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012-11-21 20:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012-11-18 21:45:43 | 000,000,000 | ---D | C] -- C:\Users\userx\AppData\Local\Diagnostics [2012-11-17 19:49:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-11-14 00:14:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-11-14 00:14:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012-11-14 00:14:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-11-14 00:14:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012-11-14 00:14:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-11-14 00:14:38 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-11-14 00:14:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-11-14 00:14:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-11-13 23:52:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012-11-13 23:52:48 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-11-08 19:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012-11-06 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\userx\AppData\Roaming\AVG2013 [2012-11-06 22:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012-11-06 22:44:09 | 000,000,000 | ---D | C] -- C:\Users\userx\AppData\Local\MFAData [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-11-30 16:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\userx\Desktop\OTL.exe [2012-11-30 16:19:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-11-30 15:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-11-30 15:23:16 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012-11-29 21:27:04 | 000,300,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-11-28 16:03:30 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012-11-27 21:18:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-11-27 21:18:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-11-26 22:14:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012-11-23 14:52:45 | 000,747,698 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-11-23 14:52:45 | 000,723,636 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2012-11-23 14:52:45 | 000,661,064 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-11-23 14:52:45 | 000,160,290 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-11-23 14:52:45 | 000,154,294 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2012-11-23 14:52:45 | 000,125,254 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-11-21 20:24:37 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012-11-18 21:24:12 | 000,009,509 | ---- | M] () -- C:\Users\userx\Desktop\o co chodzi.png [2012-11-18 15:02:30 | 000,008,629 | ---- | M] () -- C:\Users\userx\Desktop\ADRES FIZYCZNY.odt [2012-11-08 22:03:22 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-11-28 21:41:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-28 21:40:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-11-18 21:24:11 | 000,009,509 | ---- | C] () -- C:\Users\userx\Desktop\o co chodzi.png [2012-11-06 22:58:50 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012-08-01 12:07:56 | 000,000,640 | RHS- | C] () -- C:\Users\userx\ntuser.pol [2012-07-21 19:46:07 | 000,000,093 | ---- | C] () -- C:\Users\userx\AppData\Local\fusioncache.dat [2012-07-15 14:46:28 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe [2012-06-09 09:53:15 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2012-05-26 16:37:28 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat [2012-05-26 16:37:27 | 000,723,636 | ---- | C] () -- C:\Windows\System32\perfh019.dat [2012-05-26 16:37:27 | 000,154,294 | ---- | C] () -- C:\Windows\System32\perfc019.dat [2012-05-26 16:37:27 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat [2012-03-15 21:00:23 | 000,001,512 | ---- | C] () -- C:\Users\userx\.recently-used.xbel [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011-05-27 12:53:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-05-23 21:33:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011-05-23 21:31:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-05-20 15:49:30 | 000,138,056 | ---- | C] () -- C:\Users\userx\AppData\Roaming\PnkBstrK.sys [2011-05-20 15:48:53 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2011-01-09 10:47:02 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2010-11-30 10:17:20 | 000,028,026 | ---- | C] () -- C:\Users\userx\AppData\Roaming\OFMissionEditorConfig.xml [2010-10-14 12:08:05 | 000,015,360 | ---- | C] () -- C:\Users\userx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-11-08 19:24:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012-11-08 19:24:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012-08-14 16:23:35 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\Origin [2012-08-02 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\PC Suite [2011-06-03 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\.minecraft [2012-03-18 15:34:39 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Audacity [2012-08-29 07:37:51 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\AVG [2012-11-26 20:23:16 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\AVG2013 [2012-03-18 16:39:03 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Babylon [2012-07-12 14:14:25 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\BESTplayer [2012-07-12 14:16:31 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Cool Record Edit Pro [2012-10-20 20:45:57 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\DAEMON Tools Lite [2012-01-25 23:55:50 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\FreeScreenToVideo [2010-12-12 15:48:09 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Gadu-Gadu [2010-10-14 16:36:04 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Gadu-Gadu 10 [2012-07-12 21:07:59 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\GameRanger [2012-03-18 17:09:58 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Get from YouTube [2010-11-30 10:37:43 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\GHISLER [2011-06-22 12:10:58 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\go [2012-07-27 15:14:36 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\GoPlayer [2011-07-12 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\gtk-2.0 [2011-01-26 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\ipla [2010-09-04 13:07:32 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Leadertech [2011-01-24 09:17:49 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\LolClient [2012-05-25 19:07:07 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\LolClient2 [2012-07-26 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Moje pliki Bitwy o Śródziemie™ II [2012-07-26 18:36:22 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Moje pliki gry Władca Pierścieni, Król Nazguli [2012-08-18 15:40:12 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\NapiProjekt [2012-01-16 23:11:52 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Nokia [2011-05-15 13:00:49 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Nokia Ovi Suite [2012-05-05 10:36:04 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Nokia Suite [2010-12-12 13:05:15 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Nowe Gadu-Gadu [2010-06-28 09:55:14 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Off Road [2012-03-15 22:50:41 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\OnLive App [2012-10-20 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\OpenCandy [2010-06-21 09:31:51 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\OpenOffice.org [2012-01-17 14:42:25 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Opera [2012-08-15 14:55:29 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Origin [2012-09-12 18:48:58 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\PC Suite [2011-01-26 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\RDRM [2012-07-15 23:40:11 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\SendSpace [2010-12-03 19:49:24 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\Soldat [2011-01-05 23:05:54 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\The Creative Assembly [2012-10-27 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\TS3Client [2012-01-21 19:47:35 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\TuneUp Software [2012-11-29 00:43:04 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\uTorrent [2010-12-05 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\userx\AppData\Roaming\VitySoft [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report >