OTL logfile created on: 2012-12-19 22:11:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,97 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 47,38% Memory free 7,93 Gb Paging File | 5,58 Gb Available in Paging File | 70,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 229,77 Gb Total Space | 113,70 Gb Free Space | 49,49% Space Free | Partition Type: NTFS Drive D: | 12,50 Gb Total Space | 2,09 Gb Free Space | 16,75% Space Free | Partition Type: NTFS Drive F: | 223,30 Gb Total Space | 100,13 Gb Free Space | 44,84% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: kulas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-12-19 21:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2012-12-14 17:00:09 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012-12-06 03:35:05 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\pliki\programy\Mozilla Firefox\firefox.exe PRC - [2012-09-29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- F:\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012-09-29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- F:\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- F:\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- F:\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-08-28 14:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- C:\pliki\programy\Daemon\DAEMON Tools Lite\DTLite.exe PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010-03-25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009-12-01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe PRC - [2009-07-24 17:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe PRC - [2009-07-23 19:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009-07-23 10:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-12-06 03:35:05 | 002,397,152 | ---- | M] () -- C:\pliki\programy\Mozilla Firefox\mozjs.dll MOD - [2012-08-17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2009-07-24 17:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll MOD - [2009-07-24 17:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll MOD - [2009-07-24 17:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll MOD - [2009-07-23 10:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-03-08 18:21:52 | 000,538,000 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01) SRV:[b]64bit:[/b] - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2010-03-23 06:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2009-07-30 16:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-08 12:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:[b]64bit:[/b] - [2009-07-02 22:16:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-06-03 01:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService) SRV:[b]64bit:[/b] - [2009-03-02 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters) SRV - [2012-12-14 17:00:09 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012-12-11 19:32:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- F:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- F:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-09-27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-11-30 15:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-11-12 13:58:19 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-03-25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010-03-23 06:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe -- (STacSV) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-06-03 01:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService) SRV - [2009-05-22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009-03-02 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters) SRV - [2009-02-26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\pliki\programy\MS07\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008-02-01 03:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-12-14 17:13:29 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:[b]64bit:[/b] - [2012-12-14 17:13:29 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:[b]64bit:[/b] - [2012-12-14 17:13:29 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:[b]64bit:[/b] - [2012-12-14 17:13:28 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012-08-13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:[b]64bit:[/b] - [2012-08-02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2012-06-19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:[b]64bit:[/b] - [2012-03-08 18:21:52 | 002,639,976 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01) DRV:[b]64bit:[/b] - [2012-03-08 17:15:05 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2010-11-20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-09-23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2010-03-23 06:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2010-01-13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:[b]64bit:[/b] - [2009-07-23 18:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) DRV:[b]64bit:[/b] - [2009-07-21 04:39:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:[b]64bit:[/b] - [2009-07-15 00:16:00 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:[b]64bit:[/b] - [2009-07-13 23:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-07-08 12:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:[b]64bit:[/b] - [2009-07-08 12:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:[b]64bit:[/b] - [2009-07-02 22:51:00 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-07-01 21:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2009-07-01 21:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2009-07-01 21:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2009-06-29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:[b]64bit:[/b] - [2009-06-29 18:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009-06-10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009-06-10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009-06-10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:[b]64bit:[/b] - [2009-06-10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-22 07:32:52 | 000,311,424 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAF15.sys -- (AVerAF15) DRV:[b]64bit:[/b] - [2009-04-29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:[b]64bit:[/b] - [2009-04-29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:[b]64bit:[/b] - [2009-04-08 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2008-08-28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_PL&c=94&bd=Pavilion&pf=cnnb IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_PL&c=94&bd=Pavilion&pf=cnnb IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {E2958F71-2B50-4864-811E-2F39556414E9} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{E2958F71-2B50-4864-811E-2F39556414E9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_PL&c=94&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=f65017b8-1748-11e1-9829-00247ef4b998 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {E2958F71-2B50-4864-811E-2F39556414E9} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6ADC8E79-1554-437B-873C-6EB7FBF22585}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_PL&c=94&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/custom?domains=entretieneteds.to.md&q=&sitesearch=&client=pub-3439752189615153 IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ie IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=f65017b8-1748-11e1-9829-00247ef4b998 IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\..\SearchScopes,DefaultScope = {E2958F71-2B50-4864-811E-2F39556414E9} IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\..\SearchScopes\{25C9A953-6FDE-447E-A489-DDB420C612BB}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\..\SearchScopes\{6ADC8E79-1554-437B-873C-6EB7FBF22585}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\..\SearchScopes\{E2958F71-2B50-4864-811E-2F39556414E9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=f65017b8-1748-11e1-9829-00247ef4b998&q={searchTerms} IE - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.startup.homepage: "error" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40Facemoods.com:1.4.0 FF - prefs.js..extensions.enabledAddons: welcome%40toolmin.com:1.03 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4231 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\pliki\programy\snook wp\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@ganymede/MAKAOV2,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\MAKAOV2\NPMAKAOV2.dll (Ganymede Technologies) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\pliki\programy\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\pliki\programy\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010-08-15 12:44:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-12-14 17:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-12-14 17:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-12-14 17:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-12-14 17:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-12-14 17:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\pliki\programy\Mozilla Firefox\components [2012-12-06 03:35:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\pliki\programy\Mozilla Firefox\plugins [2012-12-06 03:35:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010-08-15 12:44:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\pliki\programy\Mozilla Firefox\components [2012-12-06 03:35:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\pliki\programy\Mozilla Firefox\plugins [2012-12-06 03:35:01 | 000,000,000 | ---D | M] [2009-12-20 02:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kulas\AppData\Roaming\mozilla\Extensions [2012-12-07 10:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kulas\AppData\Roaming\mozilla\Firefox\Profiles\lgnndwjj.default\extensions [2012-02-12 11:30:56 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\kulas\AppData\Roaming\mozilla\Firefox\Profiles\lgnndwjj.default\extensions\welcome@toolmin.com [2012-02-27 16:38:21 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\kulas\AppData\Roaming\mozilla\firefox\profiles\lgnndwjj.default\extensions\DivXWebPlayer@divx.com.xpi [2011-08-18 08:46:08 | 000,025,939 | ---- | M] () (No name found) -- C:\Users\kulas\AppData\Roaming\mozilla\firefox\profiles\lgnndwjj.default\extensions\ffxtlbr@Facemoods.com.xpi [2012-12-07 10:40:40 | 000,019,633 | ---- | M] () (No name found) -- C:\Users\kulas\AppData\Roaming\mozilla\firefox\profiles\lgnndwjj.default\extensions\p24ext@przelewy24.pl.xpi [2012-11-23 17:19:20 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\kulas\AppData\Roaming\mozilla\firefox\profiles\lgnndwjj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-23 16:47:44 | 000,002,569 | ---- | M] () -- C:\Users\kulas\AppData\Roaming\mozilla\firefox\profiles\lgnndwjj.default\searchplugins\askcom.xml [2012-10-21 10:28:27 | 000,002,306 | ---- | M] () -- C:\Users\kulas\AppData\Roaming\mozilla\firefox\profiles\lgnndwjj.default\searchplugins\askcomsearch.xml [2010-12-18 20:52:26 | 000,001,832 | ---- | M] () -- C:\Users\kulas\AppData\Roaming\mozilla\firefox\profiles\lgnndwjj.default\searchplugins\bing.xml [2012-09-23 17:22:22 | 000,000,792 | ---- | M] () -- C:\Users\kulas\AppData\Roaming\mozilla\firefox\profiles\lgnndwjj.default\searchplugins\startsear.xml [2012-12-06 03:34:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PLIKI\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-12-06 03:34:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PLIKI\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-12-06 03:35:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PLIKI\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-14 17:13:37 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2010-12-13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012-02-12 11:30:56 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://startsear.ch/?aff=1&cf=f65017b8-1748-11e1-9829-00247ef4b998 CHR - default_search_provider: facemoods () CHR - default_search_provider: search_url = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 CHR - default_search_provider: suggest_url = CHR - homepage: http://startsear.ch/?aff=1&cf=f65017b8-1748-11e1-9829-00247ef4b998 CHR - Extension: StartSearch Video plug-in = C:\Users\kulas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\ CHR - Extension: VshareComplete plugin for chrome = C:\Users\kulas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: Facemoods = C:\Users\kulas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\ CHR - Extension: vshare plugin = C:\Users\kulas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\pliki\programy\MS07\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] F:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2092125533-1102860085-1579631690-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\pliki\programy\MS07\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\pliki\programy\MS07\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\pliki\programy\MS07\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A2549F-516F-48A0-9D3B-B1AD895AC10B}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64AB0B1C-D2B2-44CC-BA88-75E8BF27C425}: DhcpNameServer = 217.172.224.160 89.231.1.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8EED24C-7484-42B8-975B-F58F042315AA}: NameServer = 82.139.8.7,192.168.0.2 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\pliki\programy\MS07\Office12\GrooveSystemServices.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\pliki\programy\MS07\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{040ff99c-693a-11e1-85d5-8786ba7e48f8}\Shell - "" = AutoRun O33 - MountPoints2\{040ff99c-693a-11e1-85d5-8786ba7e48f8}\Shell\AutoRun\command - "" = G:\Installer.exe O33 - MountPoints2\{0ddf28fb-3904-11e0-b4eb-00269e63508b}\Shell - "" = AutoRun O33 - MountPoints2\{0ddf28fb-3904-11e0-b4eb-00269e63508b}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{0ddf2916-3904-11e0-b4eb-00269e63508b}\Shell - "" = AutoRun O33 - MountPoints2\{0ddf2916-3904-11e0-b4eb-00269e63508b}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{12946aae-983c-11e1-b4e9-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{12946aae-983c-11e1-b4e9-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{12946ada-983c-11e1-b4e9-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{12946ada-983c-11e1-b4e9-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{1922a202-8b18-11e1-9057-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{1922a202-8b18-11e1-9057-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{1922a209-8b18-11e1-9057-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{1922a209-8b18-11e1-9057-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{35fbd05f-babe-11df-8e31-00269e63508b}\Shell - "" = AutoRun O33 - MountPoints2\{35fbd05f-babe-11df-8e31-00269e63508b}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{3dc29ee9-83dd-11e1-b49a-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{3dc29ee9-83dd-11e1-b49a-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{3dc29ef1-83dd-11e1-b49a-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{3dc29ef1-83dd-11e1-b49a-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{4a8737da-4fc4-11df-a4fc-c812ee1babf7}\Shell - "" = AutoRun O33 - MountPoints2\{4a8737da-4fc4-11df-a4fc-c812ee1babf7}\Shell\AutoRun\command - "" = I:\Autorun.exe O33 - MountPoints2\{504ac921-8e20-11e1-b2e6-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{504ac921-8e20-11e1-b2e6-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{5dda5260-3c2b-11e0-bcb8-00247ef4b998}\Shell - "" = AutoRun O33 - MountPoints2\{5dda5260-3c2b-11e0-bcb8-00247ef4b998}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{76826eab-8edd-11e1-947a-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{76826eab-8edd-11e1-947a-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{8b0bb762-896f-11e1-9c48-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{8b0bb762-896f-11e1-9c48-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{8b0bb766-896f-11e1-9c48-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{8b0bb766-896f-11e1-9c48-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{9c75c1ec-8a4a-11e1-95ec-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{9c75c1ec-8a4a-11e1-95ec-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{b2eb1318-3a00-11e0-917f-00247ef4b998}\Shell - "" = AutoRun O33 - MountPoints2\{b2eb1318-3a00-11e0-917f-00247ef4b998}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{bef1d75c-8985-11e1-bf74-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{bef1d75c-8985-11e1-bf74-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{bef1d785-8985-11e1-bf74-001e101f2c0e}\Shell - "" = AutoRun O33 - MountPoints2\{bef1d785-8985-11e1-bf74-001e101f2c0e}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{d7b138d3-ed83-11de-95ab-00247ef4b998}\Shell - "" = AutoRun O33 - MountPoints2\{d7b138d3-ed83-11de-95ab-00247ef4b998}\Shell\AutoRun\command - "" = G:\TeU.exe O33 - MountPoints2\{e0ffe136-8fa7-11e1-86cf-001e65d81bd2}\Shell - "" = AutoRun O33 - MountPoints2\{e0ffe136-8fa7-11e1-86cf-001e65d81bd2}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2012-12-19 21:50:31 | 000,000,000 | ---D | C] -- C:\Users\kulas\AppData\Roaming\Malwarebytes [2012-12-19 21:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-12-19 21:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-12-19 21:49:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-12-16 11:15:44 | 000,000,000 | ---D | C] -- C:\Users\kulas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2012 [2012-12-16 11:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2012 [2012-12-14 00:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2012-12-14 00:43:26 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2012-12-14 00:39:43 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2012-12-14 00:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012-12-14 00:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012-12-14 00:39:13 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012-12-14 00:39:13 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2012-12-14 00:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2012-12-14 00:12:55 | 000,000,000 | ---D | C] -- C:\Users\kulas\Desktop\Kaspersky Internet Security 2013 v13.0.0.3370 FINAL + Keys [ThumperDC] [2012-12-13 00:15:57 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012-12-13 00:15:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-12-13 00:15:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-12-13 00:15:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-12-13 00:15:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-12-13 00:15:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-12-13 00:15:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-12-13 00:15:51 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012-12-13 00:15:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012-12-13 00:15:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012-12-13 00:15:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012-12-13 00:15:39 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012-12-13 00:15:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012-12-13 00:15:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012-12-13 00:15:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012-12-13 00:15:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012-12-13 00:15:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012-12-13 00:15:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012-12-13 00:15:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012-12-13 00:15:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012-12-13 00:15:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012-12-13 00:15:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012-12-13 00:15:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012-12-13 00:15:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012-12-13 00:15:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012-12-13 00:15:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012-12-13 00:15:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012-12-13 00:15:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012-12-13 00:15:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012-12-13 00:15:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012-12-13 00:15:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012-12-13 00:15:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012-12-13 00:15:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012-12-13 00:15:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012-12-13 00:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012-12-13 00:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012-12-13 00:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012-12-13 00:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012-12-13 00:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012-12-13 00:15:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012-12-13 00:15:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012-12-13 00:15:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012-12-13 00:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012-12-13 00:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012-12-13 00:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012-12-13 00:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012-12-13 00:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012-12-13 00:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012-12-13 00:15:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012-12-13 00:15:13 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012-12-13 00:15:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012-12-11 06:48:27 | 000,000,000 | ---D | C] -- C:\Users\kulas\Desktop\kot [2012-12-10 21:23:48 | 000,000,000 | ---D | C] -- C:\Users\kulas\Desktop\Fringe.S05E08.720p.HDTV.X264-DIMENSION [PublicHD] [2012-12-10 20:50:15 | 000,000,000 | ---D | C] -- C:\Users\kulas\Desktop\The.Mentalist.S05E10.720p.HDTV.X264-DIMENSION [PublicHD] [2012-12-07 18:15:47 | 000,000,000 | ---D | C] -- C:\Users\kulas\AppData\Local\{BC2EC14A-F961-4FC0-92CD-4074F3FB49AD} [2012-12-06 00:00:04 | 000,000,000 | ---D | C] -- C:\Users\kulas\Desktop\Hawaii.Five-0.2010.S03E09.720p.HDTV.X264-DIMENSION [PublicHD] [2012-11-25 19:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2012-11-25 18:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2012-11-24 16:47:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2012-11-24 16:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2012-11-23 00:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012-11-23 00:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012-11-23 00:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012-11-19 15:03:01 | 000,000,000 | ---D | C] -- C:\Users\kulas\Desktop\2012EHNCJ [2012-11-15 03:10:38 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012-11-15 03:10:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012-11-15 03:01:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012-11-15 03:01:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012-11-15 03:01:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012-11-15 03:01:48 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012-11-15 03:00:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012-11-15 03:00:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012-11-15 03:00:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012-11-15 02:59:24 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012-11-15 02:59:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012-11-15 02:59:23 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012-11-15 02:59:23 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012-11-15 02:59:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012-11-15 02:59:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012-11-15 02:58:23 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012-11-15 02:58:23 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012-11-07 19:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker [2012-11-04 19:15:19 | 000,000,000 | ---D | C] -- C:\Users\kulas\AppData\Local\Apple Computer [2012-10-25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2012-10-25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2012-10-22 08:21:38 | 000,000,000 | ---D | C] -- C:\Users\kulas\Documents\FIFA 13 [2012-10-22 08:18:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012-10-21 10:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012-10-21 09:11:34 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-10-21 09:11:34 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-10-21 09:11:34 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012-10-20 13:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012-10-17 14:57:47 | 000,000,000 | --SD | C] -- C:\Users\kulas\GG dysk [2012-10-17 14:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\GG [2012-10-17 14:54:02 | 000,000,000 | ---D | C] -- C:\Users\kulas\AppData\Roaming\GG [2012-10-17 14:53:59 | 000,000,000 | ---D | C] -- C:\Users\kulas\AppData\Local\GG [2012-10-10 15:04:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012-10-10 15:04:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012-10-10 15:04:00 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012-10-10 15:04:00 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012-10-10 15:03:34 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012-10-10 15:03:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012-10-07 20:57:39 | 000,000,000 | ---D | C] -- C:\Users\kulas\AppData\Roaming\Apple Computer [2012-10-07 17:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012-10-07 17:09:43 | 000,000,000 | ---D | C] -- C:\Users\kulas\AppData\Local\Apple [2012-10-07 17:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012-10-05 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ganymede [2012-09-28 17:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012-09-25 18:46:05 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\kulas\AppData\Local\*.tmp files -> C:\Users\kulas\AppData\Local\*.tmp -> ] [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2012-12-19 22:40:07 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-19 22:32:32 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-12-19 21:50:40 | 000,007,605 | ---- | M] () -- C:\Users\kulas\AppData\Local\Resmon.ResmonCfg [2012-12-19 21:08:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-19 21:08:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-19 16:32:48 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-19 16:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-19 16:31:08 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys [2012-12-16 11:16:56 | 000,000,022 | -HS- | M] () -- C:\Users\kulas\AppData\Roaming\Windows1569_SettingsRepository.bin [2012-12-16 11:16:56 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys [2012-12-16 10:41:35 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-16 10:41:35 | 000,697,912 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-12-16 10:41:35 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-16 10:41:35 | 000,134,990 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-12-16 10:41:35 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-14 17:13:29 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys [2012-12-14 17:13:29 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys [2012-12-14 17:13:29 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys [2012-12-14 17:13:28 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012-12-14 00:43:29 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2012-12-13 03:27:31 | 000,440,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-12-11 19:32:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-12-11 19:32:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-12-10 22:47:50 | 1358,224,376 | ---- | M] () -- C:\Users\kulas\Desktop\Dexter.S07E11.720p.HDTV.x264-EVOLVE.mkv [2012-12-02 23:34:46 | 000,465,605 | ---- | M] () -- C:\Users\kulas\Desktop\turkey_in_the_straw.mp3 [2012-11-26 12:00:33 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkulas.job [2012-11-20 00:13:45 | 619,684,180 | ---- | M] () -- C:\Users\kulas\Desktop\17.Rybnicka.Jesien.Kabaretowa.Ryjek.2012.PL.PDTV.XviD-.rmvb [2012-11-05 22:35:16 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012-11-05 21:41:32 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012-11-05 21:32:16 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012-11-05 21:32:09 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012-11-02 06:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012-11-02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012-10-27 07:26:42 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-10-27 07:24:05 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-10-27 07:23:15 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-10-27 06:51:20 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-10-27 06:49:55 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-10-27 06:49:51 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012-10-27 06:49:02 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-10-25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2012-10-25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2012-10-09 19:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012-10-09 19:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012-10-09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012-10-04 18:46:16 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012-10-04 18:46:15 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012-10-04 18:46:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012-10-04 18:45:55 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012-10-04 18:43:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012-10-04 18:41:16 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012-10-04 18:41:16 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012-10-04 18:38:48 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012-10-04 18:38:48 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012-10-04 18:38:48 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012-10-04 18:38:48 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012-10-04 18:38:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012-10-04 18:38:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012-10-04 18:38:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012-10-04 18:38:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012-10-04 18:38:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012-10-04 17:47:41 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012-10-04 17:40:38 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012-10-04 17:40:37 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012-10-04 17:40:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012-10-04 17:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012-10-04 17:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012-10-04 17:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012-10-04 17:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012-10-04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012-10-04 17:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012-10-04 17:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012-10-04 17:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012-10-04 17:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012-10-04 16:21:55 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012-10-04 15:46:46 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012-10-04 15:46:46 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012-10-04 15:46:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012-10-04 15:46:43 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012-10-04 15:41:50 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012-10-04 15:41:50 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012-10-04 15:41:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012-10-04 15:41:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012-10-03 18:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012-10-03 18:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012-10-03 18:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012-10-03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012-10-03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012-10-03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-09-25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012-09-25 23:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012-09-24 14:32:24 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012-09-24 14:32:20 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012-09-24 14:23:41 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012-09-24 14:23:37 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012-09-24 14:23:26 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\kulas\AppData\Local\*.tmp files -> C:\Users\kulas\AppData\Local\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-12-16 11:16:56 | 000,000,022 | -HS- | C] () -- C:\Users\kulas\AppData\Roaming\Windows1569_SettingsRepository.bin [2012-12-16 11:16:55 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys [2012-12-14 00:45:02 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2012-12-10 21:22:47 | 1358,224,376 | ---- | C] () -- C:\Users\kulas\Desktop\Dexter.S07E11.720p.HDTV.x264-EVOLVE.mkv [2012-12-02 23:34:45 | 000,465,605 | ---- | C] () -- C:\Users\kulas\Desktop\turkey_in_the_straw.mp3 [2012-11-19 23:15:40 | 619,684,180 | ---- | C] () -- C:\Users\kulas\Desktop\17.Rybnicka.Jesien.Kabaretowa.Ryjek.2012.PL.PDTV.XviD-.rmvb [2012-11-15 03:10:41 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-15 03:01:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-10-17 14:54:00 | 000,001,163 | ---- | C] () -- C:\Users\kulas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk [2012-05-31 18:00:20 | 000,000,185 | ---- | C] () -- C:\Windows\pdf2word.INI [2012-05-31 17:37:55 | 000,000,000 | ---- | C] () -- C:\Users\kulas\AppData\Roaming\wklnhst.dat [2011-08-24 18:57:07 | 000,000,000 | ---- | C] () -- C:\Users\kulas\AppData\Local\{EE662C1A-2E57-418C-9A07-12F19D9A875A} [2011-07-26 19:41:47 | 000,000,000 | ---- | C] () -- C:\Users\kulas\AppData\Local\{328B5E8D-0C95-45E6-A950-8A787068D213} [2011-03-26 14:33:03 | 000,001,854 | ---- | C] () -- C:\Users\kulas\AppData\Roaming\GhostObjGAFix.xml [2010-11-27 15:41:41 | 000,044,781 | ---- | C] () -- C:\Users\kulas\AppData\Local\tmpIM000431.0 [2010-11-27 15:41:41 | 000,034,223 | ---- | C] () -- C:\Users\kulas\AppData\Local\tmpIM000431.JPG [2010-05-16 17:57:06 | 000,000,350 | ---- | C] () -- C:\Users\kulas\AppData\Local\postgresinstall.bat [2010-04-21 22:55:54 | 000,000,932 | ---- | C] () -- C:\Users\kulas\desinstart.bat [2010-04-21 22:55:54 | 000,000,647 | ---- | C] () -- C:\Users\kulas\desinst.bat [2010-04-21 22:55:54 | 000,000,599 | ---- | C] () -- C:\Users\kulas\dialogysMPFuser.prf [2010-04-21 22:55:54 | 000,000,183 | ---- | C] () -- C:\Users\kulas\save_uninst.bat [2010-04-21 22:55:54 | 000,000,183 | ---- | C] () -- C:\Users\kulas\dialogysClip.prf [2010-04-21 22:55:54 | 000,000,128 | ---- | C] () -- C:\Users\kulas\dialogysInstall.prf [2010-03-23 16:21:17 | 000,007,605 | ---- | C] () -- C:\Users\kulas\AppData\Local\Resmon.ResmonCfg [2009-12-29 01:31:14 | 000,004,608 | ---- | C] () -- C:\Users\kulas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-09-05 01:03:31 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\BESTplayer [2012-08-25 07:51:39 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\blueconnect [2012-03-08 17:20:42 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\DAEMON Tools Lite [2009-12-20 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\DigitalPersona [2011-07-08 12:16:02 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\facemoods.com [2010-09-04 22:10:22 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\FOG Downloader [2010-01-30 00:06:22 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Gadu-Gadu [2012-03-14 11:47:04 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Gadu-Gadu 10 [2011-03-31 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\GameRanger [2012-10-24 21:42:33 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\GanymedeNet [2012-12-19 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\GG [2011-02-01 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\kikin [2010-11-05 19:09:01 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Leadertech [2010-11-10 22:10:06 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\LolClient [2012-05-24 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\LolClient2 [2010-11-12 14:02:09 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Mateusz [2011-02-02 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Microgaming [2012-10-25 15:00:03 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Might & Magic Heroes VI [2012-04-11 15:04:21 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Nokia [2010-05-03 18:18:35 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\OpenFM [2012-09-11 03:14:28 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Party [2012-04-11 15:04:02 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\PC Suite [2010-11-12 18:09:42 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Program Files (x86) [2012-05-31 17:37:56 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Template [2012-12-14 17:27:35 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\toolplugin [2011-12-27 12:04:17 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\TS3Client [2012-12-19 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\uTorrent [2009-12-29 15:36:20 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\WildTangent [2010-12-18 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\kulas\AppData\Roaming\Windows Live Writer [color=#E56717]========== Purity Check ==========[/color] < End of report >