OTL logfile created on: 2013-01-19 12:02:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adrian\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,19% Memory free 7,99 Gb Paging File | 6,42 Gb Available in Paging File | 80,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 41,70 Gb Free Space | 42,71% Space Free | Partition Type: NTFS Drive D: | 368,01 Gb Total Space | 145,99 Gb Free Space | 39,67% Space Free | Partition Type: NTFS Computer Name: AZEROTH | User Name: Adrian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-01-19 12:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Downloads\OTL.exe PRC - [2012-10-29 20:33:46 | 000,698,752 | ---- | M] (IObit) -- D:\Advanced SystemCare 6\Monitor.exe PRC - [2012-08-18 11:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) -- D:\xampp\apache\bin\httpd.exe PRC - [2012-08-03 12:17:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012-07-20 19:08:04 | 008,186,368 | ---- | M] () -- D:\xampp\mysql\bin\mysqld.exe PRC - [2012-07-03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-07-03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-08-17 08:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- D:\DAEMON Tools Pro\DTShellHlp.exe PRC - [2011-06-08 19:19:24 | 001,583,960 | ---- | M] (IObit) -- D:\Smart Defrag 2\SmartDefrag.exe PRC - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009-09-05 16:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-01-08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll MOD - [2013-01-08 01:06:21 | 012,459,624 | ---- | M] () -- C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll MOD - [2013-01-08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll MOD - [2013-01-08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll MOD - [2013-01-08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll MOD - [2013-01-08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll MOD - [2012-10-30 15:37:26 | 000,348,032 | ---- | M] () -- D:\Advanced SystemCare 6\madexcept_.bpl MOD - [2012-10-30 15:37:24 | 000,050,048 | ---- | M] () -- D:\Advanced SystemCare 6\maddisAsm_.bpl MOD - [2012-10-30 15:37:22 | 000,182,656 | ---- | M] () -- D:\Advanced SystemCare 6\madbasic_.bpl MOD - [2012-04-02 18:24:56 | 000,056,424 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll MOD - [2011-06-16 17:54:28 | 000,047,960 | ---- | M] () -- D:\Smart Defrag 2\NtfsData.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-07-03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2009-10-02 17:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009-03-27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2013-01-09 21:25:40 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-24 19:56:25 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012-12-24 19:56:03 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012-12-24 19:05:38 | 000,541,760 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-10-31 15:52:30 | 000,464,256 | ---- | M] (IObit) [Disabled | Stopped] -- D:\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2012-10-25 17:33:34 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2012-10-25 17:33:14 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-08-18 11:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\xampp\apache\bin\httpd.exe -- (Apache2.4) SRV - [2012-08-08 14:02:26 | 004,868,608 | ---- | M] (Embarcadero Technologies, Inc.) [Disabled | Stopped] -- D:\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe -- (IBS_gds_db) SRV - [2012-08-08 14:02:26 | 000,630,272 | ---- | M] (Embarcadero Technologies, Inc.) [Disabled | Stopped] -- D:\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe -- (IBG_gds_db) SRV - [2012-08-03 12:17:28 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012-07-20 19:08:04 | 008,186,368 | ---- | M] () [Auto | Running] -- D:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2012-07-19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- D:\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2011-10-19 16:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2011-10-08 16:34:24 | 000,820,568 | ---- | M] (IObit) [Disabled | Stopped] -- D:\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2011-08-03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010-03-26 18:34:49 | 003,753,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-09-05 16:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-06-04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-07-03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2012-07-03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2012-07-03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2012-07-03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2012-07-03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2012-07-03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-09-02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2011-09-02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2011-05-14 18:03:55 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011-05-10 10:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-23 15:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-07-14 12:42:56 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2010-07-01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:[b]64bit:[/b] - [2010-03-24 18:18:33 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05) DRV:[b]64bit:[/b] - [2010-03-17 20:44:49 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) DRV:[b]64bit:[/b] - [2010-02-25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:[b]64bit:[/b] - [2009-11-01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:[b]64bit:[/b] - [2009-10-02 22:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2009-09-16 06:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:[b]64bit:[/b] - [2009-09-15 18:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:[b]64bit:[/b] - [2009-08-29 09:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2009-08-29 09:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2009-07-31 03:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv) DRV:[b]64bit:[/b] - [2009-07-21 07:13:12 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim) DRV:[b]64bit:[/b] - [2009-07-21 07:13:10 | 000,025,088 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2009-07-02 02:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:[b]64bit:[/b] - [2009-06-10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:[b]64bit:[/b] - [2009-06-10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-06-04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009-05-24 18:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2009-04-08 05:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2009-04-06 17:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009-03-18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2008-12-26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) DRV - [2012-11-13 21:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- D:\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2012-10-25 17:33:26 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2011-10-08 16:04:08 | 000,020,336 | ---- | M] () [File_System | Disabled | Stopped] -- D:\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2011-09-20 13:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- D:\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2011-09-20 13:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- D:\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2011-03-16 17:59:28 | 000,036,792 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- D:\Protected Folder\pffilter.sys -- (PfFilter) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004-12-31 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{44F7FD15-D175-4848-9836-0DF8F6CEC524}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=ca37d5c4-4219-11e1-97ea-00262d664206&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2938961 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 475174026 IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\URLSearchHook: {14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3} - No CLSID value found IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\URLSearchHook: {ec66d0dc-ad17-4602-af45-ef595565db02} - No CLSID value found IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\SearchScopes,DefaultScope = {8916F8E3-985B-46A2-8E3A-A6C82CAE6BAB} IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\SearchScopes\{8916F8E3-985B-46A2-8E3A-A6C82CAE6BAB}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 98.109.199.166:3128 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adrian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adrian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012-09-14 15:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions [2012-11-17 12:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ekq4aiow.default\extensions [2012-11-17 12:05:05 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ekq4aiow.default\extensions\ascsurfingprotection@iobit.com [2011-11-21 19:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ekq4aiow.default\extensions\foxyproxy@eric.h.jung [2012-11-17 12:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\nsk367lu.Azeroth\extensions [2012-11-17 12:05:05 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\nsk367lu.Azeroth\extensions\ascsurfingprotection@iobit.com [2012-10-28 18:14:55 | 000,348,761 | ---- | M] () (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\nsk367lu.Azeroth\extensions\proxylist@proxylists.me.xpi [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adrian\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Raidcall plugin (Enabled) = C:\Users\Adrian\AppData\Roaming\raidcall\plugins\nprcplugin.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Gmail offline = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\ CHR - Extension: Skype Click to Call = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: Gmail = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-09-04 18:11:12 | 000,000,141 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 72.8.150.50 us.actual.battle.net O1 - Hosts: 72.8.150.50 eu.actual.battle.net O1 - Hosts: 72.8.150.50 enGB.nydus.battle.net O2:[b]64bit:[/b] - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - D:\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {14F6A182-4C6F-45AE-9F5A-AA3CCBB1CFA3} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {14F6A182-4C6F-45AE-9F5A-AA3CCBB1CFA3} - No CLSID value found. O3 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\Toolbar\WebBrowser: (no name) - {14F6A182-4C6F-45AE-9F5A-AA3CCBB1CFA3} - No CLSID value found. O3 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found. O3 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O3 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..\Toolbar\WebBrowser: (no name) - {EC66D0DC-AD17-4602-AF45-EF595565DB02} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Pasek Narzędzi RoboForm - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Personalizuj menu - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Wypełnij Pola - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8:[b]64bit:[/b] - Extra context menu item: Zapisz Pola - Reg Error: Value error. File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Pasek Narzędzi RoboForm - Reg Error: Value error. File not found O8 - Extra context menu item: Personalizuj menu - Reg Error: Value error. File not found O8 - Extra context menu item: Wypełnij Pola - Reg Error: Value error. File not found O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Zapisz Pola - Reg Error: Value error. File not found O9:[b]64bit:[/b] - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:[b]64bit:[/b] - Extra Button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found O9:[b]64bit:[/b] - Extra Button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found O9:[b]64bit:[/b] - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Key error. File not found O9 - Extra Button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - Reg Error: Key error. File not found O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\PrxerNsp.dll () O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll () O15 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-880486109-2065201665-1661478357-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07BDF19A-1DCD-45C1-9CB6-72ABDC4E8AFD}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4227F7A1-4ED3-4833-B5D0-795D04E3EB3B}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4AFCFD0-3D01-4170-AF42-0D934FA55C9D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF9E614F-ED0E-46E5-9637-B4B7699BA2EB}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-12-04 17:43:44 | 000,000,000 | ---D | M] - D:\AutoIt3 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-01-19 12:01:35 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2013-01-18 22:23:56 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\PHP [2013-01-18 17:43:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-01-18 17:43:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-01-18 17:43:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-01-18 17:43:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-01-18 17:43:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-01-18 17:43:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-01-18 17:43:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-01-18 17:43:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-01-18 17:43:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-01-18 17:43:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-01-18 17:43:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-01-18 17:43:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-01-18 17:43:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-01-18 17:43:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-01-18 17:43:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-01-18 17:41:35 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013-01-18 17:41:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013-01-18 17:41:34 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013-01-18 17:41:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013-01-18 17:34:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013-01-18 17:34:13 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2013-01-18 17:28:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013-01-18 17:28:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013-01-18 17:28:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2013-01-18 17:28:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2013-01-18 17:28:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2013-01-18 17:27:51 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013-01-18 17:27:50 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013-01-18 17:27:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013-01-18 17:27:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013-01-18 17:27:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013-01-18 17:27:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-01-18 17:27:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-01-18 17:27:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013-01-18 17:27:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013-01-18 17:27:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-01-18 17:27:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-01-18 17:27:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-01-18 17:27:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013-01-18 17:27:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013-01-18 17:27:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013-01-18 17:27:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013-01-18 17:27:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013-01-18 17:27:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013-01-18 17:27:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013-01-18 17:27:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013-01-18 17:27:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013-01-18 17:27:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-01-18 17:27:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013-01-18 17:27:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013-01-18 17:27:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013-01-18 17:27:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013-01-18 17:27:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-01-18 17:27:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013-01-18 17:27:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013-01-18 17:27:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013-01-18 17:27:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013-01-18 17:27:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013-01-18 17:27:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013-01-18 17:27:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013-01-18 17:27:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013-01-18 17:27:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013-01-18 17:27:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013-01-18 17:27:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013-01-18 17:27:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013-01-18 17:27:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013-01-18 17:27:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013-01-18 17:27:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013-01-18 17:27:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013-01-18 17:27:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013-01-18 17:27:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013-01-18 17:27:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013-01-18 17:27:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013-01-18 17:27:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013-01-18 17:27:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013-01-18 17:27:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-01-18 17:27:24 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013-01-18 17:27:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013-01-18 17:27:23 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013-01-18 17:27:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013-01-18 17:26:54 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-01-18 17:26:52 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-01-18 17:26:51 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-01-18 17:26:50 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2013-01-18 17:26:49 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2013-01-18 17:26:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013-01-18 17:26:48 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013-01-18 17:26:45 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2013-01-18 17:26:45 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2013-01-18 17:26:44 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013-01-18 17:25:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2013-01-18 17:25:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2013-01-18 17:24:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2013-01-18 17:24:55 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2013-01-18 17:24:46 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2013-01-18 17:24:45 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2013-01-18 17:24:11 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-01-18 17:24:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-01-18 17:23:56 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-01-18 17:23:54 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2013-01-18 17:23:54 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013-01-18 17:23:51 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013-01-18 17:23:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013-01-18 17:23:25 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2013-01-18 17:23:21 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013-01-18 17:23:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013-01-18 17:23:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013-01-18 17:23:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013-01-18 17:22:56 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013-01-18 17:22:49 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013-01-18 17:22:49 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013-01-18 17:22:45 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013-01-18 17:22:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013-01-18 17:20:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2013-01-18 17:20:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2013-01-18 16:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits [2013-01-18 16:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013-01-18 15:54:38 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013-01-18 15:54:37 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013-01-18 15:54:37 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013-01-18 15:54:28 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013-01-18 15:54:28 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013-01-18 15:54:28 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013-01-18 15:54:18 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013-01-18 15:54:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013-01-16 18:03:57 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2013-01-14 18:37:53 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\Code Blocks Projects [2013-01-11 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\SFML-1.6 [2013-01-11 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks [2013-01-11 19:43:23 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Subversion [2013-01-10 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\SmartBear [2013-01-10 22:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartBear [2013-01-10 22:54:46 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Embarcadero [2013-01-10 22:54:46 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\DevJET [2013-01-10 22:54:34 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\SmartBear [2013-01-10 22:53:41 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\RAD Studio [2013-01-10 22:53:38 | 000,512,040 | ---- | C] (Raize Software, Inc.) -- C:\Windows\SysWow64\CodeSiteExpressPkg170.bpl [2013-01-10 22:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Raize [2013-01-10 22:53:35 | 000,142,872 | ---- | C] (Raize Software, Inc.) -- C:\Windows\SysWow64\CodeSitePlugIns160.bpl [2013-01-10 22:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartBear [2013-01-10 22:34:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E473A10A-1C41-44C1-B1B4-60C8044FEECE} [2013-01-10 22:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DevJET Documentation Insight Express [2013-01-10 22:33:33 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FastReports [2013-01-10 22:29:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BC3F30D8-A3F0-4B5E-808B-7525641F215D} [2013-01-10 22:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero InterBase XE3 64 [instance = gds_db] [2013-01-10 22:28:35 | 001,294,336 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\gds32.dll [2013-01-10 22:28:28 | 000,028,672 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\ibxml64.dll [2013-01-10 22:28:23 | 001,805,312 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\ibclient64.dll [2013-01-10 22:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Embarcadero [2013-01-10 22:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CodeGear Shared [2013-01-10 22:15:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RAD Studio XE3 [2013-01-10 22:15:07 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Embarcadero [2013-01-10 22:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Embarcadero [2013-01-10 22:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared [2013-01-10 21:34:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4C1A27DF-1043-4893-9757-DE2CE28C3D82} [2013-01-10 21:32:56 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\PackageAware [2013-01-08 20:37:47 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Ichigo [2013-01-08 17:46:02 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\Mikogo4 [2013-01-07 16:26:00 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\QtProject [2013-01-06 18:58:02 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt Creator [2013-01-05 18:42:25 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\samp [2013-01-05 18:39:24 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Txtworkshop [2013-01-05 17:10:34 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Nowy folder [2013-01-04 23:22:52 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\GHISLER [2013-01-03 18:19:06 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Nowy folder (2) [2013-01-01 12:29:44 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\MineCraft [2013-01-01 12:25:39 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Server MC [2013-01-01 01:05:16 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\saf [2012-12-31 22:50:08 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Eclipse [2012-12-31 22:49:49 | 000,000,000 | ---D | C] -- C:\Users\Adrian\workspace [2012-12-31 22:49:15 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012-12-31 22:49:15 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012-12-31 22:49:07 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012-12-31 22:49:07 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012-12-31 22:49:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012-12-28 19:05:28 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Chromium [2012-12-27 14:41:41 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Programs [2012-12-27 14:37:37 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Gameforge4d [2012-12-27 14:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live [2012-12-24 19:58:35 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Creative [2012-12-24 19:54:16 | 000,042,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\AddCat.exe [2012-12-24 19:54:16 | 000,010,752 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\XENDefE.exe [2012-12-24 19:53:18 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative [2012-12-24 19:53:18 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Creative [2012-12-24 19:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2012-12-24 19:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs [2012-12-24 19:40:06 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012-12-24 19:40:06 | 000,123,480 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012-12-24 19:40:05 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012-12-24 19:40:05 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012-12-24 19:40:02 | 002,906,586 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll [2012-12-24 19:40:02 | 001,944,064 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll [2012-12-24 19:39:58 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscomct2.ocx [2012-12-24 19:39:58 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe [2012-12-24 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared [2012-12-24 19:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2012-12-24 19:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2012-12-24 19:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2011-12-17 16:30:20 | 000,087,552 | ---- | C] (Microsoft) -- C:\Users\Adrian\AppData\Roaming\ShareCash Downloader v2.0.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-01-19 12:08:08 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-880486109-2065201665-1661478357-1000UA.job [2013-01-19 12:06:42 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-19 12:06:42 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-19 11:58:08 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-01-19 11:56:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-19 11:56:21 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys [2013-01-18 22:38:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-01-18 22:25:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-01-18 18:23:20 | 004,881,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-01-18 18:07:28 | 001,639,550 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-01-18 18:07:28 | 000,738,192 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-01-18 18:07:28 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-01-18 18:07:28 | 000,154,848 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-01-18 18:07:28 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-01-18 18:07:08 | 001,639,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-01-18 15:33:38 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2013-01-18 15:33:38 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2013-01-17 16:44:33 | 000,001,120 | ---- | M] () -- C:\Users\Adrian\Desktop\baza.sql [2013-01-17 15:08:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-880486109-2065201665-1661478357-1000Core.job [2013-01-16 21:13:14 | 000,000,512 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013-01-16 18:03:57 | 000,000,548 | ---- | M] () -- C:\Users\Adrian\Desktop\XAMPP Control Panel.lnk [2013-01-12 20:57:36 | 003,932,226 | ---- | M] () -- C:\Users\Adrian\Desktop\arma2oa 2013-01-12 20-21-08-39.bmp [2013-01-10 22:28:55 | 000,017,535 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\services [2013-01-09 21:25:40 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-01-09 21:25:40 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-01-02 15:12:27 | 000,000,492 | ---- | M] () -- C:\Users\Adrian\Desktop\AQQ.lnk [2013-01-01 14:54:48 | 000,000,416 | ---- | M] () -- C:\Users\Adrian\Desktop\WitherRider.jar [2012-12-31 22:49:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012-12-31 22:49:00 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012-12-31 22:49:00 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012-12-31 22:49:00 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012-12-31 22:48:59 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012-12-31 22:48:59 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012-12-25 20:56:31 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2012-12-25 20:56:30 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2012-12-24 19:56:33 | 000,000,342 | RH-- | M] () -- C:\Windows\ctfile.rfc [2012-12-24 19:56:26 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012-12-24 19:56:26 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012-12-24 19:56:26 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012-12-24 19:56:26 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-01-17 15:08:48 | 000,001,120 | ---- | C] () -- C:\Users\Adrian\Desktop\baza.sql [2013-01-16 18:03:57 | 000,000,548 | ---- | C] () -- C:\Users\Adrian\Desktop\XAMPP Control Panel.lnk [2013-01-12 20:56:30 | 003,932,226 | ---- | C] () -- C:\Users\Adrian\Desktop\arma2oa 2013-01-12 20-21-08-39.bmp [2013-01-06 18:29:17 | 000,000,545 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Esenthel Editor.lnk [2013-01-01 12:24:29 | 000,000,416 | ---- | C] () -- C:\Users\Adrian\Desktop\WitherRider.jar [2012-12-24 19:54:16 | 000,011,084 | ---- | C] () -- C:\Windows\XENAPO64.ssc [2012-12-24 19:54:16 | 000,006,737 | ---- | C] () -- C:\Windows\XENCFX64.ssc [2012-12-24 19:54:16 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini [2012-12-24 19:54:16 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini [2012-12-24 19:40:13 | 000,032,434 | ---- | C] () -- C:\Windows\SysNative\xfiXEN.ini [2012-12-24 19:40:11 | 000,325,120 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2012-12-24 19:40:11 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012-12-24 19:40:11 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2012-12-24 19:40:11 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012-12-24 19:40:11 | 000,000,342 | RH-- | C] () -- C:\Windows\ctfile.rfc [2012-12-24 19:39:55 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd [2012-12-07 21:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012-11-16 20:43:43 | 000,000,155 | ---- | C] () -- C:\Users\Adrian\.qt-license [2012-10-25 18:09:50 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll [2012-09-20 15:53:41 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2012-09-20 15:47:09 | 001,032,657 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll [2012-05-08 20:16:36 | 000,000,045 | ---- | C] () -- C:\Users\Adrian\jagex_cl_runescape_LIVE.dat [2012-02-11 02:05:00 | 000,035,483 | ---- | C] () -- C:\Users\Adrian\1.dat [2011-12-17 16:30:20 | 000,313,856 | ---- | C] () -- C:\ProgramData\Update 9-16-11.exe [2011-11-07 15:49:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011-11-07 15:49:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-11-07 15:49:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-11-07 15:49:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-11-07 15:49:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-05-25 16:35:18 | 000,000,694 | ---- | C] () -- C:\Users\Adrian\SciTE.session [2011-05-25 16:19:05 | 000,030,896 | ---- | C] () -- C:\Users\Adrian\abbrev.properties [2011-04-09 11:23:37 | 000,000,117 | ---- | C] () -- C:\Users\Adrian\jagex_runescape_preferences2.dat [2011-04-09 11:21:06 | 000,000,034 | ---- | C] () -- C:\Users\Adrian\jagex_runescape_preferences.dat [2011-02-09 19:30:42 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-02-09 19:30:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-02-09 19:30:35 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010-04-03 08:39:17 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2010-03-18 17:26:02 | 000,008,192 | ---- | C] () -- C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2010-11-20 14:28:37 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{9a17a1c0-7f27-534e-ef90-cea883d393a8}\@ [2010-11-20 14:28:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{9a17a1c0-7f27-534e-ef90-cea883d393a8}\L [2010-11-20 14:28:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{9a17a1c0-7f27-534e-ef90-cea883d393a8}\U [2010-11-20 14:28:37 | 000,002,048 | -HS- | M] () -- C:\Users\Adrian\AppData\Local\{9a17a1c0-7f27-534e-ef90-cea883d393a8}\@ [2010-11-20 14:28:37 | 000,000,000 | -HSD | M] -- C:\Users\Adrian\AppData\Local\{9a17a1c0-7f27-534e-ef90-cea883d393a8}\L [2010-11-20 14:28:37 | 000,000,000 | -HSD | M] -- C:\Users\Adrian\AppData\Local\{9a17a1c0-7f27-534e-ef90-cea883d393a8}\U [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = \\.\globalroot\systemroot\Installer\{9a17a1c0-7f27-534e-ef90-cea883d393a8}\n. "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-01-01 12:38:43 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\.minecraft [2012-09-02 21:35:12 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Avnex [2013-01-13 15:50:18 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Azureus [2011-03-25 20:23:17 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\BESTplayer [2012-04-01 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\C__Users_Adrian_AppData_Local_Temp_Rar$EXa0.010_SuperHideIP.exe [2012-03-29 19:38:33 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DAEMON Tools Lite [2012-10-16 14:02:31 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DAEMON Tools Pro [2012-12-15 22:42:24 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\dclogs [2013-01-10 22:54:46 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DevJET [2011-12-15 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Digital_Paper_Products,_I [2010-09-12 16:23:53 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DJJava [2012-08-15 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DKR [2012-12-24 19:50:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Dropbox [2013-01-10 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Embarcadero [2012-10-13 17:53:04 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\EurekaLog [2011-01-01 19:00:48 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Gadu-Gadu [2010-03-18 10:13:37 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Gadu-Gadu 10 [2011-11-21 19:28:33 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\GameRanger [2012-12-02 13:40:11 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\GHISLER [2011-06-22 08:55:19 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\go [2011-03-05 21:23:26 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\HyperLobby [2012-11-17 12:04:36 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\IObit [2012-08-16 10:23:51 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Leadertech [2011-08-24 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\LolClient [2012-05-24 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\LolClient2 [2010-09-09 11:19:46 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\marcinc [2011-08-30 10:31:02 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Mount&Blade With Fire and Sword [2012-07-19 13:35:18 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\MySQL [2011-08-06 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Notepad++ [2011-10-01 20:33:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Proxifier [2011-09-10 11:25:17 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\PunkBuster [2013-01-10 21:26:18 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\QtProject [2012-09-20 15:12:36 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\raidcall [2012-11-17 15:48:25 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Resource Tuner [2011-10-02 14:28:00 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\RoboForm [2012-06-06 17:14:14 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\runic games [2012-09-05 14:32:59 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Screaming Bee [2012-08-01 10:59:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\six-zsync [2013-01-10 22:54:56 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\SmartBear [2010-03-28 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Soldat [2011-09-27 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013-01-11 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Subversion [2012-03-22 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\SuperHideIP [2012-06-06 17:16:26 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Three Rings Design [2012-09-20 16:06:48 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Tibia [2012-12-06 19:11:30 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\TS3Client [2011-11-05 12:01:25 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\ts3overlay [2012-09-09 16:50:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Tunngle [2012-02-02 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Ubisoft [2010-07-27 18:54:23 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Uniblue [2012-01-15 10:00:28 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\wargaming.net [2012-01-02 21:11:21 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\yess [2012-12-16 10:43:35 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit [2012-12-16 10:43:35 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-05-21 16:09:11 | 000,000,000 | --SD | M](C:\Users\Adrian\Documents\??? ???-????) -- C:\Users\Adrian\Documents\Мои веб-узлы [2010-05-21 16:09:11 | 000,000,000 | --SD | C](C:\Users\Adrian\Documents\??? ???-????) -- C:\Users\Adrian\Documents\Мои веб-узлы [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 269 bytes -> C:\ProgramData\TEMP:6BE50C2B < End of report >