OTL logfile created on: 2013-02-08 01:20:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\adame\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 31,31% Memory free 4,00 Gb Paging File | 2,01 Gb Available in Paging File | 50,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 24,41 Gb Total Space | 4,62 Gb Free Space | 18,91% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 9,17 Gb Free Space | 9,39% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 93,17 Gb Free Space | 95,41% Space Free | Partition Type: NTFS Drive F: | 142,99 Gb Total Space | 127,21 Gb Free Space | 88,97% Space Free | Partition Type: NTFS Computer Name: G7 | User Name: adame | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-02-08 01:02:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\adame\Downloads\OTL.exe PRC - [2013-01-26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012-12-12 17:22:34 | 000,114,688 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\PLAY ONLINE.exe PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\PROGRAM FILES\AVAST\AvastUI.exe PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\PROGRAM FILES\AVAST\AvastSvc.exe PRC - [2011-01-17 17:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011-01-17 17:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010-11-16 14:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010-07-09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009-12-21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- D:\PROGRAM FILES\Acrobat\acrotray.exe PRC - [2009-04-14 21:28:46 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\adame\AppData\Roaming\PLAY ONLINE\ouc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-02-06 02:26:36 | 012,459,888 | ---- | M] () -- C:\Users\adame\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll MOD - [2013-01-26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll MOD - [2013-01-26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll MOD - [2013-01-26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll MOD - [2013-01-26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll MOD - [2013-01-26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll MOD - [2012-12-12 17:22:34 | 000,114,688 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\PLAY ONLINE.exe MOD - [2012-06-23 11:08:10 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009-12-10 11:52:38 | 000,192,512 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\DeviceMgrUIPlugin.dll MOD - [2009-12-10 11:51:36 | 000,114,688 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\DeviceMgrPlugin.dll MOD - [2009-12-10 11:40:20 | 000,991,232 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\NDISAPI.dll MOD - [2009-10-13 09:28:42 | 000,159,744 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\SMSPlugin.dll MOD - [2009-10-13 09:28:42 | 000,061,440 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\XCodec.dll MOD - [2009-10-13 09:28:40 | 000,557,056 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\atcomm.dll MOD - [2009-10-13 09:28:40 | 000,155,648 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\DetectDev.dll MOD - [2009-10-13 09:28:40 | 000,139,264 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\LocaleMgrPlugin.dll MOD - [2009-10-13 09:28:40 | 000,090,112 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\FileManager.dll MOD - [2009-10-13 09:28:40 | 000,090,112 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\DialUpPlugin.dll MOD - [2009-10-13 09:28:40 | 000,061,440 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\DeviceOperate.dll MOD - [2009-10-13 09:28:40 | 000,057,344 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\ConfigFilePlugin.dll MOD - [2009-10-13 09:28:40 | 000,032,768 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\NotifyServicePlugin.dll MOD - [2009-10-13 09:28:40 | 000,014,848 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\isaputrace.dll MOD - [2009-09-19 11:21:06 | 000,139,264 | ---- | M] () -- D:\PROGRAM FILES\PLAY ONLINE\NetInfoPlugin.dll MOD - [2009-02-27 18:01:34 | 000,019,968 | ---- | M] () -- D:\PROGRAM FILES\Acrobat\AcroTray.POL [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\PROGRAM FILES\AVAST\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-06-09 21:22:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-11-16 14:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010-07-09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-03-26 12:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2012-10-15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-06-13 13:06:10 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:[b]64bit:[/b] - [2011-05-17 14:48:22 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:[b]64bit:[/b] - [2011-05-17 14:48:22 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2010-11-04 17:52:46 | 000,093,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2010-10-09 14:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2010-09-26 18:01:46 | 000,029,184 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2010-09-26 18:01:44 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV:[b]64bit:[/b] - [2010-08-31 18:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:[b]64bit:[/b] - [2010-08-07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2010-07-27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-02-13 10:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:[b]64bit:[/b] - [2007-02-22 09:19:08 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64) DRV:[b]64bit:[/b] - [2007-02-22 09:18:14 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcmx64.sys -- (nmwcdcmx64) DRV:[b]64bit:[/b] - [2007-02-22 09:18:14 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcjx64.sys -- (nmwcdcjx64) DRV:[b]64bit:[/b] - [2007-02-22 09:18:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcx64.sys -- (nmwcdcx64) DRV - [2011-06-13 13:06:10 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2011-05-17 14:48:22 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2011-05-17 14:48:22 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2010-10-22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4) DRV - [2010-05-10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2927798398-1773916216-1096510784-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2927798398-1773916216-1096510784-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2927798398-1773916216-1096510784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\PROGRAM FILES\Acrobat\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\adame\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Users\adame\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: avast! WebRep = C:\Users\adame\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Gmail = C:\Users\adame\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\PROGRAM FILES\AVAST\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\PROGRAM FILES\AVAST\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\PROGRAM FILES\AVAST\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\PROGRAM FILES\AVAST\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-2927798398-1773916216-1096510784-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\PROGRAM FILES\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\PROGRAM FILES\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] D:\PROGRAM FILES\AVAST\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe File not found O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] "D:\PROGRAM FILES\Winamp\winampa.exe" File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2927798398-1773916216-1096510784-1000..\Run: [HW_OPENEYE_OUC_PLAY ONLINE] D:\PROGRAM FILES\PLAY ONLINE\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKU\S-1-5-21-2927798398-1773916216-1096510784-1000..\Run: [uTorrent] "D:\PROGRAM FILES\torrr\uTorrent.exe" /MINIMIZED File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\adame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Dołącz do istniejącego pliku PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Dołącz obiekt docelowy łącza do istniejącego pliku PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Konwertuj do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Konwertuj obiekt docelowy łącza na plik Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Dołącz do istniejącego pliku PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Dołącz obiekt docelowy łącza do istniejącego pliku PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konwertuj do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konwertuj obiekt docelowy łącza na plik Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-01-12 17:29:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{011d819f-2bfc-11e2-8989-001e101f2500}\Shell - "" = AutoRun O33 - MountPoints2\{011d819f-2bfc-11e2-8989-001e101f2500}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{166a6539-b261-11e1-bb70-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{166a6539-b261-11e1-bb70-002421aa911d}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{16ea9a97-451f-11e2-95b6-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{16ea9a97-451f-11e2-95b6-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{28266752-4462-11e2-bbbe-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{28266752-4462-11e2-bbbe-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{282667b9-4462-11e2-bbbe-001e101f3315}\Shell - "" = AutoRun O33 - MountPoints2\{282667b9-4462-11e2-bbbe-001e101f3315}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{4a453556-e9e6-11e1-b0d7-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{4a453556-e9e6-11e1-b0d7-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{53c3c8cf-e0db-11e1-b3f9-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{53c3c8cf-e0db-11e1-b3f9-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{53c3c8d8-e0db-11e1-b3f9-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{53c3c8d8-e0db-11e1-b3f9-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{5813954d-4327-11e2-a3a4-001e101fa1f5}\Shell - "" = AutoRun O33 - MountPoints2\{5813954d-4327-11e2-a3a4-001e101fa1f5}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{58139561-4327-11e2-a3a4-001e101fa1f5}\Shell - "" = AutoRun O33 - MountPoints2\{58139561-4327-11e2-a3a4-001e101fa1f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{59dd2ab5-b20c-11e1-9630-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{59dd2ab5-b20c-11e1-9630-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{59dd2ac1-b20c-11e1-9630-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{59dd2ac1-b20c-11e1-9630-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{64b2c338-42ac-11e2-ad75-001e101f4da1}\Shell - "" = AutoRun O33 - MountPoints2\{64b2c338-42ac-11e2-ad75-001e101f4da1}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a4da0a11-0e4b-11e2-9463-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{a4da0a11-0e4b-11e2-9463-001e101f9843}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{ab2a712f-e82a-11e1-86da-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{ab2a712f-e82a-11e1-86da-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{ab2a7134-e82a-11e1-86da-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{ab2a7134-e82a-11e1-86da-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{cba22b0a-ee1f-11e1-94c9-001e101f2b52}\Shell - "" = AutoRun O33 - MountPoints2\{cba22b0a-ee1f-11e1-94c9-001e101f2b52}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{eb2315e7-eaf6-11e1-962b-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{eb2315e7-eaf6-11e1-962b-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{fbf2e26d-4398-11e2-946f-002421aa911d}\Shell - "" = AutoRun O33 - MountPoints2\{fbf2e26d-4398-11e2-946f-002421aa911d}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-01-22 12:33:41 | 000,000,000 | ---D | C] -- C:\Users\adame\AppData\Roaming\Corel [2013-01-22 12:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2013-01-22 12:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013-01-22 12:30:51 | 000,000,000 | ---D | C] -- C:\Windows\Corel [2013-01-22 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 11 [2013-01-22 12:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2013-01-15 16:38:59 | 000,000,000 | ---D | C] -- C:\Users\adame\Desktop\bb [2009-02-13 10:02:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\devcon_amd64.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-02-08 00:58:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-02-08 00:48:22 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-02-08 00:48:22 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-02-08 00:46:35 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-02-08 00:46:35 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-02-08 00:46:35 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-02-08 00:46:35 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-02-08 00:46:35 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-02-08 00:40:52 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-02-08 00:40:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-02-08 00:40:23 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys [2013-02-06 00:29:09 | 004,047,386 | ---- | M] () -- C:\Users\adame\Desktop\lightning.gif [2013-02-06 00:29:00 | 003,326,542 | ---- | M] () -- C:\Users\adame\Desktop\beam.gif [2013-02-06 00:28:40 | 002,440,451 | ---- | M] () -- C:\Users\adame\Desktop\water.gif [2013-02-06 00:28:23 | 001,965,296 | ---- | M] () -- C:\Users\adame\Desktop\wind.gif [2013-02-06 00:28:10 | 000,186,722 | ---- | M] () -- C:\Users\adame\Desktop\c0a4b00d26d19e8926a0505d4f8bf9e9.jpg [2013-02-06 00:28:02 | 000,255,966 | ---- | M] () -- C:\Users\adame\Desktop\60cd153485a62cdfb3122fa5195ae5dd.jpg [2013-01-29 18:27:23 | 000,077,138 | ---- | M] () -- C:\Users\adame\Desktop\yoga pierniki.jpg [2013-01-28 16:23:22 | 004,448,354 | ---- | M] () -- C:\Users\adame\Desktop\IK_obrot_nieruchomosciami_2011.pdf [2013-01-28 16:23:09 | 000,545,452 | ---- | M] () -- C:\Users\adame\Desktop\IK_infrastruktura_komunalna_2011.pdf [2013-01-22 17:18:42 | 004,879,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-02-06 00:29:09 | 004,047,386 | ---- | C] () -- C:\Users\adame\Desktop\lightning.gif [2013-02-06 00:28:59 | 003,326,542 | ---- | C] () -- C:\Users\adame\Desktop\beam.gif [2013-02-06 00:28:40 | 002,440,451 | ---- | C] () -- C:\Users\adame\Desktop\water.gif [2013-02-06 00:28:23 | 001,965,296 | ---- | C] () -- C:\Users\adame\Desktop\wind.gif [2013-02-06 00:28:10 | 000,186,722 | ---- | C] () -- C:\Users\adame\Desktop\c0a4b00d26d19e8926a0505d4f8bf9e9.jpg [2013-02-06 00:28:02 | 000,255,966 | ---- | C] () -- C:\Users\adame\Desktop\60cd153485a62cdfb3122fa5195ae5dd.jpg [2013-01-29 18:31:11 | 000,077,138 | ---- | C] () -- C:\Users\adame\Desktop\yoga pierniki.jpg [2013-01-28 16:23:19 | 004,448,354 | ---- | C] () -- C:\Users\adame\Desktop\IK_obrot_nieruchomosciami_2011.pdf [2013-01-28 16:23:04 | 000,545,452 | ---- | C] () -- C:\Users\adame\Desktop\IK_infrastruktura_komunalna_2011.pdf [2013-01-27 00:41:20 | 006,444,049 | ---- | C] () -- C:\Users\adame\Desktop\HIPPO JUNGLE SONG.mp4 [2012-11-19 15:04:47 | 005,746,780 | ---- | C] ( ) -- C:\Windows\SysWow64\RTKISDBT.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-08-27 11:42:00 | 000,000,000 | ---D | M] -- C:\Users\adame\AppData\Roaming\iPlus [2012-06-09 17:34:54 | 000,000,000 | ---D | M] -- C:\Users\adame\AppData\Roaming\Nokia [2012-07-04 17:00:44 | 000,000,000 | ---D | M] -- C:\Users\adame\AppData\Roaming\OpenOffice.org [2012-06-09 17:45:56 | 000,000,000 | ---D | M] -- C:\Users\adame\AppData\Roaming\PC Suite [2012-06-23 20:58:04 | 000,000,000 | ---D | M] -- C:\Users\adame\AppData\Roaming\PLAY ONLINE [2012-08-27 11:39:58 | 000,000,000 | ---D | M] -- C:\Users\adame\AppData\Roaming\uTorrent [2012-12-11 01:17:55 | 000,000,000 | ---D | M] -- C:\Users\adame\AppData\Roaming\Western Digital [2012-06-09 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\nadijah\AppData\Roaming\PC Suite [2012-06-11 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\nadijah\AppData\Roaming\PLAY ONLINE [2012-06-23 11:20:48 | 000,000,000 | ---D | M] -- C:\Users\nadijah\AppData\Roaming\Western Digital [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0CE7F3C9 < End of report >