klimek1313 utworzono 8 sierpnia 2010 utworzono 8 sierpnia 2010 witam, Microsoft Security Essential wykryl dwa wirusy: jmcierk.dll i piynalz.dll. Nie potrafi ich jednak wyrzucic. Recznie tez sie nie da: pierwszy nie pozwala, a drugiego nie widze (oba maja byc w Windows/system32/). Czym je potraktowac? Prosze o porade. Dzieki
kokoxxr komentarz 8 sierpnia 2010 komentarz 8 sierpnia 2010 to dodaj je do kwarantanny,jak sie nie da to znaczy że system z nich aktualnie korzysta
Sohei komentarz 8 sierpnia 2010 komentarz 8 sierpnia 2010 Wrzuć logi z programów: [url=http://oldtimer.geekstogo.com/OTL.exe][b][color=blue]OTL[/color][/b][/url] Ustaw [b]Processes[/b] i [b]Modules[/b] na [b]All[/b] a w [b]Custom Scans/Fixes[/b] wklej: [quote]netsvcs msconfig safebootminimal safebootnetwork %systemdrive%\*.*[/quote] [url=http://images.malwareremoval.com/random/RSIT.exe][b][color=blue]RSIT[/color][/b][/url] [url=http://www.gmer.net/][b][color=blue]Gmer[/color][/b][/url] GMER, zakładka Rootkit/Malware, klikasz Szukaj, po skanie Kopiuj lub Zapisz. 1
klimek1313 komentarz 9 sierpnia 2010 Autor komentarz 9 sierpnia 2010 to niby trojan Boaxxe. ponizej logi: gmer: [log] GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-09 16:12:38 Windows 5.1.2600 Service Pack 3 Running: 923f7zkn.exe; Driver: C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\kwdoypoc.sys ---- System - GMER 1.0.15 ---- SSDT spfj.sys ZwCreateKey [0xB9EB50E0] SSDT spfj.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spfj.sys ZwEnumerateValueKey [0xB9ECE132] SSDT spfj.sys ZwOpenKey [0xB9EB50C0] SSDT spfj.sys ZwQueryKey [0xB9ECE20A] SSDT spfj.sys ZwQueryValueKey [0xB9ECE08A] SSDT spfj.sys ZwSetValueKey [0xB9ECE29C] INT 0x62 ? 8A709BF8 INT 0x63 ? 8A513BF8 INT 0x82 ? 8A709BF8 INT 0x83 ? 8A513BF8 INT 0xA4 ? 8A513BF8 INT 0xB4 ? 8A709BF8 INT 0xB4 ? 8A709BF8 INT 0xB4 ? 8A513BF8 INT 0xB4 ? 8A709BF8 ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ObReferenceObjectByHandle + 44F 805BB8D1 7 Bytes JMP 8A702150 ? spfj.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload B94038AC 5 Bytes JMP 8A5131D8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spfj.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spfj.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spfj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spfj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spfj.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spfj.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A7081F8 Device \FileSystem\Fastfat \FatCdrom 8A429500 Device \Driver\usbuhci \Device\USBPDO-0 8A5121F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A69A1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A69A1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A69A1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A69A1F8 Device \Driver\usbuhci \Device\USBPDO-1 8A5121F8 Device \Driver\usbuhci \Device\USBPDO-2 8A5121F8 Device \Driver\usbuhci \Device\USBPDO-3 8A5121F8 Device \Driver\usbehci \Device\USBPDO-4 8A4421F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A70A1F8 Device \Driver\Cdrom \Device\CdRom0 8A4E61F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-e [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 89EF8500 Device \Driver\NetBT \Device\NetbiosSmb 89EF8500 Device \Driver\NetBT \Device\NetBT_Tcpip_{F01DD29E-94AB-4740-9BB0-07C7D340029B} 89EF8500 Device \Driver\usbuhci \Device\USBFDO-0 8A5121F8 Device \Driver\usbuhci \Device\USBFDO-1 8A5121F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89E331F8 Device \Driver\usbuhci \Device\USBFDO-2 8A5121F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89E331F8 Device \Driver\usbuhci \Device\USBFDO-3 8A5121F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{150DAD60-EFBC-4DEE-B58F-817660D399BD} 89EF8500 Device \Driver\usbehci \Device\USBFDO-4 8A4421F8 Device \Driver\Ftdisk \Device\FtControl 8A70A1F8 Device \FileSystem\Fastfat \Fat 8A429500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 89DAC500 ---- EOF - GMER 1.0.15 ---- [/log] [log] OTL logfile created on: 08/08/2010 22:25:47 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 35.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): C:\pagefile.sys 1905 1905 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 49.15 Gb Free Space | 65.96% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 48.83 Gb Total Space | 32.76 Gb Free Space | 67.10% Space Free | Partition Type: NTFS Drive J: | 48.83 Gb Total Space | 32.76 Gb Free Space | 67.10% Space Free | Partition Type: NTFS Computer Name: BRIDGEPC_FORC Current User Name: Bridge Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010/07/29 11:51:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System\OTL.exe PRC - [2010/06/15 15:05:58 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010/06/15 15:04:28 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010/05/13 17:12:40 | 026,192,168 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Microsoft Connection\Phone\miccon.exe PRC - [2010/04/17 01:26:28 | 010,355,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE PRC - [2010/01/16 05:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/11/27 08:43:12 | 000,608,256 | ---- | M] (Haseeb Ahmed) -- C:\Program Files\MSE Update Utility\MSE Update Utility.exe PRC - [2009/09/13 19:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/08/06 20:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009/07/12 10:21:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Seagull\STA33\DbamSQLAgent.exe PRC - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009/03/09 06:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009/02/05 23:56:14 | 000,117,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/10/20 15:00:46 | 000,329,216 | ---- | M] (UK Hydrographic Office and Chersoft Ltd) -- C:\Program Files\Common Files\CherSoft\TTService\TTService.exe PRC - [2008/05/06 10:09:26 | 000,020,480 | ---- | M] () -- C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe PRC - [2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008/04/14 02:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008/04/14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [BTHSVCS] PRC - [2008/04/14 02:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe PRC - [2008/04/14 02:12:33 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008/04/14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008/04/14 02:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008/04/14 02:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007/01/04 23:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2007/01/04 23:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2005/10/14 17:51:40 | 014,864,384 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2005/09/20 10:36:20 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2005/09/20 10:32:24 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010/07/29 11:51:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System\OTL.exe MOD - [2010/05/04 19:20:39 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2010/05/04 19:20:36 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009/12/08 11:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009/06/25 10:25:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009/04/15 16:51:25 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009/03/21 16:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009/02/09 14:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009/02/09 14:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008/10/23 14:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008/10/15 18:34:24 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2008/06/17 21:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008/04/14 05:42:06 | 000,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008/04/14 02:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/14 02:12:45 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008/04/14 02:12:08 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008/04/14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008/04/14 02:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008/04/14 02:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008/04/14 02:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008/04/14 02:12:03 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008/04/14 02:12:02 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008/04/14 02:12:02 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008/04/14 02:12:02 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008/04/14 02:12:01 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008/04/14 02:11:58 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008/04/14 02:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008/04/14 02:11:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008/04/14 02:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008/04/14 02:11:51 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008/04/14 02:11:50 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008/04/14 02:11:49 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008/04/14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008/04/14 02:10:06 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe -- (ArcaBit.Core.Configurator) SRV - [2010/07/30 01:59:40 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010/06/15 15:04:28 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/06/15 15:01:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009/07/12 10:21:20 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Seagull\STA33\DbamSQLAgent.exe -- (Sta.Dbam.SqlAgent$SEAGULL2005) Sta Dbam SqlAgent (SEAGULL2005) SRV - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SEAGULL2005) SQL Server (SEAGULL2005) SRV - [2009/02/05 23:56:14 | 000,117,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/10/20 15:00:46 | 000,329,216 | ---- | M] (UK Hydrographic Office and Chersoft Ltd) [Auto | Running] -- C:\Program Files\Common Files\CherSoft\TTService\TTService.exe -- (TTService) SRV - [2008/05/06 10:09:26 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe -- (Sta.Importer.Service) SRV - [2007/01/04 23:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004/08/04 14:00:00 | 000,101,376 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\System32\jmcierk.dll -- (xcpnsabr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- D:\UXDCMN.SYS -- (UXDCMN) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SMCWPCIT.sys -- (SMCWPCIT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2010/07/29 20:54:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/02/25 12:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009/06/18 19:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009/02/05 23:55:12 | 000,031,704 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv) DRV - [2008/12/06 20:01:20 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/01/23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn) DRV - [2007/02/28 08:38:22 | 000,091,008 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm) DRV - [2006/02/20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) DRV - [2006/02/20 18:59:27 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM) DRV - [2005/10/18 13:15:42 | 004,034,048 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/09/24 12:10:24 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SIVX32.SYS -- (SIVDRIVER) DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/08/04 14:00:00 | 000,023,424 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\yflnahwe.sys -- (yflnahwe) DRV - [2004/04/21 17:51:00 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5) DRV - [2000/09/09 17:20:26 | 000,047,328 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\HP DesignJet 500PS\Program\Par1284.sys -- (Par1284) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/09 19:04:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/08 11:44:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/08 11:44:37 | 000,000,000 | ---D | M] [2010/08/08 11:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Extensions [2010/05/03 04:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/08/08 14:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions [2010/08/08 12:07:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/08 14:34:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/08/08 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/12/17 08:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org [2010/01/16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010/01/16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010/01/16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010/01/16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010/01/16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010/01/16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010/08/07 23:10:23 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: () - {FDC9456D-1E39-4363-850A-D67DFECC1351} - C:\WINDOWS\System32\jmcierk.dll () O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [MSE Update Utility] C:\Program Files\MSE Update Utility\MSE Update Utility.exe (Haseeb Ahmed) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - Reg Error: Key error. File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EID90.FORC O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop Components:0 () - http://by127fd.bay127.hotmail.msn.com/cgi-bin/getmsg?&msg=CD22971B-211B-4F7B-8337-C01DBE49780C&start=0&len=615942&curmbox=00000000-0000-0000-0000-000000000001&a=a148a9eb7def75ab0fc6023ae685cf1f74dff6f533ad256dbc488df2f2fc9bad&mimepart=9 O24 - Desktop Components:1 () - http://by127fd.bay127.hotmail.msn.com/cgi-bin/getmsg?&msg=CD22971B-211B-4F7B-8337-C01DBE49780C&start=0&len=615942&curmbox=00000000-0000-0000-0000-000000000001&a=a148a9eb7def75ab0fc6023ae685cf1f74dff6f533ad256dbc488df2f2fc9bad&mimepart=14 O24 - Desktop Components:2 () - http://www.skipsfarts-forum.net/download.php?action=img&iid=18457 O24 - Desktop Components:3 () - file:///C:/DOCUME~1/BRIDGE~1.EID/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg O24 - Desktop Components:4 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/08/01 16:24:48 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{0f6cf4b0-86f3-11db-b5ed-0013208aec27}\Shell\Auto\command - "" = RavMonE.exe e O33 - MountPoints2\{0f6cf4b0-86f3-11db-b5ed-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1270781c-c8a2-11da-b5b7-0013208aec27}\Shell\AutoRun\command - "" = setupSNK.exe O33 - MountPoints2\{2cc55784-04eb-11de-81b2-0013208aec27}\Shell\AutoRun\command - "" = dbrxubcw.com O33 - MountPoints2\{2cc55784-04eb-11de-81b2-0013208aec27}\Shell\open\Command - "" = dbrxubcw.com O33 - MountPoints2\{2cc557d7-04eb-11de-81b2-0013208aec27}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O33 - MountPoints2\{44169f9f-50cd-11de-81eb-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{44169f9f-50cd-11de-81eb-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{44169f9f-50cd-11de-81eb-0013208aec27}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{525607c5-bcf7-11dd-b6ad-0013208aec27}\Shell\AutoRun\command - "" = 1utbfd.bat O33 - MountPoints2\{525607c5-bcf7-11dd-b6ad-0013208aec27}\Shell\open\Command - "" = 1utbfd.bat O33 - MountPoints2\{5265cf4d-9874-11df-8976-0013208aec27}\Shell\AutoRun\command - "" = kasper/kasper32.exe O33 - MountPoints2\{5265cf4d-9874-11df-8976-0013208aec27}\Shell\explore\command - "" = .////////kasper/\\\\\kasper32.exe O33 - MountPoints2\{5265cf4d-9874-11df-8976-0013208aec27}\Shell\open\command - "" = kasper/////////kasper32.exe O33 - MountPoints2\{6c4e67ab-68bf-11de-81f9-0013208aec27}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{73debc77-9af0-11dc-b64f-0013208aec27}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{76cde37c-e956-11dd-b6cc-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{76cde37c-e956-11dd-b6cc-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{76cde37c-e956-11dd-b6cc-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{7e9e5cb7-2a78-11de-81d6-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{7e9e5cb7-2a78-11de-81d6-0013208aec27}\Shell\Auto\command - "" = asp.net O33 - MountPoints2\{7e9e5cb7-2a78-11de-81d6-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7e9e5ccc-2a78-11de-81d6-0013208aec27}\Shell\AutoRun\command - "" = lc.exe O33 - MountPoints2\{7e9e5ccc-2a78-11de-81d6-0013208aec27}\Shell\open\Command - "" = lc.exe O33 - MountPoints2\{911c376b-0bab-11dd-b676-0013208aec27}\Shell\AutoRun\command - "" = 1utbfd.bat O33 - MountPoints2\{911c376b-0bab-11dd-b676-0013208aec27}\Shell\open\Command - "" = 1utbfd.bat O33 - MountPoints2\{9454f1fd-2ef2-11dc-b609-0013208aec27}\Shell\Auto\command - "" = sal.xls.exe O33 - MountPoints2\{9454f1fd-2ef2-11dc-b609-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d254a51-2fcd-11de-81db-0013208aec27}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{9d254a51-2fcd-11de-81db-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d254a70-2fcd-11de-81db-0013208aec27}\Shell\AutoRun\command - "" = E:\driver\usb\usb_driver.exe -- File not found O33 - MountPoints2\{9d254a70-2fcd-11de-81db-0013208aec27}\Shell\open\command - "" = E:\driver\usb\usb_driver.exe -- File not found O33 - MountPoints2\{addfa9a9-a26b-11dc-b650-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{addfa9a9-a26b-11dc-b650-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{addfa9a9-a26b-11dc-b650-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{addfa9d5-a26b-11dc-b650-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{addfa9d5-a26b-11dc-b650-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{addfa9d5-a26b-11dc-b650-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{b188b011-3f38-11dd-b685-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{b188b011-3f38-11dd-b685-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b188b011-3f38-11dd-b685-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{b188b0da-3f38-11dd-b685-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{b188b0da-3f38-11dd-b685-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b188b0da-3f38-11dd-b685-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{b293de47-92a4-11dd-b69a-0013208aec27}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe O33 - MountPoints2\{b875b817-e77b-11db-b5fa-0013208aec27}\Shell\AutoRun\command - "" = G:\1utbfd.bat -- File not found O33 - MountPoints2\{b875b817-e77b-11db-b5fa-0013208aec27}\Shell\open\Command - "" = G:\1utbfd.bat -- File not found O33 - MountPoints2\{bc2d213e-9ce2-11de-822a-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{bc2d213e-9ce2-11de-822a-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bc2d213e-9ce2-11de-822a-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{bfd52835-4fa0-11db-b5dd-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{bfd52835-4fa0-11db-b5dd-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c4f8b1f7-9af7-11db-b5ef-0013208aec27}\Shell\Auto\command - "" = RavMonE.exe e O33 - MountPoints2\{c4f8b1f7-9af7-11db-b5ef-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5f066f2-fe20-11dc-b671-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{c5f066f2-fe20-11dc-b671-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5f066f2-fe20-11dc-b671-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{cd06d8ba-cd82-11dd-b6b7-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{cd06d8ba-cd82-11dd-b6b7-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cd06d8ba-cd82-11dd-b6b7-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{dcf7aa50-9982-11df-8986-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{dcf7aa50-9982-11df-8986-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcf7aa50-9982-11df-8986-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{e1a35834-5881-11dd-b68a-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{e1a35834-5881-11dd-b68a-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e1a35834-5881-11dd-b68a-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{e9d12b2e-207f-11de-81ce-0013208aec27}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{e9d12b2e-207f-11de-81ce-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e9d12b2f-207f-11de-81ce-0013208aec27}\Shell\AutoRun\command - "" = F:\wdsync.exe -- File not found O33 - MountPoints2\{f5acac63-7721-11dd-b691-0013208aec27}\Shell\AutoRun\command - "" = E:\ekugb3.bat -- File not found O33 - MountPoints2\{f5acac63-7721-11dd-b691-0013208aec27}\Shell\explore\Command - "" = E:\ekugb3.bat -- File not found O33 - MountPoints2\{f5acac63-7721-11dd-b691-0013208aec27}\Shell\open\Command - "" = E:\ekugb3.bat -- File not found O33 - MountPoints2\{f6972b72-9b43-11df-899d-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{f6972b72-9b43-11df-899d-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f6972b72-9b43-11df-899d-0013208aec27}\Shell\AutoRun\command - "" = F:\wubi.exe -- File not found O33 - MountPoints2\{f93e3682-a940-11dc-b651-0013208aec27}\Shell\AutOplay\COMmAND - "" = xkhm.pif O33 - MountPoints2\{f93e3682-a940-11dc-b651-0013208aec27}\Shell\AutoRun\command - "" = xkhm.pif O33 - MountPoints2\{f93e3682-a940-11dc-b651-0013208aec27}\Shell\explorE\Command - "" = xkhm.pif O33 - MountPoints2\{f93e3682-a940-11dc-b651-0013208aec27}\Shell\oPen\coMMAnD - "" = xkhm.pif O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: xcpnsabr - C:\WINDOWS\System32\jmcierk.dll () NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found MsConfig - Services: "DefWatch" MsConfig - Services: "Symantec AntiVirus" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe - (Adobe Systems Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\PROGRA~1\MICROS~2\Office\OSA9.EXE - File not found MsConfig - StartUpFolder: C:^Documents and Settings^Bridge.EID90^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\PROGRA~1\LimeWire\LimeWire.exe - File not found MsConfig - StartUpReg: [b]5DR8ZAD8GX[/b] - hkey= - key= - C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\Fgj.exe File not found MsConfig - StartUpReg: [b]beuunog[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\beuunog.exe File not found MsConfig - StartUpReg: [b]ccApp[/b] - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found MsConfig - StartUpReg: [b]DS Clock[/b] - hkey= - key= - C:\Program Files\DS Clock\DSClock.exe File not found MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: [b]jcvex[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\jcvex.exe File not found MsConfig - StartUpReg: [b]KernelFaultCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]laedu[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\laedu.exe File not found MsConfig - StartUpReg: [b]Messenger (Yahoo!)[/b] - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]PDF3 Registry Controller[/b] - hkey= - key= - C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found MsConfig - StartUpReg: [b]roapu[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\roapu.exe File not found MsConfig - StartUpReg: [b]SSBkgdUpdate[/b] - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]swg[/b] - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found MsConfig - StartUpReg: [b]TkBellExe[/b] - hkey= - key= - C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe File not found MsConfig - StartUpReg: [b]toeeqi[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\toeeqi.exe File not found MsConfig - StartUpReg: [b]tuook[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\tuook.exe File not found MsConfig - StartUpReg: [b]vptray[/b] - hkey= - key= - C:\PROGRA~1\SYMANT~1\VPTray.exe File not found MsConfig - StartUpReg: [b]zzzHPSETUP[/b] - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/08/08 22:25:28 | 000,000,000 | ---D | C] -- C:\_OTL [2010/08/08 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\My Documents\Pobieranie [2010/08/08 10:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\New Folder [2010/08/07 17:38:36 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/08/07 14:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\Haseeb_Ahmed [2010/08/07 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSE Update Utility [2010/08/06 11:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/08/05 13:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\DoctorWeb [2010/08/05 00:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities [2010/08/02 10:37:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bridge.EID90\UserData [2010/08/01 16:24:48 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010/07/31 21:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Skype [2010/07/30 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Connection [2010/07/30 01:59:43 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010/07/30 01:59:42 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010/07/30 01:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\TuneUp Software [2010/07/30 01:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010 [2010/07/30 01:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/07/30 01:58:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/07/29 22:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\ImgBurn [2010/07/29 21:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2010/07/29 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images [2010/07/29 20:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\DAEMON Tools Lite [2010/07/29 20:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010/07/29 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/07/29 14:48:44 | 000,000,000 | ---D | C] -- C:\rsit [2010/07/29 09:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/07/29 09:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/07/27 05:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/07/27 05:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/07/26 16:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/26 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/07/18 22:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Moffsoft Calculator 2 [2010/07/15 03:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\Feedreader [2010/07/15 03:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\FeedReader30 [2010/07/14 21:54:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010/07/12 16:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\HSE docs [2006/01/02 15:18:27 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll [2004/11/24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/08/08 22:22:02 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/08/08 22:12:06 | 000,000,486 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Shortcut to tmMaster.exe.lnk [2010/08/08 22:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010/08/08 21:38:36 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/08/08 21:38:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/08/08 20:37:31 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/08 20:37:25 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/08/08 20:37:25 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/08/08 20:28:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/08 20:28:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/08 13:22:56 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2010/08/08 13:22:53 | 018,751,488 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\ntuser.dat [2010/08/08 13:22:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bridge.EID90\ntuser.ini [2010/08/08 11:53:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010/08/08 11:44:41 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/08/08 11:44:41 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/08/08 04:41:21 | 000,000,164 | ---- | M] () -- C:\WINDOWS\infotech.ini [2010/08/08 00:16:17 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\2 shift Muster list _ Rest Hours 2010.xls [2010/08/07 23:10:23 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/08/07 21:42:55 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\MSE Update Utility.lnk [2010/08/07 17:38:47 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/06 11:52:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/08/06 09:51:18 | 000,008,628 | -H-- | M] () -- C:\WINDOWS\System32\zshp1000.GID [2010/08/06 09:00:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Automatyczna konserwacja.job [2010/08/04 23:21:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job [2010/08/01 21:50:20 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\POB.lnk [2010/07/31 15:26:19 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Shortcut to P7300138.JPG.lnk [2010/07/31 12:26:47 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\skk1r7K.dat [2010/07/29 20:54:08 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010/07/29 12:13:50 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk [2010/07/28 22:16:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Start Menu.lnk [2010/07/28 22:16:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Templates.lnk [2010/07/28 22:16:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\UserData.lnk [2010/07/28 22:16:28 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\WINDOWS.lnk [2010/07/28 22:16:28 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\temp.lnk [2010/07/28 22:16:27 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Local Settings.lnk [2010/07/28 22:16:27 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\PrintHood.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Gadu-Gadu.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Favorites.lnk [2010/07/28 22:16:27 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\NetHood.lnk [2010/07/28 22:16:27 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop.lnk [2010/07/28 22:16:27 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\SendTo.lnk [2010/07/28 22:16:27 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Recent.lnk [2010/07/28 22:16:26 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data.lnk [2010/07/28 22:16:26 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\.housecall6.6.lnk [2010/07/28 22:16:26 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\.thumbnails.lnk [2010/07/28 22:16:26 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Cookies.lnk [2010/07/28 22:16:26 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Citrix.lnk [2010/07/28 22:16:26 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Video.lnk [2010/07/28 22:16:26 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Music.lnk [2010/07/28 22:16:26 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\...lnk [2010/07/28 22:16:26 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\..lnk [2010/07/28 22:16:25 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\New Folder.lnk [2010/07/28 22:16:25 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Passwords.lnk [2010/07/28 22:16:25 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Documents.lnk [2010/07/28 22:16:25 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Pictures.lnk [2010/07/28 09:51:24 | 000,001,167 | ---- | M] () -- C:\WINDOWS\win.ini [2010/07/28 09:51:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/28 09:51:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010/07/27 23:39:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\adot.exe [2010/07/27 13:37:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\hoacum.exe [2010/07/26 23:51:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\quanu.exe [2010/07/26 23:50:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\qlus.exe [2010/07/26 23:45:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\railad.exe [2010/07/26 01:40:10 | 000,076,190 | ---- | M] () -- C:\WINDOWS\hpgins07.dat [2010/07/26 01:37:26 | 000,076,190 | ---- | M] () -- C:\WINDOWS\hpgins07.dat.temp [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpE1EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD4EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpC7EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpBBEA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp42DA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp35DA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp0FDA6.FOT [2010/07/24 02:18:31 | 006,297,520 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\091116_Leo_HTC_Russian_UM.pdf [2010/07/20 02:09:40 | 000,374,272 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Muster list _ Rest Hours 2010.xls [2010/07/12 11:12:30 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Worker onb-transfer.xls [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/08 22:12:06 | 000,000,486 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Shortcut to tmMaster.exe.lnk [2010/08/08 11:44:41 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/08/08 11:44:41 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/08/07 23:15:42 | 018,751,488 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\ntuser.dat [2010/08/07 21:42:55 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\MSE Update Utility.lnk [2010/08/01 21:50:20 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\POB.lnk [2010/07/31 15:26:19 | 000,000,431 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Shortcut to P7300138.JPG.lnk [2010/07/30 22:20:45 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\skk1r7K.dat [2010/07/30 08:57:35 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Automatyczna konserwacja.job [2010/07/29 20:54:08 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010/07/29 12:13:50 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk [2010/07/28 09:14:56 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/07/27 23:39:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\adot.exe [2010/07/27 15:28:58 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Local Settings [2010/07/27 15:28:58 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents [2010/07/27 15:28:58 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Start Menu [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Templates [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\PrintHood [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Gadu-Gadu [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Favorites [2010/07/27 15:28:58 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\UserData [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\WINDOWS [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\NetHood [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Cookies [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\SendTo [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Recent [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Citrix [2010/07/27 15:28:58 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\temp [2010/07/27 15:28:57 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data [2010/07/27 15:28:57 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.housecall6.6 [2010/07/27 15:28:57 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.thumbnails [2010/07/27 15:28:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\New Folder.lnk [2010/07/27 15:28:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Passwords.lnk [2010/07/27 15:28:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Documents.lnk [2010/07/27 15:28:57 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Pictures.lnk [2010/07/27 15:28:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Video.lnk [2010/07/27 15:28:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Music.lnk [2010/07/27 15:28:57 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.. [2010/07/27 15:28:57 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\. [2010/07/27 13:37:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\hoacum.exe [2010/07/27 00:50:02 | 000,003,758 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\FDC9456D-1E39-4363-850A-D67DFECC1351.txt [2010/07/26 23:51:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\quanu.exe [2010/07/26 23:50:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\qlus.exe [2010/07/26 23:45:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\railad.exe [2010/07/26 16:31:16 | 000,003,758 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\FDC9456D-1E39-4363-850A-D67DFECC1351.txt [2010/07/26 15:53:07 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010/07/26 01:37:24 | 000,000,848 | ---- | C] () -- C:\WINDOWS\hpgmdl07.dat.temp [2010/07/26 01:27:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpE1EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD4EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpC7EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpBBEA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp42DA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp35DA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp0FDA6.FOT [2010/07/24 02:15:35 | 006,297,520 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\091116_Leo_HTC_Russian_UM.pdf [2010/07/12 09:52:01 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Worker onb-transfer.xls [2010/06/03 23:59:18 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll [2010/06/03 23:59:11 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini [2010/04/25 17:49:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swsystem.dll [2010/04/09 19:45:05 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/09 19:45:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/04/09 19:44:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/04/09 19:44:51 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/04/09 19:44:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/01/25 15:51:57 | 000,000,091 | ---- | C] () -- C:\WINDOWS\hrconfig.ini [2009/10/16 07:07:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/06/13 10:34:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI [2009/02/02 16:57:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\USERTK.INI [2008/12/19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/17 19:22:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/12/11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/11/04 08:30:27 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/08/06 18:03:54 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\see32.dll [2008/07/13 15:51:23 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\winxdpr3.dll [2008/07/03 17:05:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\geotrans2.INI [2008/05/16 18:36:57 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/12/22 17:18:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll [2007/12/22 17:18:04 | 000,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini [2007/12/22 17:18:04 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini [2007/12/01 17:52:18 | 000,000,391 | R--- | C] () -- C:\WINDOWS\hpw1000k.ini [2007/12/01 17:49:16 | 000,016,954 | ---- | C] () -- C:\WINDOWS\hpbj1000.ini [2007/10/07 20:31:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2007/08/25 17:48:18 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys [2007/08/22 15:24:25 | 000,000,222 | ---- | C] () -- C:\WINDOWS\VOGEL.INI [2007/04/11 01:54:09 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2007/02/19 15:12:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll [2006/11/11 08:31:44 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini [2006/10/16 19:12:58 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\HOTFLDR.DLL [2006/10/11 09:05:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI [2006/07/29 17:14:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2006/07/25 20:47:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2006/07/25 20:47:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI [2006/07/25 12:29:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll [2006/07/25 12:29:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [2006/05/26 01:57:16 | 000,000,096 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI [2006/04/21 17:00:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2006/02/03 07:45:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/01/21 17:51:53 | 000,042,379 | ---- | C] () -- C:\WINDOWS\convfac.ini [2006/01/21 17:51:53 | 000,014,775 | ---- | C] () -- C:\WINDOWS\convit.ini [2006/01/02 15:18:58 | 000,000,928 | ---- | C] () -- C:\WINDOWS\tmmaster.INI [2006/01/02 15:18:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\infotech.ini [2006/01/02 15:18:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2006/01/02 15:18:29 | 000,000,042 | ---- | C] () -- C:\WINDOWS\tmfull.ini [2006/01/02 15:18:27 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll [2005/12/12 14:05:42 | 000,026,784 | ---- | C] () -- C:\WINDOWS\uflfinra.dll [2005/12/12 14:05:42 | 000,024,592 | ---- | C] () -- C:\WINDOWS\uflsamp1.dll [2005/12/12 14:05:42 | 000,022,704 | ---- | C] () -- C:\WINDOWS\uflbar.dll [2005/12/12 14:05:42 | 000,018,240 | ---- | C] () -- C:\WINDOWS\ufldts.dll [2005/12/12 14:05:42 | 000,014,400 | ---- | C] () -- C:\WINDOWS\uf5dts.dll [2005/12/12 14:05:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\RETSAMMT.DLL [2005/12/08 15:21:10 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI [2005/12/06 22:41:17 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2005/12/03 15:27:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2005/12/02 19:20:13 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll [2005/12/02 19:17:07 | 000,001,156 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/12/02 19:17:06 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2005/12/02 19:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2005/12/02 19:06:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lotus.ini [2005/11/28 12:32:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/11/28 08:40:00 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/11/25 16:02:39 | 000,014,336 | R--- | C] () -- C:\WINDOWS\SIVI64.sys [2005/11/25 16:02:39 | 000,009,728 | R--- | C] () -- C:\WINDOWS\SIVX64.sys [2005/11/25 16:02:39 | 000,008,576 | R--- | C] () -- C:\WINDOWS\SIVX32.sys [2005/11/25 16:02:39 | 000,007,810 | R--- | C] () -- C:\WINDOWS\SIVNT4.sys [2005/11/25 16:02:39 | 000,003,904 | R--- | C] () -- C:\WINDOWS\GWIOPM.SYS [2005/11/25 16:02:30 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\SIVX32.SYS [2005/11/25 16:00:24 | 000,000,750 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/10/21 15:05:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\hrdir.ini [2005/04/12 15:53:10 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll [2005/03/28 16:14:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2004/10/03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/08/04 14:00:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\jmcierk.dll.bak [2004/08/04 14:00:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\jmcierk.dll [2004/04/27 01:29:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [color=#E56717]========== LOP Check ==========[/color] [2009/08/07 19:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\19784374 [2010/07/29 09:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2007/08/23 01:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcaBit [2009/03/27 13:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CherSoft [2010/07/29 20:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2005/12/28 10:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2010/04/17 19:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2006/10/11 09:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2008/09/29 02:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit [2009/03/16 04:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2008/09/29 02:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/07/30 01:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2008/05/09 03:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/10/11 09:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2010/07/30 01:58:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009/08/29 21:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Auslogics [2008/04/17 12:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\CherSoft [2010/07/29 21:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\DAEMON Tools Lite [2007/11/09 04:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\EuroTalk [2010/07/15 03:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Feedreader [2009/01/29 18:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Gadu-Gadu [2008/04/19 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\gtk-2.0 [2008/01/24 04:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\ICAClient [2010/07/29 22:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\ImgBurn [2007/10/07 20:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\InterTrust [2007/08/25 03:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\KeySafe [2010/04/28 22:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\MSA [2007/02/22 11:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\MSNInstaller [2008/05/19 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Opera [2009/02/25 09:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Password Solutions [2009/08/03 21:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\STA [2008/03/10 11:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\TeamViewer [2010/07/30 01:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\TuneUp Software [2008/05/09 02:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Viewpoint [2006/10/11 09:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Zeon [2009/07/12 10:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\STA [2009/07/12 09:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\STA [2010/08/08 11:53:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2010/08/06 09:00:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Automatyczna konserwacja.job [2010/08/04 23:21:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\Defraggler Volume C Task.job [2010/08/08 20:37:25 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010/08/08 22:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/07/28 09:51:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/12/04 17:51:57 | 000,000,081 | ---- | M] () -- C:\CTX.DAT [2000/12/13 10:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE [2007/04/11 01:54:14 | 000,001,119 | ---- | M] () -- C:\INSTALL.LOG [2005/11/25 15:56:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/05/05 02:34:26 | 000,007,572 | ---- | M] () -- C:\mksbasel.cpp.log [2005/11/25 15:56:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/10/03 16:54:57 | 000,250,048 | -HS- | M] () -- C:\ntldr [2010/08/08 20:28:37 | 1997,537,280 | -HS- | M] () -- C:\pagefile.sys [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010/05/29 19:28:13 | 000,038,400 | ---- | M] ()(C:\Documents and Settings\Bridge.EID90\My Documents\??????? SIA SB PLUSS.doc) -- C:\Documents and Settings\Bridge.EID90\My Documents\Магазин SIA SB PLUSS.doc [2010/05/29 19:28:12 | 000,038,400 | ---- | C] ()(C:\Documents and Settings\Bridge.EID90\My Documents\??????? SIA SB PLUSS.doc) -- C:\Documents and Settings\Bridge.EID90\My Documents\Магазин SIA SB PLUSS.doc [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bridge.EID90\Desktop\tmMaster.exe:SummaryInformation @Alternate Data Stream - 5157 bytes -> C:\Documents and Settings\Bridge.EID90\(l:§'dn€ @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1 < End of report > [/log] [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Bridge at 2010-08-08 22:35:29 Microsoft Windows XP Professional Service Pack 3 System drive C: has 50 GB (66%) free of 76 GB Total RAM: 1271 MB (41% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:37:11, on 08/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\CherSoft\TTService\TTService.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Seagull\STA33\DbamSQLAgent.exe C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\MSE Update Utility\MSE Update Utility.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Connection\Phone\miccon.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System\RSIT.exe C:\Program Files\trend micro\Bridge.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O2 - BHO: (no name) - {FDC9456D-1E39-4363-850A-D67DFECC1351} - c:\windows\system32\jmcierk.dll (file missing) O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide O4 - HKLM\..\Run: [MSE Update Utility] C:\Program Files\MSE Update Utility\MSE Update Utility.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: &Search - ?p=ZRxdm427YYNO O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EID90.FORC O17 - HKLM\Software\..\Telephony: DomainName = EID90.FORC O17 - HKLM\System\CCS\Services\Tcpip\..\{F01DD29E-94AB-4740-9BB0-07C7D340029B}: NameServer = 10.0.90.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EID90.FORC O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EID90.FORC O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcaBit.Core.Configurator - Unknown owner - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe (file missing) O23 - Service: Google Update Service (gupdate1ca48fef46c63a7) (gupdate1ca48fef46c63a7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (file missing) O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sta Dbam SqlAgent (SEAGULL2005) (Sta.Dbam.SqlAgent$SEAGULL2005) - Unknown owner - C:\Program Files\Seagull\STA33\DbamSQLAgent.exe O23 - Service: Sta Importer Service (Sta.Importer.Service) - Unknown owner - C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe O23 - Service: TTService - UK Hydrographic Office and Chersoft Ltd - C:\Program Files\Common Files\CherSoft\TTService\TTService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://by127fd.bay127.hotmail.msn.com/cgi-bin/getmsg?&msg=CD22971B-211B-4F7B-8337-C01DBE49780C&start=0&len=615942&curmbox=00000000-0000-0000-0000-000000000001&a=a148a9eb7def75ab0fc6023ae685cf1f74dff6f533ad256dbc488df2f2fc9bad&mimepart=9 O24 - Desktop Component 1: (no name) - http://by127fd.bay127.hotmail.msn.com/cgi-bin/getmsg?&msg=CD22971B-211B-4F7B-8337-C01DBE49780C&start=0&len=615942&curmbox=00000000-0000-0000-0000-000000000001&a=a148a9eb7def75ab0fc6023ae685cf1f74dff6f533ad256dbc488df2f2fc9bad&mimepart=14 O24 - Desktop Component 2: (no name) - http://www.skipsfarts-forum.net/download.php?action=img&iid=18457 O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/BRIDGE~1.EID/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg -- End of file - 10624 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\Automatyczna konserwacja.job C:\WINDOWS\tasks\Defraggler Volume C Task.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\OGALogon.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-545701781-3224946616-1018453507-1121.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-545701781-3224946616-1018453507-1121.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-09 341600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-03-28 1196936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-03-18 204248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDC9456D-1E39-4363-850A-D67DFECC1351}] c:\windows\system32\jmcierk.dll [2004-08-04 101376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-03-28 1196936] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-10-14 14864384] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392] "MSE Update Utility"=C:\Program Files\MSE Update Utility\MSE Update Utility.exe [2009-11-27 608256] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5DR8ZAD8GX] C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\Fgj.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beuunog] C:\Documents and Settings\Bridge.EID90\beuunog.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DS Clock] C:\Program Files\DS Clock\DSClock.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jcvex] C:\Documents and Settings\Bridge.EID90\jcvex.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\laedu] C:\Documents and Settings\Bridge.EID90\laedu.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-04-29 5248312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe [2005-04-29 106496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roapu] C:\Documents and Settings\Bridge.EID90\roapu.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toeeqi] C:\Documents and Settings\Bridge.EID90\toeeqi.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tuook] C:\Documents and Settings\Bridge.EID90\tuook.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzzHPSETUP] D:\Setup.exe \RESET [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\AcroTray.exe [2001-03-15 49254] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bridge.EID90^Start Menu^Programs^Startup^LimeWire On Startup.lnk] C:\PROGRA~1\LimeWire\LimeWire.exe -startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "DefWatch"=2 "Symantec AntiVirus"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2005-06-23 43712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=0xFFFFFFFF [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Connection\Phone\miccon.exe"="C:\Program Files\Microsoft Connection\Phone\miccon.exe:*:Enabled:miccon" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Disabled:Toolbox for HP Printing System for Windows" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Hewlett-Packard\HP Business Inkjet 1000\Toolbox\HPWTTBX.exe"="C:\Program Files\Hewlett-Packard\HP Business Inkjet 1000\Toolbox\HPWTTBX.exe:*:Disabled:Toolbox for HP Printing System for Windows" "C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe"="C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO" "C:\Nautisk\Neptune\client\Neptune.exe"="C:\Nautisk\Neptune\client\Neptune.exe:*:Enabled:Neptune" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Microsoft Connection\Phone\miccon.exe"="C:\Program Files\Microsoft Connection\Phone\miccon.exe:*:Enabled:miccon" ======List of files/folders created in the last 1 months====== 2010-08-08 22:25:28 ----D---- C:\_OTL 2010-08-07 22:48:00 ----A---- C:\WINDOWS\system32\drivers\ISAPNP.SYS 2010-08-07 17:38:36 ----N---- C:\WINDOWS\system32\MpSigStub.exe 2010-08-07 14:28:23 ----D---- C:\Program Files\MSE Update Utility 2010-08-06 11:59:21 ----D---- C:\Program Files\Microsoft Security Essentials 2010-08-01 16:24:48 ----RASHD---- C:\autorun.inf 2010-07-31 21:15:15 ----D---- C:\Program Files\Skype 2010-07-30 19:11:43 ----D---- C:\Program Files\Microsoft Connection 2010-07-30 01:59:43 ----A---- C:\WINDOWS\system32\TURegOpt.exe 2010-07-30 01:59:42 ----A---- C:\WINDOWS\system32\uxtuneup.dll 2010-07-30 01:59:21 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\TuneUp Software 2010-07-30 01:59:09 ----D---- C:\Program Files\TuneUp Utilities 2010 2010-07-30 01:59:02 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2010-07-30 01:58:35 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-07-29 22:07:23 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\ImgBurn 2010-07-29 21:42:16 ----D---- C:\Program Files\ImgBurn 2010-07-29 20:54:08 ----A---- C:\WINDOWS\system32\drivers\sptd.sys 2010-07-29 20:49:36 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\DAEMON Tools Lite 2010-07-29 20:49:33 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2010-07-29 14:48:45 ----D---- C:\Program Files\trend micro 2010-07-29 14:48:44 ----D---- C:\rsit 2010-07-29 09:59:33 ----D---- C:\Program Files\Alwil Software 2010-07-29 09:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software 2010-07-29 03:09:17 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt 2010-07-18 22:24:42 ----D---- C:\Program Files\Moffsoft Calculator 2 2010-07-15 03:25:54 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\Feedreader 2010-07-15 03:25:48 ----D---- C:\Program Files\FeedReader30 2010-07-15 01:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ ======List of files/folders modified in the last 1 months====== 2010-08-08 22:35:34 ----D---- C:\WINDOWS\Prefetch 2010-08-08 22:33:17 ----D---- C:\WINDOWS\system32 2010-08-08 22:33:15 ----D---- C:\WINDOWS\Temp 2010-08-08 22:04:11 ----D---- C:\Program Files\Common Files\System 2010-08-08 21:38:35 ----SD---- C:\WINDOWS\Tasks 2010-08-08 21:38:12 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\Skype 2010-08-08 20:37:35 ----D---- C:\WINDOWS\system32\Lang 2010-08-08 20:30:41 ----SHD---- C:\System Volume Information 2010-08-08 20:30:41 ----D---- C:\WINDOWS\system32\Restore 2010-08-08 20:29:08 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-08 20:28:46 ----SHD---- C:\WINDOWS\CSC 2010-08-08 15:44:20 ----D---- C:\WINDOWS\security 2010-08-08 13:22:58 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-08-08 12:23:56 ----AC---- C:\WINDOWS\ntbtlog.txt 2010-08-08 11:44:46 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla 2010-08-08 11:44:40 ----D---- C:\Program Files\Mozilla Firefox 2010-08-08 04:44:51 ----SHD---- C:\WINDOWS\Installer 2010-08-08 04:44:51 ----HD---- C:\Config.Msi 2010-08-08 04:44:51 ----D---- C:\WINDOWS 2010-08-08 04:41:21 ----A---- C:\WINDOWS\infotech.ini 2010-08-07 23:27:36 ----HD---- C:\WINDOWS\inf 2010-08-07 23:20:33 ----D---- C:\WINDOWS\system32\config 2010-08-07 23:20:09 ----D---- C:\WINDOWS\system32\wbem 2010-08-07 23:20:09 ----D---- C:\WINDOWS\Registration 2010-08-07 23:10:23 ----D---- C:\WINDOWS\system32\drivers\etc 2010-08-07 23:08:22 ----D---- C:\WINDOWS\system32\drivers 2010-08-07 14:28:23 ----RD---- C:\Program Files 2010-08-06 11:59:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-08-05 19:59:39 ----SHD---- C:\Documents and Settings 2010-08-05 19:55:41 ----A---- C:\WINDOWS\OEWABLog.txt 2010-07-31 21:17:19 ----D---- C:\Program Files\hp LaserJet 1000 2010-07-31 21:15:33 ----D---- C:\Program Files\QuickTime 2010-07-31 15:41:45 ----D---- C:\Program Files\ZipCentral 2010-07-31 13:20:09 ----RSD---- C:\WINDOWS\Fonts 2010-07-30 21:28:59 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\skypePM 2010-07-30 03:03:35 ----D---- C:\TempEI4 2010-07-30 03:03:27 ----D---- C:\TEMP 2010-07-30 03:00:52 ----D---- C:\Downloads 2010-07-30 00:13:46 ----D---- C:\Program Files\Yahoo! 2010-07-30 00:13:46 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\Yahoo! 2010-07-30 00:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! 2010-07-29 23:52:31 ----D---- C:\Program Files\Common Files 2010-07-29 10:16:52 ----D---- C:\Program Files\Windows Media Player 2010-07-29 10:06:26 ----D---- C:\WINDOWS\WinSxS 2010-07-29 03:09:40 ----D---- C:\WINDOWS\system32\ias 2010-07-28 09:51:24 ----ASH---- C:\boot.ini 2010-07-28 09:51:24 ----A---- C:\WINDOWS\win.ini 2010-07-28 09:51:24 ----A---- C:\WINDOWS\system.ini 2010-07-28 09:16:29 ----D---- C:\Documents and Settings\Bridge.EID90\Application Data\U3 2010-07-27 12:44:58 ----D---- C:\Program Files\Google 2010-07-23 12:02:39 ----SD---- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft 2010-07-15 01:44:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-15 01:42:52 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-15 01:42:13 ----D---- C:\Program Files\Common Files\Microsoft Shared ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-01-26 20576] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-29 691696] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R0 yflnahwe;yflnahwe; C:\WINDOWS\system32\drivers\yflnahwe.sys [2004-08-04 23424] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832] R2 Par1284;Par1284; \??\C:\Program Files\HP DesignJet 500PS\Program\Par1284.sys [] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2009-02-05 31704] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-10-18 4034048] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128] S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 cpuz132;cpuz132; \??\C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [] S3 cxbu0wdm;CardMan 3x21; C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2007-02-28 91008] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 SIVDRIVER;SIV Kernel Driver; \??\C:\WINDOWS\system32\Drivers\SIVX32.SYS [] S3 SMCWPCIT;SMCWPCIT-G 108Mbps Wireless PCI adapter Service; C:\WINDOWS\system32\DRIVERS\SMCWPCIT.sys [] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 UXDCMN;UXDCMN; \??\D:\UXDCMN.SYS [] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408] S3 wlanndi5;wlanndi5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\wlanndi5.SYS [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 HssSrv;Hotspot Shield Helper Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-05 117208] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904] R2 MSSQL$SEAGULL2005;SQL Server (SEAGULL2005); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904] R2 Sta.Dbam.SqlAgent$SEAGULL2005;Sta Dbam SqlAgent (SEAGULL2005); C:\Program Files\Seagull\STA33\DbamSQLAgent.exe [2009-07-12 90112] R2 Sta.Importer.Service;Sta Importer Service; C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe [2008-05-06 20480] R2 TTService;TTService; C:\Program Files\Common Files\CherSoft\TTService\TTService.exe [2008-10-20 329216] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-06-15 1051976] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 xcpnsabr;Terminal Device Support; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 gupdate1ca48fef46c63a7;Google Update Service (gupdate1ca48fef46c63a7); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-09 133104] S2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [] S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator; C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 138168] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-07-30 435016] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [] S4 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [] -----------------EOF----------------- [/log]
Sohei komentarz 9 sierpnia 2010 komentarz 9 sierpnia 2010 [code]:Processes Explorer.exe :OTL [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpE1EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD4EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpC7EA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpBBEA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp42DA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp35DA6.FOT [2010/07/26 01:27:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp0FDA6.FOT :files C:\WINDOWS\hpgins07.dat.temp C:\WINDOWS\tasks\At1.job C:\WINDOWS\hpgmdl07.dat.temp C:\WINDOWS\System32\zshp1000.GID C:\WINDOWS\hpgins07.dat.temp C:\Documents and Settings\All Users\Application Data\skk1r7K.dat C:\Documents and Settings\Bridge.EID90\adot.exe C:\Documents and Settings\Bridge.EID90\hoacum.exe C:\Documents and Settings\Bridge.EID90\quanu.exe C:\Documents and Settings\Bridge.EID90\qlus.exe C:\Documents and Settings\Bridge.EID90\railad.exe C:\Documents and Settings\Bridge.EID90\hoacum.exe :Commands [emptytemp] [start explorer] [Reboot][/code] Wklejasz to do OTL w białe okienko i klikasz run fix. Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url] Wykonaj pełny skan[url=http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html][b]MBAM[/b][/url] Co znajda usun po czym daj logi z usuwania + nowy log OTL 1
klimek1313 komentarz 9 sierpnia 2010 Autor komentarz 9 sierpnia 2010 DRWEB (dziwny jakis, zapisal w excelu): [log] yflnahwe.sys;C:\WINDOWS\system32\drivers;Trojan.NtRootKit.1652;Deleted.; nircmd.exe;C:\WINDOWS\system32\STA;Tool.NirCmd.1;Deleted.; [/log] z mbama mam dwa bo mi przerwalo: [log] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4411 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 09/08/2010 20:40:46 mbam-log-2010-08-09 (20-40-46).txt Scan type: Quick scan Objects scanned: 0 Time elapsed: 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fdc9456d-1e39-4363-850a-d67dfecc1351} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fdc9456d-1e39-4363-850a-d67dfecc1351} (Trojan.BHO.H) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\jmcierk.dll (Trojan.BHO.H) -> Delete on reboot. [/log] [log] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4411 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 09/08/2010 22:41:33 mbam-log-2010-08-09 (22-41-33).txt Scan type: Full scan (C:\|) Objects scanned: 245521 Time elapsed: 1 hour(s), 0 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 16 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{56acb669-4139-5611-cbba-f5acb0f4db09} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\5DR8ZAD8GX (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WORT (Trojan.Vilsel) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\19784374 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Windows Media Player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\19784374\19784374 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\Help\kfdtk.chm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\t55ft2668f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\t55ft3105f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully. [/log] i koncowy OTL: [log] OTL logfile created on: 09/08/2010 22:47:49 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): C:\pagefile.sys 1905 1905 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 50.22 Gb Free Space | 67.40% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 48.83 Gb Total Space | 32.76 Gb Free Space | 67.10% Space Free | Partition Type: NTFS Drive J: | 48.83 Gb Total Space | 32.76 Gb Free Space | 67.10% Space Free | Partition Type: NTFS Computer Name: BRIDGEPC_FORC Current User Name: Bridge Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010/07/29 11:51:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System\OTL.exe PRC - [2010/06/15 15:05:58 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010/06/15 15:04:28 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010/01/16 05:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/11/27 08:43:12 | 000,608,256 | ---- | M] (Haseeb Ahmed) -- C:\Program Files\MSE Update Utility\MSE Update Utility.exe PRC - [2009/09/13 19:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/08/06 20:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009/07/12 10:21:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Seagull\STA33\DbamSQLAgent.exe PRC - [2009/07/02 18:36:52 | 000,203,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe PRC - [2009/07/02 18:36:52 | 000,203,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe PRC - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009/03/09 06:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009/02/05 23:56:14 | 000,117,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/10/20 15:00:46 | 000,329,216 | ---- | M] (UK Hydrographic Office and Chersoft Ltd) -- C:\Program Files\Common Files\CherSoft\TTService\TTService.exe PRC - [2008/05/06 10:09:26 | 000,020,480 | ---- | M] () -- C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe PRC - [2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008/04/14 02:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008/04/14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [BTHSVCS] PRC - [2008/04/14 02:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe PRC - [2008/04/14 02:12:33 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008/04/14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008/04/14 02:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008/04/14 02:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007/01/04 23:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2007/01/04 23:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2005/10/14 17:51:40 | 014,864,384 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2005/09/20 10:32:24 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2001/10/24 08:25:58 | 000,212,992 | ---- | M] () -- C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010/07/29 11:51:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System\OTL.exe MOD - [2009/12/08 11:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009/06/25 10:25:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009/04/15 16:51:25 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009/03/21 16:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009/02/09 14:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009/02/09 14:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008/10/23 14:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008/06/17 21:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008/04/14 05:42:06 | 000,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008/04/14 02:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/14 02:12:45 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008/04/14 02:12:08 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008/04/14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008/04/14 02:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008/04/14 02:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008/04/14 02:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008/04/14 02:12:03 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008/04/14 02:12:02 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008/04/14 02:12:02 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008/04/14 02:12:02 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008/04/14 02:12:01 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008/04/14 02:11:58 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008/04/14 02:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008/04/14 02:11:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008/04/14 02:11:51 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008/04/14 02:11:51 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008/04/14 02:11:50 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008/04/14 02:11:49 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008/04/14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008/04/14 02:10:06 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\jmcierk.dll -- (xcpnsabr) Sony USB Filter (SONYPVU1) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe -- (ArcaBit.Core.Configurator) SRV - [2010/07/30 01:59:40 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010/06/15 15:04:28 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/06/15 15:01:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009/07/12 10:21:20 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Seagull\STA33\DbamSQLAgent.exe -- (Sta.Dbam.SqlAgent$SEAGULL2005) Sta Dbam SqlAgent (SEAGULL2005) SRV - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SEAGULL2005) SQL Server (SEAGULL2005) SRV - [2009/02/05 23:56:14 | 000,117,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/10/20 15:00:46 | 000,329,216 | ---- | M] (UK Hydrographic Office and Chersoft Ltd) [Auto | Running] -- C:\Program Files\Common Files\CherSoft\TTService\TTService.exe -- (TTService) SRV - [2008/05/06 10:09:26 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe -- (Sta.Importer.Service) SRV - [2007/01/04 23:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- D:\UXDCMN.SYS -- (UXDCMN) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SMCWPCIT.sys -- (SMCWPCIT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2010/07/29 20:54:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/02/25 12:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009/06/18 19:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009/02/05 23:55:12 | 000,031,704 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv) DRV - [2008/12/06 20:01:20 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/01/23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn) DRV - [2007/02/28 08:38:22 | 000,091,008 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm) DRV - [2006/02/20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) DRV - [2006/02/20 18:59:27 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM) DRV - [2005/10/18 13:15:42 | 004,034,048 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/09/24 12:10:24 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SIVX32.SYS -- (SIVDRIVER) DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/04/21 17:51:00 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5) DRV - [2000/09/09 17:20:26 | 000,047,328 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\HP DesignJet 500PS\Program\Par1284.sys -- (Par1284) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/09 19:04:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/08 11:44:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/08 11:44:37 | 000,000,000 | ---D | M] [2010/08/08 11:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Extensions [2010/05/03 04:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/08/08 14:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions [2010/08/08 12:07:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/08 14:34:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/08/08 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/12/17 08:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org [2010/01/16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010/01/16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010/01/16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010/01/16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010/01/16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010/01/16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010/08/07 23:10:23 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppcfg.exe () O4 - HKLM..\Run: [MSE Update Utility] C:\Program Files\MSE Update Utility\MSE Update Utility.exe (Haseeb Ahmed) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - Reg Error: Key error. File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EID90.FORC O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop Components:0 () - http://by127fd.bay127.hotmail.msn.com/cgi-bin/getmsg?&msg=CD22971B-211B-4F7B-8337-C01DBE49780C&start=0&len=615942&curmbox=00000000-0000-0000-0000-000000000001&a=a148a9eb7def75ab0fc6023ae685cf1f74dff6f533ad256dbc488df2f2fc9bad&mimepart=9 O24 - Desktop Components:1 () - http://by127fd.bay127.hotmail.msn.com/cgi-bin/getmsg?&msg=CD22971B-211B-4F7B-8337-C01DBE49780C&start=0&len=615942&curmbox=00000000-0000-0000-0000-000000000001&a=a148a9eb7def75ab0fc6023ae685cf1f74dff6f533ad256dbc488df2f2fc9bad&mimepart=14 O24 - Desktop Components:2 () - http://www.skipsfarts-forum.net/download.php?action=img&iid=18457 O24 - Desktop Components:3 () - file:///C:/DOCUME~1/BRIDGE~1.EID/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg O24 - Desktop Components:4 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/08/01 16:24:48 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{0f6cf4b0-86f3-11db-b5ed-0013208aec27}\Shell\Auto\command - "" = RavMonE.exe e O33 - MountPoints2\{0f6cf4b0-86f3-11db-b5ed-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1270781c-c8a2-11da-b5b7-0013208aec27}\Shell\AutoRun\command - "" = setupSNK.exe O33 - MountPoints2\{2cc55784-04eb-11de-81b2-0013208aec27}\Shell\AutoRun\command - "" = dbrxubcw.com O33 - MountPoints2\{2cc55784-04eb-11de-81b2-0013208aec27}\Shell\open\Command - "" = dbrxubcw.com O33 - MountPoints2\{2cc557d7-04eb-11de-81b2-0013208aec27}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O33 - MountPoints2\{44169f9f-50cd-11de-81eb-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{44169f9f-50cd-11de-81eb-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{44169f9f-50cd-11de-81eb-0013208aec27}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{525607c5-bcf7-11dd-b6ad-0013208aec27}\Shell\AutoRun\command - "" = 1utbfd.bat O33 - MountPoints2\{525607c5-bcf7-11dd-b6ad-0013208aec27}\Shell\open\Command - "" = 1utbfd.bat O33 - MountPoints2\{5265cf4d-9874-11df-8976-0013208aec27}\Shell\AutoRun\command - "" = kasper/kasper32.exe O33 - MountPoints2\{5265cf4d-9874-11df-8976-0013208aec27}\Shell\explore\command - "" = .////////kasper/\\\\\kasper32.exe O33 - MountPoints2\{5265cf4d-9874-11df-8976-0013208aec27}\Shell\open\command - "" = kasper/////////kasper32.exe O33 - MountPoints2\{6c4e67ab-68bf-11de-81f9-0013208aec27}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{73debc77-9af0-11dc-b64f-0013208aec27}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{76cde37c-e956-11dd-b6cc-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{76cde37c-e956-11dd-b6cc-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{76cde37c-e956-11dd-b6cc-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{7e9e5cb7-2a78-11de-81d6-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{7e9e5cb7-2a78-11de-81d6-0013208aec27}\Shell\Auto\command - "" = asp.net O33 - MountPoints2\{7e9e5cb7-2a78-11de-81d6-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7e9e5ccc-2a78-11de-81d6-0013208aec27}\Shell\AutoRun\command - "" = lc.exe O33 - MountPoints2\{7e9e5ccc-2a78-11de-81d6-0013208aec27}\Shell\open\Command - "" = lc.exe O33 - MountPoints2\{911c376b-0bab-11dd-b676-0013208aec27}\Shell\AutoRun\command - "" = 1utbfd.bat O33 - MountPoints2\{911c376b-0bab-11dd-b676-0013208aec27}\Shell\open\Command - "" = 1utbfd.bat O33 - MountPoints2\{9454f1fd-2ef2-11dc-b609-0013208aec27}\Shell\Auto\command - "" = sal.xls.exe O33 - MountPoints2\{9454f1fd-2ef2-11dc-b609-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d254a51-2fcd-11de-81db-0013208aec27}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{9d254a51-2fcd-11de-81db-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d254a70-2fcd-11de-81db-0013208aec27}\Shell\AutoRun\command - "" = E:\driver\usb\usb_driver.exe -- File not found O33 - MountPoints2\{9d254a70-2fcd-11de-81db-0013208aec27}\Shell\open\command - "" = E:\driver\usb\usb_driver.exe -- File not found O33 - MountPoints2\{addfa9a9-a26b-11dc-b650-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{addfa9a9-a26b-11dc-b650-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{addfa9a9-a26b-11dc-b650-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{addfa9d5-a26b-11dc-b650-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{addfa9d5-a26b-11dc-b650-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{addfa9d5-a26b-11dc-b650-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{b188b011-3f38-11dd-b685-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{b188b011-3f38-11dd-b685-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b188b011-3f38-11dd-b685-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{b188b0da-3f38-11dd-b685-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{b188b0da-3f38-11dd-b685-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b188b0da-3f38-11dd-b685-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{b293de47-92a4-11dd-b69a-0013208aec27}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe O33 - MountPoints2\{b875b817-e77b-11db-b5fa-0013208aec27}\Shell\AutoRun\command - "" = G:\1utbfd.bat -- File not found O33 - MountPoints2\{b875b817-e77b-11db-b5fa-0013208aec27}\Shell\open\Command - "" = G:\1utbfd.bat -- File not found O33 - MountPoints2\{bc2d213e-9ce2-11de-822a-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{bc2d213e-9ce2-11de-822a-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bc2d213e-9ce2-11de-822a-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{bfd52835-4fa0-11db-b5dd-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{bfd52835-4fa0-11db-b5dd-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c4f8b1f7-9af7-11db-b5ef-0013208aec27}\Shell\Auto\command - "" = RavMonE.exe e O33 - MountPoints2\{c4f8b1f7-9af7-11db-b5ef-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5f066f2-fe20-11dc-b671-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{c5f066f2-fe20-11dc-b671-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5f066f2-fe20-11dc-b671-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{cd06d8ba-cd82-11dd-b6b7-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{cd06d8ba-cd82-11dd-b6b7-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cd06d8ba-cd82-11dd-b6b7-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{dcf7aa50-9982-11df-8986-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{dcf7aa50-9982-11df-8986-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcf7aa50-9982-11df-8986-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{e1a35834-5881-11dd-b68a-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{e1a35834-5881-11dd-b68a-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e1a35834-5881-11dd-b68a-0013208aec27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{e9d12b2e-207f-11de-81ce-0013208aec27}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{e9d12b2e-207f-11de-81ce-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e9d12b2f-207f-11de-81ce-0013208aec27}\Shell\AutoRun\command - "" = F:\wdsync.exe -- File not found O33 - MountPoints2\{f5acac63-7721-11dd-b691-0013208aec27}\Shell\AutoRun\command - "" = E:\ekugb3.bat -- File not found O33 - MountPoints2\{f5acac63-7721-11dd-b691-0013208aec27}\Shell\explore\Command - "" = E:\ekugb3.bat -- File not found O33 - MountPoints2\{f5acac63-7721-11dd-b691-0013208aec27}\Shell\open\Command - "" = E:\ekugb3.bat -- File not found O33 - MountPoints2\{f6972b72-9b43-11df-899d-0013208aec27}\Shell - "" = AutoRun O33 - MountPoints2\{f6972b72-9b43-11df-899d-0013208aec27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f6972b72-9b43-11df-899d-0013208aec27}\Shell\AutoRun\command - "" = F:\wubi.exe -- File not found O33 - MountPoints2\{f93e3682-a940-11dc-b651-0013208aec27}\Shell\AutOplay\COMmAND - "" = xkhm.pif O33 - MountPoints2\{f93e3682-a940-11dc-b651-0013208aec27}\Shell\AutoRun\command - "" = xkhm.pif O33 - MountPoints2\{f93e3682-a940-11dc-b651-0013208aec27}\Shell\explorE\Command - "" = xkhm.pif O33 - MountPoints2\{f93e3682-a940-11dc-b651-0013208aec27}\Shell\oPen\coMMAnD - "" = xkhm.pif O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: xcpnsabr - C:\WINDOWS\System32\jmcierk.dll File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found MsConfig - Services: "DefWatch" MsConfig - Services: "Symantec AntiVirus" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe - (Adobe Systems Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\PROGRA~1\MICROS~2\Office\OSA9.EXE - File not found MsConfig - StartUpFolder: C:^Documents and Settings^Bridge.EID90^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\PROGRA~1\LimeWire\LimeWire.exe - File not found MsConfig - StartUpReg: [b]5DR8ZAD8GX[/b] - hkey= - key= - C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\Fgj.exe File not found MsConfig - StartUpReg: [b]beuunog[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\beuunog.exe File not found MsConfig - StartUpReg: [b]ccApp[/b] - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found MsConfig - StartUpReg: [b]DS Clock[/b] - hkey= - key= - C:\Program Files\DS Clock\DSClock.exe File not found MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: [b]igfxpers[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]igfxtray[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]jcvex[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\jcvex.exe File not found MsConfig - StartUpReg: [b]KernelFaultCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]laedu[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\laedu.exe File not found MsConfig - StartUpReg: [b]Messenger (Yahoo!)[/b] - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]PDF3 Registry Controller[/b] - hkey= - key= - C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found MsConfig - StartUpReg: [b]roapu[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\roapu.exe File not found MsConfig - StartUpReg: [b]SSBkgdUpdate[/b] - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]swg[/b] - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found MsConfig - StartUpReg: [b]Synchronization Manager[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]TkBellExe[/b] - hkey= - key= - C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe File not found MsConfig - StartUpReg: [b]toeeqi[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\toeeqi.exe File not found MsConfig - StartUpReg: [b]tuook[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\tuook.exe File not found MsConfig - StartUpReg: [b]vptray[/b] - hkey= - key= - C:\PROGRA~1\SYMANT~1\VPTray.exe File not found MsConfig - StartUpReg: [b]zzzHPSETUP[/b] - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010/08/09 20:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\Malwarebytes [2010/08/09 20:16:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/08/09 20:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/08/09 20:16:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/08/09 20:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/08/09 19:52:53 | 000,000,000 | ---D | C] -- C:\My Documents [2010/08/09 19:51:24 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\roboex32.dll [2010/08/09 19:48:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/08/08 22:25:28 | 000,000,000 | ---D | C] -- C:\_OTL [2010/08/08 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\My Documents\Pobieranie [2010/08/07 14:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\Haseeb_Ahmed [2010/08/07 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSE Update Utility [2010/08/06 11:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/08/05 13:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\DoctorWeb [2010/08/05 00:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities [2010/08/02 10:37:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bridge.EID90\UserData [2010/08/01 16:24:48 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010/07/31 21:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Skype [2010/07/30 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Connection [2010/07/30 01:59:43 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010/07/30 01:59:42 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010/07/30 01:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\TuneUp Software [2010/07/30 01:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010 [2010/07/30 01:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/07/30 01:58:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/07/29 22:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\ImgBurn [2010/07/29 21:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2010/07/29 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images [2010/07/29 20:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\DAEMON Tools Lite [2010/07/29 20:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010/07/29 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/07/29 14:48:44 | 000,000,000 | ---D | C] -- C:\rsit [2010/07/29 09:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/07/29 09:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/07/27 05:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/07/27 05:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/07/26 16:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/26 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/07/18 22:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Moffsoft Calculator 2 [2010/07/15 03:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\Feedreader [2010/07/15 03:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\FeedReader30 [2010/07/12 16:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\HSE docs [2010/07/09 19:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\VF OM [2010/07/04 21:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\Riser Inspection [2010/06/29 13:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\Rigging and Lifting Equipment Certs [2010/06/28 07:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\My Documents\HSE REPORTS [2010/06/27 23:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Leksykonia [2010/06/19 20:00:05 | 000,000,000 | ---D | C] -- C:\Lotus [2010/06/19 17:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\JOB LIST TO BE DONE DURING SHIPYARD [2006/01/02 15:18:27 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll [2004/11/24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010/08/09 22:43:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/09 22:43:52 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/08/09 22:43:50 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/08/09 22:43:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/08/09 22:43:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/09 22:43:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/09 22:42:25 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2010/08/09 22:42:21 | 018,751,488 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\ntuser.dat [2010/08/09 22:42:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bridge.EID90\ntuser.ini [2010/08/09 22:22:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/08/09 22:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010/08/09 19:54:09 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk [2010/08/09 19:53:53 | 000,001,416 | ---- | M] () -- C:\WINDOWS\win.ini [2010/08/09 19:53:53 | 000,000,659 | ---- | M] () -- C:\WINDOWS\FMTMSAM.INI [2010/08/09 19:53:35 | 000,000,168 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2010/08/09 19:48:36 | 000,000,608 | -HS- | M] () -- C:\WINDOWS\System32\winzvprt5.sys [2010/08/09 18:28:49 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010/08/09 18:28:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/08/09 17:11:05 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/08/09 06:08:37 | 000,000,164 | ---- | M] () -- C:\WINDOWS\infotech.ini [2010/08/08 23:35:46 | 000,616,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/08 23:35:46 | 000,507,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/08 23:35:46 | 000,097,566 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/08/08 11:44:41 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/08/08 11:44:41 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/08/08 00:16:17 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\2 shift Muster list _ Rest Hours 2010.xls [2010/08/07 23:10:23 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/08/07 21:42:55 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\MSE Update Utility.lnk [2010/08/07 17:38:47 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/06 11:52:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/08/06 09:00:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Automatyczna konserwacja.job [2010/08/04 23:21:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job [2010/08/01 21:50:20 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\POB.lnk [2010/07/29 20:54:08 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010/07/29 12:13:50 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk [2010/07/28 22:16:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Start Menu.lnk [2010/07/28 22:16:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Templates.lnk [2010/07/28 22:16:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\UserData.lnk [2010/07/28 22:16:28 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\WINDOWS.lnk [2010/07/28 22:16:28 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\temp.lnk [2010/07/28 22:16:27 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Local Settings.lnk [2010/07/28 22:16:27 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\PrintHood.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Gadu-Gadu.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Favorites.lnk [2010/07/28 22:16:27 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\NetHood.lnk [2010/07/28 22:16:27 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop.lnk [2010/07/28 22:16:27 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\SendTo.lnk [2010/07/28 22:16:27 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Recent.lnk [2010/07/28 22:16:26 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data.lnk [2010/07/28 22:16:26 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\.housecall6.6.lnk [2010/07/28 22:16:26 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\.thumbnails.lnk [2010/07/28 22:16:26 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Cookies.lnk [2010/07/28 22:16:26 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Citrix.lnk [2010/07/28 22:16:26 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Video.lnk [2010/07/28 22:16:26 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Music.lnk [2010/07/28 22:16:26 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\...lnk [2010/07/28 22:16:26 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\..lnk [2010/07/28 22:16:25 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\New Folder.lnk [2010/07/28 22:16:25 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Passwords.lnk [2010/07/28 22:16:25 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Documents.lnk [2010/07/28 22:16:25 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Pictures.lnk [2010/07/26 01:40:10 | 000,076,190 | ---- | M] () -- C:\WINDOWS\hpgins07.dat [2010/07/24 02:18:31 | 006,297,520 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\091116_Leo_HTC_Russian_UM.pdf [2010/07/20 02:09:40 | 000,374,272 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Muster list _ Rest Hours 2010.xls [2010/07/12 11:12:30 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Worker onb-transfer.xls [2010/07/08 10:46:21 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Ocean going logo.doc [2010/07/01 12:12:57 | 000,000,029 | ---- | M] () -- C:\WINDOWS\hrdir.ini [2010/06/28 08:10:08 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Safety Template.doc [2010/06/26 07:20:49 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\crew declaratn 2.xls [2010/06/25 16:31:58 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\crew declaration.xls [2010/06/23 09:37:43 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\personnel Data 4 SPM.29-04-10..xls [2010/06/21 19:03:15 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\gms liferafts.doc [2010/06/21 06:31:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Current color.doc [2010/06/19 20:20:03 | 000,000,451 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Shortcut to Lotus on Viking Forcados (Forc).lnk [2010/06/19 20:03:01 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Lotus Notes.lnk [2010/06/19 20:00:31 | 000,000,995 | ---- | M] () -- C:\WINDOWS\System32\notespis.inf [2010/06/19 20:00:30 | 000,000,044 | ---- | M] () -- C:\WINDOWS\lotus.ini [2010/06/18 08:07:16 | 000,744,448 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\femi.doc [2010/06/17 10:31:28 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/06/16 03:41:45 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/15 15:06:42 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010/06/15 15:01:36 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010/06/14 15:30:32 | 001,446,565 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\delivery paper.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/09 20:07:47 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk [2010/08/09 19:53:52 | 000,000,659 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI [2010/08/09 19:53:28 | 000,000,168 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2010/08/09 19:52:45 | 000,000,019 | ---- | C] () -- C:\WINDOWS\hppsi_indexbase.dat [2010/08/09 19:52:06 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2010/08/09 19:51:31 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2010/08/09 19:51:31 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll [2010/08/09 19:51:11 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppLangChoice.ini [2010/08/09 19:48:36 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys [2010/08/08 11:44:41 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/08/08 11:44:41 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/08/07 23:15:42 | 018,751,488 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\ntuser.dat [2010/08/07 21:42:55 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\MSE Update Utility.lnk [2010/08/01 21:50:20 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\POB.lnk [2010/07/30 08:57:35 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Automatyczna konserwacja.job [2010/07/29 20:54:08 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010/07/29 12:13:50 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk [2010/07/28 09:14:56 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/07/27 15:28:58 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Local Settings [2010/07/27 15:28:58 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents [2010/07/27 15:28:58 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Start Menu [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Templates [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\PrintHood [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Gadu-Gadu [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Favorites [2010/07/27 15:28:58 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\UserData [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\WINDOWS [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\NetHood [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Cookies [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\SendTo [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Recent [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Citrix [2010/07/27 15:28:58 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\temp [2010/07/27 15:28:57 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data [2010/07/27 15:28:57 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.housecall6.6 [2010/07/27 15:28:57 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.thumbnails [2010/07/27 15:28:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\New Folder.lnk [2010/07/27 15:28:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Passwords.lnk [2010/07/27 15:28:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Documents.lnk [2010/07/27 15:28:57 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Pictures.lnk [2010/07/27 15:28:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Video.lnk [2010/07/27 15:28:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Music.lnk [2010/07/27 15:28:57 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.. [2010/07/27 15:28:57 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\. [2010/07/27 00:50:02 | 000,003,758 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\FDC9456D-1E39-4363-850A-D67DFECC1351.txt [2010/07/26 16:31:16 | 000,003,758 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\FDC9456D-1E39-4363-850A-D67DFECC1351.txt [2010/07/24 02:15:35 | 006,297,520 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\091116_Leo_HTC_Russian_UM.pdf [2010/07/12 09:52:01 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Worker onb-transfer.xls [2010/07/08 10:46:21 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Ocean going logo.doc [2010/06/28 06:50:16 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Safety Template.doc [2010/06/26 07:20:49 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\crew declaratn 2.xls [2010/06/25 09:40:34 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\crew declaration.xls [2010/06/21 19:03:15 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\gms liferafts.doc [2010/06/21 06:31:37 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Current color.doc [2010/06/19 20:03:01 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Lotus Notes.lnk [2010/06/19 19:50:09 | 000,000,451 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Shortcut to Lotus on Viking Forcados (Forc).lnk [2010/06/18 08:07:16 | 000,744,448 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\femi.doc [2010/06/14 15:30:26 | 001,446,565 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\delivery paper.pdf [2010/06/03 23:59:18 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll [2010/06/03 23:59:11 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini [2010/04/25 17:49:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swsystem.dll [2010/04/09 19:45:05 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/09 19:45:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/04/09 19:44:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/04/09 19:44:51 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/04/09 19:44:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/01/25 15:51:57 | 000,000,091 | ---- | C] () -- C:\WINDOWS\hrconfig.ini [2009/10/16 07:07:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/06/13 10:34:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI [2009/02/02 16:57:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\USERTK.INI [2008/12/19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/17 19:22:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/12/11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/11/04 08:30:27 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/08/06 18:03:54 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\see32.dll [2008/07/13 15:51:23 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\winxdpr3.dll [2008/07/03 17:05:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\geotrans2.INI [2008/05/16 18:36:57 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/12/22 17:18:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll [2007/12/22 17:18:04 | 000,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini [2007/12/22 17:18:04 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini [2007/12/01 17:52:18 | 000,000,391 | R--- | C] () -- C:\WINDOWS\hpw1000k.ini [2007/12/01 17:49:16 | 000,016,954 | ---- | C] () -- C:\WINDOWS\hpbj1000.ini [2007/10/07 20:31:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2007/08/25 17:48:18 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys [2007/08/22 15:24:25 | 000,000,222 | ---- | C] () -- C:\WINDOWS\VOGEL.INI [2007/04/11 01:54:09 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2007/02/19 15:12:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll [2006/11/11 08:31:44 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini [2006/10/16 19:12:58 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\HOTFLDR.DLL [2006/10/11 09:05:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI [2006/07/29 17:14:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2006/07/25 20:47:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2006/07/25 20:47:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI [2006/07/25 12:29:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll [2006/07/25 12:29:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [2006/05/26 01:57:16 | 000,000,096 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI [2006/04/21 17:00:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2006/02/03 07:45:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/01/21 17:51:53 | 000,042,379 | ---- | C] () -- C:\WINDOWS\convfac.ini [2006/01/21 17:51:53 | 000,014,775 | ---- | C] () -- C:\WINDOWS\convit.ini [2006/01/02 15:18:58 | 000,000,928 | ---- | C] () -- C:\WINDOWS\tmmaster.INI [2006/01/02 15:18:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\infotech.ini [2006/01/02 15:18:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2006/01/02 15:18:29 | 000,000,042 | ---- | C] () -- C:\WINDOWS\tmfull.ini [2006/01/02 15:18:27 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll [2005/12/12 14:05:42 | 000,026,784 | ---- | C] () -- C:\WINDOWS\uflfinra.dll [2005/12/12 14:05:42 | 000,024,592 | ---- | C] () -- C:\WINDOWS\uflsamp1.dll [2005/12/12 14:05:42 | 000,022,704 | ---- | C] () -- C:\WINDOWS\uflbar.dll [2005/12/12 14:05:42 | 000,018,240 | ---- | C] () -- C:\WINDOWS\ufldts.dll [2005/12/12 14:05:42 | 000,014,400 | ---- | C] () -- C:\WINDOWS\uf5dts.dll [2005/12/12 14:05:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\RETSAMMT.DLL [2005/12/08 15:21:10 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI [2005/12/06 22:41:17 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2005/12/03 15:27:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2005/12/02 19:20:13 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll [2005/12/02 19:17:07 | 000,001,156 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/12/02 19:17:06 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2005/12/02 19:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2005/12/02 19:06:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lotus.ini [2005/11/28 12:32:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/11/28 08:40:00 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/11/25 16:02:39 | 000,014,336 | R--- | C] () -- C:\WINDOWS\SIVI64.sys [2005/11/25 16:02:39 | 000,009,728 | R--- | C] () -- C:\WINDOWS\SIVX64.sys [2005/11/25 16:02:39 | 000,008,576 | R--- | C] () -- C:\WINDOWS\SIVX32.sys [2005/11/25 16:02:39 | 000,007,810 | R--- | C] () -- C:\WINDOWS\SIVNT4.sys [2005/11/25 16:02:39 | 000,003,904 | R--- | C] () -- C:\WINDOWS\GWIOPM.SYS [2005/11/25 16:02:30 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\SIVX32.SYS [2005/11/25 16:00:24 | 000,000,750 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/10/21 15:05:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\hrdir.ini [2005/04/12 15:53:10 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll [2005/03/28 16:14:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2004/10/03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/04/27 01:29:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [color=#E56717]========== LOP Check ==========[/color] [2010/07/29 09:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2007/08/23 01:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcaBit [2009/03/27 13:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CherSoft [2010/07/29 20:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2005/12/28 10:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2010/04/17 19:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2006/10/11 09:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2008/09/29 02:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit [2009/03/16 04:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2008/09/29 02:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/07/30 01:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2008/05/09 03:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/10/11 09:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2010/07/30 01:58:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009/08/29 21:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Auslogics [2008/04/17 12:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\CherSoft [2010/07/29 21:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\DAEMON Tools Lite [2007/11/09 04:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\EuroTalk [2010/07/15 03:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Feedreader [2009/01/29 18:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Gadu-Gadu [2008/04/19 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\gtk-2.0 [2008/01/24 04:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\ICAClient [2010/07/29 22:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\ImgBurn [2007/10/07 20:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\InterTrust [2007/08/25 03:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\KeySafe [2010/04/28 22:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\MSA [2007/02/22 11:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\MSNInstaller [2008/05/19 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Opera [2009/02/25 09:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Password Solutions [2009/08/03 21:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\STA [2008/03/10 11:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\TeamViewer [2010/07/30 01:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\TuneUp Software [2008/05/09 02:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Viewpoint [2006/10/11 09:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Zeon [2009/07/12 10:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\STA [2009/07/12 09:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\STA [2010/08/06 09:00:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Automatyczna konserwacja.job [2010/08/04 23:21:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\Defraggler Volume C Task.job [2010/08/09 22:43:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010/08/09 22:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/08/09 18:28:49 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/12/04 17:51:57 | 000,000,081 | ---- | M] () -- C:\CTX.DAT [2000/12/13 10:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE [2007/04/11 01:54:14 | 000,001,119 | ---- | M] () -- C:\INSTALL.LOG [2005/11/25 15:56:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/08/09 20:01:36 | 000,000,000 | ---- | M] () -- C:\Log.txt [2009/05/05 02:34:26 | 000,007,572 | ---- | M] () -- C:\mksbasel.cpp.log [2005/11/25 15:56:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/10/03 16:54:57 | 000,250,048 | -HS- | M] () -- C:\ntldr [2010/08/09 22:43:19 | 1997,537,280 | -HS- | M] () -- C:\pagefile.sys [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004/08/04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2004/08/04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/04 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/04 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010/05/29 19:28:13 | 000,038,400 | ---- | M] ()(C:\Documents and Settings\Bridge.EID90\My Documents\??????? SIA SB PLUSS.doc) -- C:\Documents and Settings\Bridge.EID90\My Documents\Магазин SIA SB PLUSS.doc [2010/05/29 19:28:12 | 000,038,400 | ---- | C] ()(C:\Documents and Settings\Bridge.EID90\My Documents\??????? SIA SB PLUSS.doc) -- C:\Documents and Settings\Bridge.EID90\My Documents\Магазин SIA SB PLUSS.doc [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bridge.EID90\Desktop\tmMaster.exe:SummaryInformation @Alternate Data Stream - 5157 bytes -> C:\Documents and Settings\Bridge.EID90\(l:§'dn€ @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1 < End of report > [/log]
Sohei komentarz 10 sierpnia 2010 komentarz 10 sierpnia 2010 [code]:Processes Explorer.exe :OTL :files C:\WINDOWS\System32\jmcierk.dll :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :services xcpnsabr SONYPVU1 :Commands [emptytemp] [start explorer] [Reboot][/code] Wklejasz to do OTL w białe okienko i klikasz run fix.Potem nowy log z OTL + GMER 1
klimek1313 komentarz 10 sierpnia 2010 Autor komentarz 10 sierpnia 2010 tylko OTL, gmer po 3 h sie zawiesil totalnie: [log] OTL logfile created on: 10/08/2010 12:30:00 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 1905 1905 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 49.50 Gb Free Space | 66.42% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 48.83 Gb Total Space | 32.76 Gb Free Space | 67.10% Space Free | Partition Type: NTFS Drive J: | 48.83 Gb Total Space | 32.76 Gb Free Space | 67.10% Space Free | Partition Type: NTFS Computer Name: BRIDGEPC_FORC Current User Name: Bridge Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/08/10 05:04:57 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/07/29 11:51:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System\OTL.exe PRC - [2010/06/15 15:05:58 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010/06/15 15:04:28 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009/11/27 08:43:12 | 000,608,256 | ---- | M] (Haseeb Ahmed) -- C:\Program Files\MSE Update Utility\MSE Update Utility.exe PRC - [2009/09/13 19:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/07/12 10:21:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Seagull\STA33\DbamSQLAgent.exe PRC - [2009/07/02 18:36:52 | 000,203,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe PRC - [2009/07/02 18:36:52 | 000,203,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe PRC - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009/02/05 23:56:14 | 000,117,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/10/20 15:00:46 | 000,329,216 | ---- | M] (UK Hydrographic Office and Chersoft Ltd) -- C:\Program Files\Common Files\CherSoft\TTService\TTService.exe PRC - [2008/05/06 10:09:26 | 000,020,480 | ---- | M] () -- C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/04 23:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2007/01/04 23:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2001/10/24 08:25:58 | 000,212,992 | ---- | M] () -- C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/07/29 11:51:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bridge.EID90\Desktop\Bridge\1st Off\Tomek\priv\System\OTL.exe MOD - [2008/04/14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - File not found [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe -- (ArcaBit.Core.Configurator) SRV - [2010/07/30 01:59:40 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010/06/15 15:04:28 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/06/15 15:01:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009/07/12 10:21:20 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Seagull\STA33\DbamSQLAgent.exe -- (Sta.Dbam.SqlAgent$SEAGULL2005) Sta Dbam SqlAgent (SEAGULL2005) SRV - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SEAGULL2005) SQL Server (SEAGULL2005) SRV - [2009/02/05 23:56:14 | 000,117,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/10/20 15:00:46 | 000,329,216 | ---- | M] (UK Hydrographic Office and Chersoft Ltd) [Auto | Running] -- C:\Program Files\Common Files\CherSoft\TTService\TTService.exe -- (TTService) SRV - [2008/05/06 10:09:26 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Seagull\STA33\Sta.Importer.Service.exe -- (Sta.Importer.Service) SRV - [2007/01/04 23:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- D:\UXDCMN.SYS -- (UXDCMN) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SMCWPCIT.sys -- (SMCWPCIT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2010/07/29 20:54:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/02/25 12:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009/06/18 19:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009/02/05 23:55:12 | 000,031,704 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv) DRV - [2008/12/06 20:01:20 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/01/23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn) DRV - [2007/02/28 08:38:22 | 000,091,008 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm) DRV - [2006/02/20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) DRV - [2006/02/20 18:59:27 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM) DRV - [2005/10/18 13:15:42 | 004,034,048 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/09/24 12:10:24 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SIVX32.SYS -- (SIVDRIVER) DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/04/21 17:51:00 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5) DRV - [2000/09/09 17:20:26 | 000,047,328 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\HP DesignJet 500PS\Program\Par1284.sys -- (Par1284) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/09 19:04:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/10 05:05:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 12:04:44 | 000,000,000 | ---D | M] [2010/08/08 11:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Extensions [2010/05/03 04:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/08/08 14:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions [2010/08/08 12:07:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/08 14:34:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Bridge.EID90\Application Data\Mozilla\Firefox\Profiles\xzyv9j9u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/08/08 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/12/17 08:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org [2010/08/10 05:05:05 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010/08/10 05:05:05 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010/08/10 05:05:05 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010/08/10 05:05:05 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010/08/10 05:05:05 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010/08/10 05:05:05 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010/08/07 23:10:23 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe (Zenographics) O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppcfg.exe () O4 - HKLM..\Run: [MSE Update Utility] C:\Program Files\MSE Update Utility\MSE Update Utility.exe (Haseeb Ahmed) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-545701781-3224946616-1018453507-1121\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - Reg Error: Key error. File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EID90.FORC O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop Components:0 () - http://by127fd.bay127.hotmail.msn.com/cgi-bin/getmsg?&msg=CD22971B-211B-4F7B-8337-C01DBE49780C&start=0&len=615942&curmbox=00000000-0000-0000-0000-000000000001&a=a148a9eb7def75ab0fc6023ae685cf1f74dff6f533ad256dbc488df2f2fc9bad&mimepart=9 O24 - Desktop Components:1 () - http://by127fd.bay127.hotmail.msn.com/cgi-bin/getmsg?&msg=CD22971B-211B-4F7B-8337-C01DBE49780C&start=0&len=615942&curmbox=00000000-0000-0000-0000-000000000001&a=a148a9eb7def75ab0fc6023ae685cf1f74dff6f533ad256dbc488df2f2fc9bad&mimepart=14 O24 - Desktop Components:2 () - http://www.skipsfarts-forum.net/download.php?action=img&iid=18457 O24 - Desktop Components:3 () - file:///C:/DOCUME~1/BRIDGE~1.EID/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg O24 - Desktop Components:4 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/08/01 16:24:48 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: xcpnsabr - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found MsConfig - Services: "DefWatch" MsConfig - Services: "Symantec AntiVirus" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe - (Adobe Systems Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\PROGRA~1\MICROS~2\Office\OSA9.EXE - File not found MsConfig - StartUpFolder: C:^Documents and Settings^Bridge.EID90^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\PROGRA~1\LimeWire\LimeWire.exe - File not found MsConfig - StartUpReg: [b]5DR8ZAD8GX[/b] - hkey= - key= - C:\DOCUME~1\BRIDGE~1.EID\LOCALS~1\Temp\Fgj.exe File not found MsConfig - StartUpReg: [b]beuunog[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\beuunog.exe File not found MsConfig - StartUpReg: [b]ccApp[/b] - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found MsConfig - StartUpReg: [b]DS Clock[/b] - hkey= - key= - C:\Program Files\DS Clock\DSClock.exe File not found MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: [b]igfxpers[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]igfxtray[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]jcvex[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\jcvex.exe File not found MsConfig - StartUpReg: [b]KernelFaultCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]laedu[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\laedu.exe File not found MsConfig - StartUpReg: [b]Messenger (Yahoo!)[/b] - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]PDF3 Registry Controller[/b] - hkey= - key= - C:\Program Files\ScanSoft\PDF Professional 3.0\RegistryController.exe (ScanSoft, Inc.) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found MsConfig - StartUpReg: [b]roapu[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\roapu.exe File not found MsConfig - StartUpReg: [b]SSBkgdUpdate[/b] - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]swg[/b] - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found MsConfig - StartUpReg: [b]Synchronization Manager[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]TkBellExe[/b] - hkey= - key= - C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe File not found MsConfig - StartUpReg: [b]toeeqi[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\toeeqi.exe File not found MsConfig - StartUpReg: [b]tuook[/b] - hkey= - key= - C:\Documents and Settings\Bridge.EID90\tuook.exe File not found MsConfig - StartUpReg: [b]vptray[/b] - hkey= - key= - C:\PROGRA~1\SYMANT~1\VPTray.exe File not found MsConfig - StartUpReg: [b]zzzHPSETUP[/b] - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010/08/10 12:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010/08/10 11:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\My Documents\My Albums [2010/08/10 02:25:10 | 000,900,388 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\hpflash1.exe [2010/08/10 02:25:10 | 000,630,784 | ---- | C] (Zenographics) -- C:\WINDOWS\apptune.exe [2010/08/10 02:25:10 | 000,073,728 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\ZSHP1000.dll [2010/08/10 02:25:10 | 000,036,864 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\zstatus.exe [2010/08/10 02:25:09 | 000,212,992 | R--- | C] (Zenographics) -- C:\WINDOWS\System32\VSETUP.DLL [2010/08/10 02:25:09 | 000,135,168 | R--- | C] (Zenographics) -- C:\WINDOWS\System32\ZUNINST.EXE [2010/08/10 02:25:09 | 000,086,016 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.DLL [2010/08/10 02:25:09 | 000,086,016 | ---- | C] (Zenographics) -- C:\WINDOWS\System32\zlmhp1.dll [2010/08/10 02:25:09 | 000,054,784 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zPJL.dll [2010/08/10 02:25:09 | 000,049,152 | R--- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZLANG.DLL [2010/08/10 02:25:09 | 000,045,056 | R--- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZPP.DLL [2010/08/10 02:25:09 | 000,028,672 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zlm.dll [2010/08/10 02:25:09 | 000,023,552 | R--- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZGDI32.DLL [2010/08/10 02:25:09 | 000,019,456 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG32.DLL [2010/08/10 02:25:09 | 000,012,288 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\IMF32.DLL [2010/08/10 02:25:08 | 000,036,864 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zpppcl.dll [2010/08/09 20:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\Malwarebytes [2010/08/09 20:16:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/08/09 20:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/08/09 20:16:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/08/09 20:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/08/09 19:52:53 | 000,000,000 | ---D | C] -- C:\My Documents [2010/08/09 19:51:24 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\roboex32.dll [2010/08/09 19:48:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/08/08 22:25:28 | 000,000,000 | ---D | C] -- C:\_OTL [2010/08/08 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\My Documents\Pobieranie [2010/08/07 14:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\Haseeb_Ahmed [2010/08/07 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSE Update Utility [2010/08/06 11:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/08/05 13:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\DoctorWeb [2010/08/05 00:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities [2010/08/02 10:37:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bridge.EID90\UserData [2010/08/01 16:24:48 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010/07/31 21:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Skype [2010/07/30 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Connection [2010/07/30 01:59:43 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010/07/30 01:59:42 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010/07/30 01:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\TuneUp Software [2010/07/30 01:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010 [2010/07/30 01:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010/07/30 01:58:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/07/29 22:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\ImgBurn [2010/07/29 21:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2010/07/29 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images [2010/07/29 20:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\DAEMON Tools Lite [2010/07/29 20:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010/07/29 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/07/29 14:48:44 | 000,000,000 | ---D | C] -- C:\rsit [2010/07/29 09:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/07/29 09:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/07/27 05:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/07/27 05:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/07/26 16:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/26 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/07/18 22:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Moffsoft Calculator 2 [2010/07/15 03:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Application Data\Feedreader [2010/07/15 03:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\FeedReader30 [2010/07/12 16:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\HSE docs [2010/07/09 19:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\VF OM [2010/07/04 21:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\Riser Inspection [2010/06/29 13:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\Rigging and Lifting Equipment Certs [2010/06/28 07:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\My Documents\HSE REPORTS [2010/06/27 23:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Leksykonia [2010/06/19 20:00:05 | 000,000,000 | ---D | C] -- C:\Lotus [2010/06/19 17:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bridge.EID90\Desktop\JOB LIST TO BE DONE DURING SHIPYARD [2006/01/02 15:18:27 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll [2004/11/24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010/08/10 12:25:41 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/10 12:25:40 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/08/10 12:25:39 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/08/10 12:25:39 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/08/10 12:24:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/10 12:24:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/10 12:24:40 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/10 12:23:43 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2010/08/10 12:23:32 | 018,751,488 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\ntuser.dat [2010/08/10 12:23:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bridge.EID90\ntuser.ini [2010/08/10 12:22:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/08/10 12:21:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader 9.lnk [2010/08/10 12:20:03 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/08/10 12:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010/08/10 11:28:58 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/10 03:56:28 | 000,073,072 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/08/10 02:54:54 | 000,343,552 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\2 shift Muster list _ Rest Hours 2010.xls [2010/08/10 01:37:21 | 000,000,164 | ---- | M] () -- C:\WINDOWS\infotech.ini [2010/08/09 19:54:09 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk [2010/08/09 19:53:53 | 000,001,416 | ---- | M] () -- C:\WINDOWS\win.ini [2010/08/09 19:53:53 | 000,000,659 | ---- | M] () -- C:\WINDOWS\FMTMSAM.INI [2010/08/09 19:53:35 | 000,000,168 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2010/08/09 19:48:36 | 000,000,608 | -HS- | M] () -- C:\WINDOWS\System32\winzvprt5.sys [2010/08/09 18:28:49 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010/08/09 18:28:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/08/08 23:35:46 | 000,616,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/08 23:35:46 | 000,507,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/08 23:35:46 | 000,097,566 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/08/08 11:44:41 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/08/08 11:44:41 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/08/07 23:10:23 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/08/07 21:42:55 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\MSE Update Utility.lnk [2010/08/06 11:52:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/08/06 09:00:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Automatyczna konserwacja.job [2010/08/04 23:21:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job [2010/08/01 21:50:20 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\POB.lnk [2010/07/29 20:54:08 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010/07/29 12:13:50 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk [2010/07/28 22:16:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Start Menu.lnk [2010/07/28 22:16:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Templates.lnk [2010/07/28 22:16:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\UserData.lnk [2010/07/28 22:16:28 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\WINDOWS.lnk [2010/07/28 22:16:28 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\temp.lnk [2010/07/28 22:16:27 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Local Settings.lnk [2010/07/28 22:16:27 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\PrintHood.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Gadu-Gadu.lnk [2010/07/28 22:16:27 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Favorites.lnk [2010/07/28 22:16:27 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\NetHood.lnk [2010/07/28 22:16:27 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop.lnk [2010/07/28 22:16:27 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\SendTo.lnk [2010/07/28 22:16:27 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Recent.lnk [2010/07/28 22:16:26 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Application Data.lnk [2010/07/28 22:16:26 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\.housecall6.6.lnk [2010/07/28 22:16:26 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\.thumbnails.lnk [2010/07/28 22:16:26 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Cookies.lnk [2010/07/28 22:16:26 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Citrix.lnk [2010/07/28 22:16:26 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Video.lnk [2010/07/28 22:16:26 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Music.lnk [2010/07/28 22:16:26 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\...lnk [2010/07/28 22:16:26 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\..lnk [2010/07/28 22:16:25 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\New Folder.lnk [2010/07/28 22:16:25 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Passwords.lnk [2010/07/28 22:16:25 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Documents.lnk [2010/07/28 22:16:25 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Pictures.lnk [2010/07/26 01:40:10 | 000,076,190 | ---- | M] () -- C:\WINDOWS\hpgins07.dat [2010/07/24 02:18:31 | 006,297,520 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\091116_Leo_HTC_Russian_UM.pdf [2010/07/20 02:09:40 | 000,374,272 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Muster list _ Rest Hours 2010.xls [2010/07/12 11:12:30 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Worker onb-transfer.xls [2010/07/08 10:46:21 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Ocean going logo.doc [2010/07/01 12:12:57 | 000,000,029 | ---- | M] () -- C:\WINDOWS\hrdir.ini [2010/06/28 08:10:08 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Safety Template.doc [2010/06/26 07:20:49 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\crew declaratn 2.xls [2010/06/25 16:31:58 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\crew declaration.xls [2010/06/23 09:37:43 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\personnel Data 4 SPM.29-04-10..xls [2010/06/21 19:03:15 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\gms liferafts.doc [2010/06/21 06:31:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Current color.doc [2010/06/19 20:20:03 | 000,000,451 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Shortcut to Lotus on Viking Forcados (Forc).lnk [2010/06/19 20:03:01 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Lotus Notes.lnk [2010/06/19 20:00:31 | 000,000,995 | ---- | M] () -- C:\WINDOWS\System32\notespis.inf [2010/06/19 20:00:30 | 000,000,044 | ---- | M] () -- C:\WINDOWS\lotus.ini [2010/06/18 08:07:16 | 000,744,448 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\femi.doc [2010/06/17 10:31:28 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/06/15 15:06:42 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010/06/15 15:01:36 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010/06/14 15:30:32 | 001,446,565 | ---- | M] () -- C:\Documents and Settings\Bridge.EID90\My Documents\delivery paper.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/10 12:21:48 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader 9.lnk [2010/08/10 02:25:14 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll [2010/08/10 02:25:11 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini [2010/08/10 02:25:10 | 000,007,287 | ---- | C] () -- C:\WINDOWS\System32\ZShp1000.hlp [2010/08/09 20:07:47 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk [2010/08/09 19:53:52 | 000,000,659 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI [2010/08/09 19:53:28 | 000,000,168 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2010/08/09 19:52:45 | 000,000,019 | ---- | C] () -- C:\WINDOWS\hppsi_indexbase.dat [2010/08/09 19:52:06 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2010/08/09 19:51:31 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2010/08/09 19:51:31 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll [2010/08/09 19:51:11 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppLangChoice.ini [2010/08/09 19:48:36 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys [2010/08/08 11:44:41 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/08/08 11:44:41 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/08/07 23:15:42 | 018,751,488 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\ntuser.dat [2010/08/07 21:42:55 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\MSE Update Utility.lnk [2010/08/01 21:50:20 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\POB.lnk [2010/07/30 08:57:35 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Automatyczna konserwacja.job [2010/07/29 20:54:08 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010/07/29 12:13:50 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk [2010/07/28 09:14:56 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-545701781-3224946616-1018453507-1121.job [2010/07/27 15:28:58 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Local Settings [2010/07/27 15:28:58 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents [2010/07/27 15:28:58 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Start Menu [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Templates [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\PrintHood [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Gadu-Gadu [2010/07/27 15:28:58 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Favorites [2010/07/27 15:28:58 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\UserData [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\WINDOWS [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\NetHood [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop [2010/07/27 15:28:58 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Cookies [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\SendTo [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Recent [2010/07/27 15:28:58 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Citrix [2010/07/27 15:28:58 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\temp [2010/07/27 15:28:57 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Application Data [2010/07/27 15:28:57 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.housecall6.6 [2010/07/27 15:28:57 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.thumbnails [2010/07/27 15:28:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\New Folder.lnk [2010/07/27 15:28:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Passwords.lnk [2010/07/27 15:28:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Documents.lnk [2010/07/27 15:28:57 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Pictures.lnk [2010/07/27 15:28:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Video.lnk [2010/07/27 15:28:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Music.lnk [2010/07/27 15:28:57 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\.. [2010/07/27 15:28:57 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\. [2010/07/27 00:50:02 | 000,003,758 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\FDC9456D-1E39-4363-850A-D67DFECC1351.txt [2010/07/26 16:31:16 | 000,003,758 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Local Settings\Application Data\FDC9456D-1E39-4363-850A-D67DFECC1351.txt [2010/07/24 02:15:35 | 006,297,520 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\091116_Leo_HTC_Russian_UM.pdf [2010/07/12 09:52:01 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Worker onb-transfer.xls [2010/07/08 10:46:21 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Ocean going logo.doc [2010/06/28 06:50:16 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Safety Template.doc [2010/06/26 07:20:49 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\crew declaratn 2.xls [2010/06/25 09:40:34 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\crew declaration.xls [2010/06/21 19:03:15 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\gms liferafts.doc [2010/06/21 06:31:37 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\Current color.doc [2010/06/19 20:03:01 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Lotus Notes.lnk [2010/06/19 19:50:09 | 000,000,451 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\Desktop\Shortcut to Lotus on Viking Forcados (Forc).lnk [2010/06/18 08:07:16 | 000,744,448 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\femi.doc [2010/06/14 15:30:26 | 001,446,565 | ---- | C] () -- C:\Documents and Settings\Bridge.EID90\My Documents\delivery paper.pdf [2010/04/25 17:49:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swsystem.dll [2010/04/09 19:45:05 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/09 19:45:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/04/09 19:44:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/04/09 19:44:51 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/04/09 19:44:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/01/25 15:51:57 | 000,000,091 | ---- | C] () -- C:\WINDOWS\hrconfig.ini [2009/10/16 07:07:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/06/13 10:34:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI [2009/02/02 16:57:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\USERTK.INI [2008/12/19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/17 19:22:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/12/11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/11/04 08:30:27 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/08/06 18:03:54 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\see32.dll [2008/07/13 15:51:23 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\winxdpr3.dll [2008/07/03 17:05:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\geotrans2.INI [2008/05/16 18:36:57 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/12/22 17:18:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll [2007/12/22 17:18:04 | 000,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini [2007/12/22 17:18:04 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini [2007/12/01 17:52:18 | 000,000,391 | R--- | C] () -- C:\WINDOWS\hpw1000k.ini [2007/12/01 17:49:16 | 000,016,954 | ---- | C] () -- C:\WINDOWS\hpbj1000.ini [2007/10/07 20:31:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2007/08/25 17:48:18 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys [2007/08/22 15:24:25 | 000,000,222 | ---- | C] () -- C:\WINDOWS\VOGEL.INI [2007/04/11 01:54:09 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2007/02/19 15:12:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll [2006/11/11 08:31:44 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini [2006/10/16 19:12:58 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\HOTFLDR.DLL [2006/10/11 09:05:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI [2006/07/29 17:14:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2006/07/25 20:47:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2006/07/25 20:47:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI [2006/07/25 12:29:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll [2006/07/25 12:29:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [2006/05/26 01:57:16 | 000,000,096 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI [2006/04/21 17:00:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2006/02/03 07:45:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/01/21 17:51:53 | 000,042,379 | ---- | C] () -- C:\WINDOWS\convfac.ini [2006/01/21 17:51:53 | 000,014,775 | ---- | C] () -- C:\WINDOWS\convit.ini [2006/01/02 15:18:58 | 000,000,928 | ---- | C] () -- C:\WINDOWS\tmmaster.INI [2006/01/02 15:18:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\infotech.ini [2006/01/02 15:18:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2006/01/02 15:18:29 | 000,000,042 | ---- | C] () -- C:\WINDOWS\tmfull.ini [2006/01/02 15:18:27 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll [2005/12/12 14:05:42 | 000,026,784 | ---- | C] () -- C:\WINDOWS\uflfinra.dll [2005/12/12 14:05:42 | 000,024,592 | ---- | C] () -- C:\WINDOWS\uflsamp1.dll [2005/12/12 14:05:42 | 000,022,704 | ---- | C] () -- C:\WINDOWS\uflbar.dll [2005/12/12 14:05:42 | 000,018,240 | ---- | C] () -- C:\WINDOWS\ufldts.dll [2005/12/12 14:05:42 | 000,014,400 | ---- | C] () -- C:\WINDOWS\uf5dts.dll [2005/12/12 14:05:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\RETSAMMT.DLL [2005/12/08 15:21:10 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI [2005/12/06 22:41:17 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2005/12/03 15:27:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2005/12/02 19:20:13 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll [2005/12/02 19:17:07 | 000,001,156 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/12/02 19:17:06 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2005/12/02 19:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2005/12/02 19:06:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lotus.ini [2005/11/28 12:32:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/11/28 08:40:00 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/11/25 16:02:39 | 000,014,336 | R--- | C] () -- C:\WINDOWS\SIVI64.sys [2005/11/25 16:02:39 | 000,009,728 | R--- | C] () -- C:\WINDOWS\SIVX64.sys [2005/11/25 16:02:39 | 000,008,576 | R--- | C] () -- C:\WINDOWS\SIVX32.sys [2005/11/25 16:02:39 | 000,007,810 | R--- | C] () -- C:\WINDOWS\SIVNT4.sys [2005/11/25 16:02:39 | 000,003,904 | R--- | C] () -- C:\WINDOWS\GWIOPM.SYS [2005/11/25 16:02:30 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\SIVX32.SYS [2005/11/25 16:00:24 | 000,000,750 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/10/21 15:05:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\hrdir.ini [2005/04/12 15:53:10 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll [2005/03/28 16:14:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2004/10/03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/04/27 01:29:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [color=#E56717]========== LOP Check ==========[/color] [2010/07/29 09:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2007/08/23 01:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcaBit [2009/03/27 13:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CherSoft [2010/07/29 20:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2005/12/28 10:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2010/04/17 19:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2006/10/11 09:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2008/09/29 02:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit [2009/03/16 04:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2008/09/29 02:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/07/30 01:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2008/05/09 03:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/10/11 09:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2010/07/30 01:58:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009/08/29 21:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Auslogics [2008/04/17 12:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\CherSoft [2010/07/29 21:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\DAEMON Tools Lite [2007/11/09 04:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\EuroTalk [2010/07/15 03:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Feedreader [2009/01/29 18:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Gadu-Gadu [2008/04/19 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\gtk-2.0 [2008/01/24 04:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\ICAClient [2010/07/29 22:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\ImgBurn [2007/10/07 20:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\InterTrust [2007/08/25 03:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\KeySafe [2010/04/28 22:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\MSA [2007/02/22 11:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\MSNInstaller [2008/05/19 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Opera [2009/02/25 09:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Password Solutions [2009/08/03 21:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\STA [2008/03/10 11:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\TeamViewer [2010/07/30 01:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\TuneUp Software [2008/05/09 02:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Viewpoint [2006/10/11 09:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bridge.EID90\Application Data\Zeon [2009/07/12 10:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\STA [2009/07/12 09:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\STA [2010/08/06 09:00:01 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Automatyczna konserwacja.job [2010/08/04 23:21:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\Defraggler Volume C Task.job [2010/08/10 12:25:39 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010/08/10 12:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/08/09 18:28:49 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2005/11/25 15:56:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/12/04 17:51:57 | 000,000,081 | ---- | M] () -- C:\CTX.DAT [2000/12/13 10:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE [2007/04/11 01:54:14 | 000,001,119 | ---- | M] () -- C:\INSTALL.LOG [2005/11/25 15:56:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/08/09 20:01:36 | 000,000,000 | ---- | M] () -- C:\Log.txt [2009/05/05 02:34:26 | 000,007,572 | ---- | M] () -- C:\mksbasel.cpp.log [2005/11/25 15:56:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/10/03 16:54:57 | 000,250,048 | -HS- | M] () -- C:\ntldr [2010/08/10 12:24:34 | 1997,537,280 | -HS- | M] () -- C:\pagefile.sys [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004/08/04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2004/08/04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/10/03 16:49:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/04 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/04 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010/05/29 19:28:13 | 000,038,400 | ---- | M] ()(C:\Documents and Settings\Bridge.EID90\My Documents\??????? SIA SB PLUSS.doc) -- C:\Documents and Settings\Bridge.EID90\My Documents\Магазин SIA SB PLUSS.doc [2010/05/29 19:28:12 | 000,038,400 | ---- | C] ()(C:\Documents and Settings\Bridge.EID90\My Documents\??????? SIA SB PLUSS.doc) -- C:\Documents and Settings\Bridge.EID90\My Documents\Магазин SIA SB PLUSS.doc [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bridge.EID90\Desktop\tmMaster.exe:SummaryInformation @Alternate Data Stream - 5157 bytes -> C:\Documents and Settings\Bridge.EID90\(l:§'dn€ @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1 < End of report > [/log]
klimek1313 komentarz 10 sierpnia 2010 Autor komentarz 10 sierpnia 2010 tak, wydaje się, że wsio w porządku. zostaje tylko mały szczegół. ponieważ dzieje się to w robocie, kompy są spięte w siec, a na serwerze (tak nam się wydaje , bo nigdzie nie możemy znaleźć, a to byłoby najlogiczniejsze) jest sieciowy, wspólny dysk Common. tam nie widać żadnych folderów, tylko pliki. przed całą operacją te foldery były widziane jako Ukryte, lekko przezroczyste, ale można było wejść. teraz nic. nie widać folderów. opcja Pokaż ukryte pliki jest zaznaczona, również nie można było wcześniej zmienić atrybutów na Nie-ukryte (było szare podświetlenie). teraz widać tylko pliki, bez folderów... jak to ugryźć? wchodzimy na serwer, żeby stamtąd zmienić - nic, tam nie możemy znaleźć tego dysku Common, ani w Wyszukaj żadnych plików z Common... tak jakby to nie był dysk na serwerze... nie mam pojęcia o topologii sieci z serwerem, amba totalna.. od czego zacząć? odpada pomoc ITfirmy - nie ma takowej. (co gorsza ta sama sytuacja jest teraz u mnie na zewnętrznym twardzielu - 100GB zajęte, a nic nie widać)
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.