annmegmonn utworzono 22 lipca 2011 utworzono 22 lipca 2011 Witam, proszę o pomoc która wiąże się z usunięciem wirusów. Otóż laptop nie działa poprawnie, po ściągnięciu gry z torrentów doczepił się trojan. Wykrył go Avast. Niestety trojan bardzo się rozprzestrzenił i spowodował że nie działa już internet. Żadna przeglądarka nie wczytuje, bo pojawia się błąd. Wyczytałam gdzieś na forum, że trzeba przeskanować Malwarebytes anti malware i tak też zrobiłam. Przesyłam w załączniku Logi z laptopa. [url=http://www.wrzuc.to/3w2hbqg.wt]mbam-log-2011-07-22 (18-45-36).txt[/url]
wirusolog komentarz 22 lipca 2011 komentarz 22 lipca 2011 Mam nadzieje, że usunąleś to co znalazł MBAM... Daj log z OTL >>> http://www.forumpc.pl/index.php?showtopic=104338
annmegmonn komentarz 23 lipca 2011 Autor komentarz 23 lipca 2011 (edytowane) [quote name='wirusolog' timestamp='1311362381' post='1304600'] Mam nadzieje, że usunąleś to co znalazł MBAM... Daj log z OTL >>> http://www.forumpc.pl/index.php?showtopic=104338 [/quote] Dla pewności potwierdzam, że usunęłam pliki czy jakkolwiek się to zwie znalezione przez MBAM x) A oto logi: [u][b]1) OTL [/b][/u] <log> OTL logfile created on: 2011-07-23 03:05:53 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,93 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 58,64% Memory free 6,08 Gb Paging File | 4,91 Gb Available in Paging File | 80,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,96 Gb Total Space | 139,13 Gb Free Space | 62,68% Space Free | Partition Type: NTFS Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe PRC - [2010-11-05 02:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-10-29 13:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2010-08-25 18:45:44 | 000,136,216 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2010-08-25 18:45:42 | 000,266,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2010-08-25 18:45:40 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2010-08-25 18:45:36 | 000,171,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2010-08-17 15:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe PRC - [2009-11-18 15:13:18 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe PRC - [2009-11-18 03:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2009-11-18 03:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2009-11-18 03:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2009-11-17 19:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe PRC - [2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-05-19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009-04-22 16:25:20 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-22 16:10:23 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-03-03 04:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-02-26 13:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008-10-09 16:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PRC - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2008-09-24 02:21:52 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe PRC - [2008-09-15 16:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe PRC - [2008-08-02 01:14:02 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008-05-29 15:32:32 | 002,685,496 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe PRC - [2008-05-02 01:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2008-04-17 20:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2008-04-17 20:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2008-04-15 23:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2008-04-11 18:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2008-04-03 20:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe PRC - [2008-01-21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008-01-21 04:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2008-01-21 04:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2008-01-21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2008-01-21 04:24:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2008-01-21 04:24:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe PRC - [2008-01-21 04:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2008-01-21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2008-01-21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-10-18 01:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe PRC - [2007-09-26 16:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2006-11-02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe MOD - [2011-06-17 03:25:36 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll MOD - [2011-06-17 03:25:36 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll MOD - [2011-04-21 17:00:34 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2011-04-21 16:57:48 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2011-04-12 16:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-01-21 17:46:57 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2011-01-21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-12-20 17:39:14 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-08-31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll MOD - [2010-08-17 05:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll MOD - [2010-06-28 18:15:53 | 001,315,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-16 18:10:45 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-17 16:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 17:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-04-23 14:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-22 16:25:40 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-22 16:22:25 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-22 16:10:21 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-22 16:09:47 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-21 04:24:57 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-21 04:24:46 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2008-01-21 04:24:38 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2008-01-21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008-01-21 04:24:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2008-01-21 04:24:36 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2008-01-21 04:24:27 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2008-01-21 04:24:26 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2008-01-21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-21 04:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2008-01-21 04:24:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2008-01-21 04:24:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2008-01-21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2008-01-21 04:24:14 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2008-01-21 04:24:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2008-01-21 04:24:13 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2008-01-21 04:24:11 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2008-01-21 04:24:10 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2008-01-21 04:24:10 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2008-01-21 04:24:06 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2008-01-21 04:23:50 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2008-01-21 04:23:44 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2008-01-21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-21 04:23:42 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2008-01-21 04:23:27 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2010-10-12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS) SRV - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010-08-13 11:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15) DRV - [2010-08-13 11:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010-08-13 11:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010-08-13 11:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG) DRV - [2010-08-09 05:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86) DRV - [2010-07-29 05:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA) DRV - [2010-07-29 04:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP) DRV - [2010-07-29 04:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010-07-23 13:25:13 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-07-23 13:25:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-07-23 11:22:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-07-13 03:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS -- (SYMTDIv) DRV - [2010-06-27 06:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON) DRV - [2010-06-27 06:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86) DRV - [2010-06-13 12:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS) DRV - [2008-12-20 09:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-06-29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008-06-10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-06-05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007-10-18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-06-19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006-11-28 19:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50) DRV - [2006-11-28 19:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=91&bd=Pavilion&pf=cnnb IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=91&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - File not found IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51859 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT5V5&o=15793&locale=en_US&apn_uid=BEEE2D2B-7BDC-402F-8DDA-85483E8EC75C&apn_ptnrs=UP&apn_sauid=7499AC06-11E0-4806-9A67-973C65BD3D0A&apn_dtid=&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 51859 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-22 14:25:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011-07-22 14:23:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-24 22:40:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-02 20:30:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M] [2009-09-18 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions [2011-06-26 12:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions [2010-09-25 12:49:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-06-26 12:24:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com [2010-01-15 17:39:06 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com [2011-05-29 17:05:32 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\toolbar@ask.com [2011-07-23 02:41:58 | 000,002,559 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\askcom.xml [2010-04-23 21:08:32 | 000,001,827 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\bing.xml [2011-06-26 12:23:40 | 000,002,055 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\daemon-search.xml [2010-08-20 10:53:28 | 000,002,064 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\youtube-video-search.xml [2011-07-22 14:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-24 23:42:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-17 21:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011-07-22 14:25:38 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN [2011-06-24 22:40:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-02-17 20:59:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-06-02 20:29:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml Hosts file not found O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll () O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ORAHSSSessionManager] File not found O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [conhost] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe (VSD Software) O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [heueya] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [keioke] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [leameec] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [nwv69b] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [reouk] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant) O7 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{255188e3-9fd7-11e0-8b62-9b34c9a445bb}\Shell - "" = AutoRun O33 - MountPoints2\{255188e3-9fd7-11e0-8b62-9b34c9a445bb}\Shell\AutoRun\command - "" = F:\TRTauto.exe O33 - MountPoints2\{255188f0-9fd7-11e0-8b62-9b34c9a445bb}\Shell - "" = AutoRun O33 - MountPoints2\{255188f0-9fd7-11e0-8b62-9b34c9a445bb}\Shell\AutoRun\command - "" = G:\TRTauto.exe O33 - MountPoints2\{353808eb-b1ee-11e0-a237-d563b2da5dbe}\Shell - "" = AutoRun O33 - MountPoints2\{353808eb-b1ee-11e0-a237-d563b2da5dbe}\Shell\AutoRun\command - "" = H:\TRTauto.exe O33 - MountPoints2\{7f3cf48a-97d1-11df-b6af-e2c7be346a47}\Shell - "" = AutoRun O33 - MountPoints2\{7f3cf48a-97d1-11df-b6af-e2c7be346a47}\Shell\AutoRun\command - "" = I:\AUTORUN.EXE O33 - MountPoints2\{962d83bc-77c5-11df-a1c1-a18cdb995fb4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\zDjiX.Exe O33 - MountPoints2\{d14ead3b-9645-11df-bc07-8a1bee7c34b3}\Shell - "" = AutoRun O33 - MountPoints2\{d14ead3b-9645-11df-bc07-8a1bee7c34b3}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{d14ead42-9645-11df-bc07-8a1bee7c34b3}\Shell - "" = AutoRun O33 - MountPoints2\{d14ead42-9645-11df-bc07-8a1bee7c34b3}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-23 03:01:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2011-07-22 15:12:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes [2011-07-22 15:12:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-22 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-07-22 15:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-07-22 15:11:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-07-22 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-07-22 14:24:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011-07-22 14:23:42 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys [2011-07-22 14:23:42 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys [2011-07-22 14:23:42 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys [2011-07-22 14:23:42 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symtdiv.sys [2011-07-22 14:23:42 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys [2011-07-22 14:23:42 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys [2011-07-22 14:23:42 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys [2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025 [2011-07-22 14:23:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2011-07-22 14:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2011-07-22 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011-07-22 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security 2011 EN + trial reset - peb.pl-ks_93 [2011-07-22 14:14:59 | 000,000,000 | -HSD | C] -- C:\found.000 [2011-07-20 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\Documents\Ankh - The Lost Treasures [2011-07-20 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic [2011-07-20 14:21:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Color-Brush [2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Crown [2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Crown [2011-07-20 05:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011-07-18 11:16:04 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2011-07-18 11:16:04 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2011-07-18 11:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF [2011-07-18 11:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2011-07-18 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations [2011-07-15 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Nancy Drew [2011-07-15 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\directx [2011-06-28 21:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2011-06-25 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games [2010-08-25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-23 02:45:49 | 000,594,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-07-23 02:45:49 | 000,102,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-07-23 02:41:09 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011-07-23 02:39:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-07-23 02:39:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-07-23 02:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-07-23 02:38:58 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2011-07-22 15:12:04 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-22 14:25:31 | 002,184,938 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-22 14:24:13 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-22 14:24:13 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-22 14:23:55 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-22 14:07:33 | 000,007,052 | ---- | M] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat [2011-07-20 19:27:33 | 000,004,946 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\F443.637 [2011-07-20 11:03:55 | 292,026,452 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-07-20 06:26:54 | 000,000,104 | ---- | M] () -- C:\Users\Anna\Desktop\Recycle Bin.lnk [2011-07-20 05:00:40 | 000,000,000 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\chrtmp [2011-07-20 05:00:28 | 000,000,162 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat [2011-07-13 11:30:04 | 000,316,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-06-29 14:34:04 | 000,000,000 | ---- | M] () -- C:\Windows\Shadow.INI [2011-06-26 17:08:44 | 000,000,000 | ---- | M] () -- C:\Windows\Game.INI [2011-06-21 18:56:44 | 000,017,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2011-06-21 18:56:42 | 000,026,416 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2011-06-01 16:53:42 | 000,012,765 | ---- | M] () -- C:\Users\Anna\Documents\grecja.html [1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-22 15:12:03 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-22 14:24:21 | 002,184,938 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB [2011-07-22 14:24:14 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-22 14:24:14 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-22 14:23:55 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-22 14:23:30 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf [2011-07-22 14:23:30 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf [2011-07-22 14:23:30 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNetV.inf [2011-07-22 14:23:30 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf [2011-07-22 14:23:30 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf [2011-07-22 14:23:30 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf [2011-07-22 14:23:30 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf [2011-07-22 14:23:19 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\symnetv.cat [2011-07-22 14:23:19 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat [2011-07-22 14:23:19 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat [2011-07-22 14:23:19 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat [2011-07-22 14:23:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini [2011-07-20 06:26:54 | 000,000,104 | ---- | C] () -- C:\Users\Anna\Desktop\Recycle Bin.lnk [2011-07-20 05:00:40 | 000,000,000 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\chrtmp [2011-07-20 05:00:28 | 000,000,162 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat [2011-07-20 04:59:52 | 000,004,946 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\F443.637 [2011-07-18 11:15:58 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk [2011-06-29 14:34:04 | 000,000,000 | ---- | C] () -- C:\Windows\Shadow.INI [2011-06-26 17:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI [2011-06-02 20:30:23 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-06-01 16:53:42 | 000,012,765 | ---- | C] () -- C:\Users\Anna\Documents\grecja.html [2011-02-13 16:53:35 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2010-11-10 23:06:31 | 000,174,683 | ---- | C] () -- C:\Windows\hpoins45.dat [2010-11-06 15:09:43 | 000,000,000 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\wklnhst.dat [2010-08-25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010-08-25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010-08-25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010-08-25 17:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010-08-25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010-08-25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010-08-09 21:53:23 | 000,000,187 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010-08-06 22:51:00 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini [2010-07-24 23:46:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-07-23 13:25:13 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010-07-23 13:25:13 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010-07-22 18:52:11 | 000,314,368 | ---- | C] () -- C:\Windows\KSGDeInstall.exe [2010-04-24 16:28:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-04-24 16:28:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-04-24 16:28:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010-04-24 16:28:10 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-04-24 16:28:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010-04-23 18:13:52 | 000,007,052 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat [2010-02-05 08:43:26 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat [2009-12-05 16:35:30 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-12-04 16:37:12 | 000,035,840 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-18 20:42:23 | 000,000,413 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009-09-18 20:42:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009-09-18 14:51:47 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini [2009-09-17 17:11:34 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini [2009-09-17 17:11:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll [2009-09-17 17:11:31 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2009-09-17 17:11:31 | 000,088,064 | ---- | C] () -- C:\Windows\System32\idiom010227.dll [2009-09-17 17:11:30 | 000,099,092 | ---- | C] () -- C:\Windows\System32\bass.dll [2009-09-17 17:11:26 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL [2009-06-09 19:23:05 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009-04-22 16:10:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009-04-22 16:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008-07-06 22:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll [2008-07-06 22:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008-06-29 16:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,316,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,594,344 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,102,418 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-03-09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [color=#E56717]========== LOP Check ==========[/color] [2011-07-20 05:57:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\BitTorrent [2011-05-02 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Casual Mechanics [2011-07-20 06:27:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Crown [2010-07-23 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DAEMON Tools Lite [2011-07-18 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations [2010-08-09 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DrDietman2 [2009-09-04 16:13:33 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\FloodLightGames [2011-05-06 22:24:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Friday's games [2009-12-09 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\funkitron [2009-09-09 13:23:30 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Gamelab [2011-07-20 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic [2009-12-06 15:03:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Imagic403N [2010-01-30 00:21:55 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\iWin [2011-04-23 12:56:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Magic3 [2009-12-08 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\muvee Technologies [2011-07-17 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nitro PDF [2010-12-02 00:13:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Notepad++ [2009-10-18 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nowe Gadu-Gadu [2009-11-28 09:08:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenFM [2009-09-17 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Oxford [2011-05-05 00:34:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PeerNetworking [2009-09-16 11:06:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PlayFirst [2010-02-07 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SBTT [2009-09-25 03:08:34 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SPORE Creature Creator [2010-11-06 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Template [2011-07-20 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\uTorrent [2011-05-02 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\V-Games [2011-03-25 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VDownloader [2010-11-12 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VendelGAMES [2011-07-22 20:49:11 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008-01-21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-07-23 02:38:58 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys [2011-07-23 02:38:57 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys [2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2007-05-18 06:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2008-01-21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys [2008-01-21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C5AE4E07 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:488F7244 < End of report > </log> [b][u]2. Extras[/u][/b] <log> OTL Extras logfile created on: 2011-07-23 03:05:53 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,93 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 58,64% Memory free 6,08 Gb Paging File | 4,91 Gb Available in Paging File | 80,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,96 Gb Total Space | 139,13 Gb Free Space | 62,68% Space Free | Partition Type: NTFS Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{386DCE31-654E-472A-B9E6-101CC3476D72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{388029A1-F8F7-4A0F-93A3-4708E8BACF4E}" = rport=139 | protocol=6 | dir=out | app=system | "{3F0ABE11-660E-4FAF-89A8-C71269A670B4}" = rport=137 | protocol=17 | dir=out | app=system | "{4E25237A-0D54-4AB3-B083-2A16D3793EEA}" = lport=138 | protocol=17 | dir=in | app=system | "{5E729D74-1BF5-44A1-9BFB-28DEEA3F0626}" = rport=10243 | protocol=6 | dir=out | app=system | "{67A10C69-BFA5-4E52-9FB0-4EB4A63397C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6DE9F1EE-BCD5-4C5E-9885-E7BA858EFAC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7014ACAF-6577-48FA-B2CC-5792141BAC4F}" = lport=139 | protocol=6 | dir=in | app=system | "{7B014A4D-D52A-4D15-9E52-16BAFB98B516}" = lport=17001 | protocol=17 | dir=in | name=ko.kurnik.pl | "{9260E63B-2EBD-4ADD-A32C-80708AE1E79F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95831269-91D6-4D70-ACC9-164E6DCF5B85}" = lport=445 | protocol=6 | dir=in | app=system | "{99A77498-FACD-43D0-BA22-066EC5EF8F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B01A3A09-D112-45CF-AA71-F308D2D7AD4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B512A2D8-367B-4E2F-83C1-2C7D3FCBCC0C}" = lport=2869 | protocol=6 | dir=in | app=system | "{BBC78D0F-D7DD-4C93-A79A-231C20AA7529}" = lport=137 | protocol=17 | dir=in | app=system | "{CBF1E23F-6D33-413A-A525-C04984590FFD}" = rport=138 | protocol=17 | dir=out | app=system | "{D0EB1410-F9F1-4740-8707-06ECFA574AB1}" = lport=10243 | protocol=6 | dir=in | app=system | "{D686C1F6-B1D2-45AE-B998-3811FBDCD3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F119DCC0-ADC1-42ED-A6F6-97DC88E04FC1}" = lport=2869 | protocol=6 | dir=in | app=system | "{F6857440-7DA4-45E9-B5D0-E9197CFE449A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F9E32DEB-9208-4B4C-812D-2981AFF516EE}" = rport=445 | protocol=6 | dir=out | app=system | "{FBA6E6A9-DDBC-40AD-9FA2-3E50B3A92BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0C9D0D83-CABE-447B-A547-0490CEBCCFED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{10656DC8-778B-4CA5-B215-7E2A103BD2AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{10E99A8F-37A5-4B27-A3A1-6337D3602992}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{158ECF4E-52E6-4BD6-9B15-3A1033ED4BF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{21513197-96E2-4AC5-BAAF-50373B52FAEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2324828B-ED0F-4BD2-A7C4-B5AD534FDA57}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{3851096C-36DD-4835-9499-0C154EBF6AF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{399F70A6-311D-4EEA-8311-85DFADC7F5B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{3D491E2A-5057-4E8F-9D15-DE73E22E8F46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4189FAB8-890B-48FC-B300-28B0D12BF263}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{4B4B9515-500C-4C6F-A697-AC72624785E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4B87C204-8FF3-470B-B356-4BFE87153F8A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{50956512-86C8-4EFE-900E-33C8DC094593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{58AF6471-CAEC-4822-9EA3-B46A77303DE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{59713904-77D7-4711-83C5-3C43ABE510D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{5BE493D5-F19C-421E-B9C0-2705C81A1AC3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6939465A-FA8B-4737-9DB7-A3429B302E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{77F8EFC5-4C8A-41C0-82A5-E81C505121EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7CD4006B-374E-4052-B379-C4D7623A4A7F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{8077F54E-396B-412A-AF51-D721847374B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{86B0D20B-A9F3-4235-B637-E41061920648}" = protocol=6 | dir=out | app=system | "{8F08D2B7-2116-4F17-BABA-D01B795293F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{99F99351-1809-4D3D-852C-00E13A256640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AC1B5872-D4FB-489D-B5BB-59E29145E6B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{B8ED8B1D-42E2-41BA-ADF2-0F712F42FF1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8FE4E2F-1FFF-4129-8700-05B35A6E33BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C9DEC4E0-7510-42DF-97BE-1252049A8786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CD0BACCB-26E2-458A-8F2C-DC558A827955}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DBA43BB8-8528-4842-8C35-C73A0A286A0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC9B8ABB-C5AA-4F2B-92D8-EA37692D09BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{E63A7C88-F35D-4136-8781-EB38E7A9A539}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{E6A70BD9-E44D-45B7-B82C-DA8B7B4E52C6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{EC72D096-B027-4BFE-98B8-0C24900250D4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{EF57BBE4-C5B2-4C59-B33E-D968626128E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F533671D-3BC9-407D-B0C7-416FD18C5156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{F628E70F-D14B-4DCE-8C27-F1A918D540F3}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{FF8DDCD0-C18D-4888-BCBF-E164FD87EC2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{13A47A39-2C01-4604-8494-8AC628C6C582}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{1A7D5A70-4E78-4CE9-9AFF-F20B5F4D744D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{1E0857E6-56F2-47A3-9FFD-0FD1499D8978}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{CD44667E-F363-405E-9B70-058DCAFACBAD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "TCP Query User{D59BE3C9-0248-4617-9D29-A720BA51CAAA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{FAB7C0E5-32ED-44BF-9140-7060B5A287CD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{4B48EDDD-2652-4EAC-AA4B-AC40D6D50F9F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{59731E99-DA6F-41D2-9D8E-012D46F542B8}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{699BCB26-36F8-41AA-8CEA-9DB45F707B47}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{9E6C223B-D6C5-48B4-9209-9B0967E6C8EA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{A35553BA-AEC4-4FB4-ADBA-FF7AC7EB0F80}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{DC9C02FE-6B40-4A03-B9A5-2B5F82D2CD8C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0A50CB27-D2D5-4B7D-A001-30B1782A450B}" = DJ_AIO_06_K209a-z_SW_Min "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5A3ECDDA-562C-4281-BFE5-A4C8F32EACA3}" = K209a-z "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{6051912A-F7B8-445C-A99D-81AA4C118836}" = HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 "{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live "{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live "{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752 "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2 "{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Dzieńdobry!" = Dzieńdobry! "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0 "Larry 7" = Larry 7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US) "NIS" = Norton Internet Security "Notepad++" = Notepad++ "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "Organizer ucznia_is1" = Organizer ucznia v1.0 "Oxford Wordpower Genie" = Oxford Wordpower Genie "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Shop for HP Supplies" = Shop for HP Supplies "Slownik jezyka polskiego 3t" = Słownik języka polskiego PWN "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veoh Web Player Beta" = Veoh Web Player "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR "WTA-059fb0fd-b8d8-4443-9f2f-1ef716b6ac80" = Nancy Drew - Curse of Blackmoor Manor "WTA-0861cc54-ec49-4001-a4fd-21f471969c6e" = Natalie Brooks - Mystery at Hillcrest High "WTA-223e2a26-507b-41a8-86d7-b4cd0657f9cd" = Pizza Chef 2 "WTA-3df06af8-8ee8-476e-ac7c-796aad66da7f" = Nancy Drew Dossier - Lights, Camera, Curses "WTA-447aeb2b-886f-4f03-9af8-313f57cac62b" = Nancy Drew - The Phantom of Venice "WTA-5c1baa70-9736-45ba-9a68-594992602e97" = Jewelry Secret: Mystery Stones "WTA-6c40bcb4-2c92-4b4e-9fd1-467e7a2c02e3" = Lamp of Aladdin "WTA-716722e1-fc74-4410-a606-bca808f76b7a" = Magic Encyclopedia - Illusions "WTA-73ab29f6-8c46-4e63-aa14-067b3f991b31" = Ankh - The Lost Treasures "WTA-74a522d8-4237-4701-8ccd-af6af2b93896" = Farm Craft 2: Global Vegetable Crisis "WTA-87131e9b-2788-4ade-8202-5139abf9dfa8" = Guardians of Magic: Amanda's Awakening "WTA-a5b8a596-480d-4d62-a46e-981fd5914522" = Star Crossed Love "WTA-aeeb9eb2-a7a3-4302-ac80-a4fd79ddb165" = Royal Trouble "WTA-b33633d7-04bb-4e59-8ce9-a588f228b1cc" = BurgerTime Deluxe "WTA-c852c0f3-ac6b-4571-9c0b-30b68c6f008d" = Nancy Drew Dossier - Resorting to Danger! "WTA-cccbacc6-39a0-452e-ab7d-ab7a29f6c532" = Dream Inn: The Driftwood "WTA-cdf86317-d8b7-4840-b870-81b84a83b9f5" = Text Express 2 Deluxe "WTA-e1b5858f-56fd-4b45-b57e-a49c8d84ad6d" = Magic Encyclopedia - Moon Light "WTA-ff4f570d-41eb-4a16-8321-60c84451dbb4" = FunPark Beach Blast [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-07-20 06:55:38 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-20 14:27:39 | Computer Name = komputersiostra | Source = VSS | ID = 8194 Description = Error - 2011-07-20 14:28:05 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-20 14:28:05 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-21 15:29:52 | Computer Name = komputersiostra | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 744 Start Time: 01cc47d84d850769 Termination Time: 8658 Error - 2011-07-22 06:46:03 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-22 06:46:03 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-22 08:03:17 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-22 08:03:17 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-22 21:01:46 | Computer Name = komputersiostra | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.26.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: ea4 Start Time: 01cc48d1a17b4f45 Termination Time: 31 [ OSession Events ] Error - 2009-12-11 11:58:54 | Computer Name = komputersiostra | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2709 seconds with 2400 seconds of active time. This session ended with a crash. [ System Events ] Error - 2010-04-09 11:51:38 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026 Description = Error - 2010-04-09 16:00:18 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. Error - 2010-04-09 16:12:21 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524292 Description = Error loading virus definitions. Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524293 Description = Error loading Symantec real time Anti-Virus driver. Error - 2010-04-10 03:19:26 | Computer Name = komputersiostra | Source = HTTP | ID = 15016 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026 Description = Error - 2010-04-10 09:27:50 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. < End of report > </log> I dziękuję za zajęcie się tą skomplikowaną sprawą ) x)
wirusolog komentarz 23 lipca 2011 komentarz 23 lipca 2011 [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [conhost] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [heueya] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [keioke] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [leameec] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [nwv69b] File not found O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [reouk] File not found O4 - HKLM..\Run: [ORAHSSSessionManager] File not found O4 - HKLM..\Run: [] File not found @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C5AE4E07 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:488F7244 :Files C:\Users\Anna\AppData\Roaming\F443.637 C:\Windows\MEMORY.DMP C:\Users\Anna\Desktop\Recycle Bin.lnk C:\Users\Anna\AppData\Roaming\chrtmp C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat C:\Program Files\Common Files\WinPcapNmap.exe C:\Users\Anna\AppData\Roaming\wklnhst.dat C:\Windows\kit.ini :Commands [emptyflash] [resethosts] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] W aplecie panelu sterowania ([b]Dodaj lub usuń programy[/b]) do deinstalacji śmieć: [b]Ask Toolbar[/b] [b]3.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover[/url][/b][/color][/u] i wciśnij w nim [size=150][b]Clean[/b][/size] Pokaż raport z tego narzędzia. [b]4.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL + raport z usuwania. Czyli końcowo pokazujesz: [b][list] [*]Raport z usuwania OTL (po restarcie), [*]Raport z czyszczenia Ad-Remover'em, [*]Nowe logi z OTL. [/list][/b]
annmegmonn komentarz 23 lipca 2011 Autor komentarz 23 lipca 2011 [u][b][color="#8B0000"]1. Raport z usuwania OTL (po restarcie)[/color][/b][/u] All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\conhost not found. Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\heueya not found. Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\keioke not found. Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\leameec not found. Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nwv69b not found. Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\reouk not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ORAHSSSessionManager not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Unable to delete ADS C:\ProgramData\Temp:C5AE4E07 . Unable to delete ADS C:\ProgramData\Temp:488F7244 . ========== FILES ========== File\Folder C:\Users\Anna\AppData\Roaming\F443.637 not found. File\Folder C:\Windows\MEMORY.DMP not found. File\Folder C:\Users\Anna\Desktop\Recycle Bin.lnk not found. File\Folder C:\Users\Anna\AppData\Roaming\chrtmp not found. File\Folder C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat not found. File\Folder C:\Program Files\Common Files\WinPcapNmap.exe not found. File\Folder C:\Users\Anna\AppData\Roaming\wklnhst.dat not found. File\Folder C:\Windows\kit.ini not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Anna ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Anna ->Temp folder emptied: 4112624022 bytes ->Temporary Internet Files folder emptied: 80576325 bytes ->Java cache emptied: 1955709 bytes ->FireFox cache emptied: 110818355 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 76644107 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4 180,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07232011_122119 Files\Folders moved on Reboot... C:\Users\Anna\AppData\Local\Temp\ehmsas.txt moved successfully. Registry entries deleted on Reboot... [color="#8B0000"][u][b] 2. Raport z czyszczenia ad-removerem [/b][/u][/color] ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:33:52 on 23/07/2011, Normal boot Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Anna@KOMPUTERSIOSTRA (Hewlett-Packard HP G60 Notebook PC) ============== ACTION(S) ============== File deleted: C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\i5ksixjt.default\searchplugins\askcom.xml Folder deleted: C:\Users\Anna\AppData\LocalLow\AskToolbar Folder deleted: C:\Users\Anna\AppData\Local\OpenCandy Folder deleted: C:\Users\Anna\AppData\LocalLow\ShopperReports3 Folder deleted: C:\ProgramData\Trymedia (!) -- Temporary files deleted. -- File opened: C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\i5ksixjt.default\Prefs.js -- Line deleted: user_pref("browser.search.defaultengine", "Ask.com"); Line deleted: user_pref("browser.search.defaultenginename", "Ask.com"); Line deleted: user_pref("browser.search.order.1", "Ask.com"); Line deleted: user_pref("browser.search.selectedEngine", "Ask.com"); Line deleted: user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{BBDA0591-3099-... Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprintin... -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} Key deleted: HKLM\Software\Classes\AppID\{3EBC05B0-0F38-4912-ADCC-E37B58372712} Key deleted: HKLM\Software\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key deleted: HKLM\Software\Classes\AppID\{EE5E2FD6-07B5-41A5-AD55-1D5C26833D4B} Key deleted: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699} Key deleted: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71} Key deleted: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A} Key deleted: HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2} Key deleted: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6} Key deleted: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5} Key deleted: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A} Key deleted: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D} Key deleted: HKLM\Software\Trymedia Systems Key deleted: HKCU\Software\AppDataLow\Software\Hotbar Key deleted: HKCU\Software\AppDataLow\Software\ShopperReports3 Key deleted: HKLM\Software\VDownloader\OpenCandy Key deleted: HKLM\Software\Classes\Installer\Products\875483692A6C6CE429DC6BA206170304 Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\875483692A6C6CE429DC6BA206170304 Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0 (en-US)] **** HKLM_MozillaPlugins\@soe.sony.com/installer,version=1.0.3 (x) HKLM_MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 (x) HKLM_MozillaPlugins\NitroPDF (x) Searchplugins\amazondotcom.xml (hxxp://www.amazon.com/exec/obidos/external-search/) Searchplugins\answers.xml (hxxp://www.answers.com/main/ntquery) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Searchplugins\creativecommons.xml (hxxp://search.creativecommons.org/) Searchplugins\eBay.xml (hxxp://rover.ebay.com/rover/1/711-47294-18009-3/4) Searchplugins\wikipedia.xml (hxxp://en.wikipedia.org/wiki/Special:Search) Components\browsercomps.dll (Mozilla Foundation) Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension for Firefox ) HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 -- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\i5ksixjt.default -- Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar) Searchplugins\youtube-video-search.xml (?) Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 ======================================== **** Internet Explorer Version [7.0.6001.18000] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Livebox\SearchURLHook\SearchPageURL.dll) (x) HKCU_Toolbar\WebBrowser|{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} (x) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) (x) HKLM_Toolbar|{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} (x) HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) (x) HKCU_ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} - C:\Program Files\WildTangent Games\App\BrowserIntegration\wtapp_ProtocolHandler.exe (WildTangent, Inc.) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Pomocnik rejestracji usługi Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{C08DF07A-3E49-4E25-9AB0-D3882835F153} - "QUICKfind BHO Object" (C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 15 File(s) C:\Program Files\Ad-Remover\Backup: 16 File(s) C:\Ad-Report-CLEAN[1].txt - 23/07/2011 12:34:05 (7391 Byte(s)) End at: 12:35:35, 23/07/2011 ============== E.O.F ============== [color="#2F4F4F"][u][b]3. Nowe logi z OTL (wkleiłam ten sam tekst w skrypcie jak podczas operacji "WYKONAJ SKRYPT") i właśnie nie wiem czy dobrze? czy miałam może w skrypcie napisać przypadkiem ten sam tekst, co na samym początku, gdy tworzyłam pierwszy log przy Twoim pierwszym poście? bo jakby coś to zrobię poprawkę.. [/b][/u][/color] [u][b]LOG OTL [/b][/u] <log> OTL logfile created on: 2011-07-23 12:43:18 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,93 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,90% Memory free 6,06 Gb Paging File | 4,91 Gb Available in Paging File | 80,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,96 Gb Total Space | 143,03 Gb Free Space | 64,44% Space Free | Partition Type: NTFS Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Drive F: | 14,56 Mb Total Space | 10,63 Mb Free Space | 72,96% Space Free | Partition Type: FAT Drive K: | 1,86 Gb Total Space | 0,96 Gb Free Space | 51,67% Space Free | Partition Type: FAT Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe PRC - [2010-11-05 02:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-10-29 13:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2010-08-25 18:45:44 | 000,136,216 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2010-08-25 18:45:42 | 000,266,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2010-08-25 18:45:40 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2010-08-25 18:45:36 | 000,171,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2010-08-17 15:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe PRC - [2009-11-18 15:13:18 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe PRC - [2009-11-18 03:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2009-11-18 03:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2009-11-18 03:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2009-11-17 19:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe PRC - [2009-07-26 14:44:28 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe PRC - [2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-05-19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009-04-22 16:25:20 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-22 16:10:23 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-22 16:10:23 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe PRC - [2009-04-22 16:10:22 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe PRC - [2009-03-03 04:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-02-26 13:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008-10-09 16:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe PRC - [2008-10-09 16:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PRC - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2008-09-24 02:21:52 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe PRC - [2008-09-15 16:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe PRC - [2008-08-02 01:14:02 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2008-06-12 11:38:00 | 000,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008-05-29 15:32:32 | 002,685,496 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe PRC - [2008-05-02 01:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2008-04-17 20:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2008-04-17 20:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2008-04-15 23:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2008-04-11 18:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2008-04-03 20:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe PRC - [2008-01-21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008-01-21 04:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2008-01-21 04:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2008-01-21 04:24:59 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2008-01-21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2008-01-21 04:24:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2008-01-21 04:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2008-01-21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2008-01-21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-10-18 01:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe PRC - [2007-09-26 16:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2006-11-02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe MOD - [2011-06-17 03:25:36 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll MOD - [2011-06-17 03:25:36 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll MOD - [2011-04-21 17:00:34 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2011-04-21 16:57:48 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2011-04-12 16:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-01-21 17:46:57 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2011-01-21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-12-20 17:39:14 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-08-31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll MOD - [2010-08-17 05:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll MOD - [2010-06-28 18:15:53 | 001,315,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-16 18:10:45 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-17 16:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 17:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-04-23 14:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-22 16:25:40 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-22 16:22:25 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-22 16:10:21 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-22 16:09:47 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-21 04:24:57 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-21 04:24:46 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2008-01-21 04:24:38 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2008-01-21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008-01-21 04:24:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2008-01-21 04:24:36 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2008-01-21 04:24:27 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2008-01-21 04:24:26 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2008-01-21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-21 04:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2008-01-21 04:24:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2008-01-21 04:24:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2008-01-21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2008-01-21 04:24:14 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2008-01-21 04:24:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2008-01-21 04:24:13 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2008-01-21 04:24:11 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2008-01-21 04:24:10 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2008-01-21 04:24:10 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2008-01-21 04:24:06 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2008-01-21 04:23:50 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2008-01-21 04:23:44 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2008-01-21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-21 04:23:42 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2008-01-21 04:23:27 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2010-10-12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS) SRV - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010-08-13 11:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15) DRV - [2010-08-13 11:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010-08-13 11:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010-08-13 11:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG) DRV - [2010-08-09 05:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86) DRV - [2010-07-29 05:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA) DRV - [2010-07-29 04:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP) DRV - [2010-07-29 04:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010-07-23 13:25:13 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-07-23 13:25:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-07-23 11:22:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-07-13 03:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS -- (SYMTDIv) DRV - [2010-06-27 06:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON) DRV - [2010-06-27 06:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86) DRV - [2010-06-13 12:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS) DRV - [2008-12-20 09:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-06-29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008-06-10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-06-05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007-10-18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-06-19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006-11-28 19:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50) DRV - [2006-11-28 19:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - File not found IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51859 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 51859 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-22 14:25:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011-07-22 14:23:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-24 22:40:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-02 20:30:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M] [2009-09-18 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions [2011-07-23 12:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions [2010-09-25 12:49:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-06-26 12:24:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com [2010-01-15 17:39:06 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com [2010-04-23 21:08:32 | 000,001,827 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\bing.xml [2011-06-26 12:23:40 | 000,002,055 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\daemon-search.xml [2010-08-20 10:53:28 | 000,002,064 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\youtube-video-search.xml [2011-07-22 14:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-24 23:42:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-17 21:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-06-24 22:40:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-02-17 20:59:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-06-02 20:29:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2011-07-23 12:21:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll () O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe (VSD Software) O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant) O7 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-02-22 02:02:40 | 000,000,136 | RHS- | M] () - K:\AUTORUN.FCB -- [ FAT ] O33 - MountPoints2\{255188e3-9fd7-11e0-8b62-9b34c9a445bb}\Shell - "" = AutoRun O33 - MountPoints2\{255188e3-9fd7-11e0-8b62-9b34c9a445bb}\Shell\AutoRun\command - "" = F:\TRTauto.exe O33 - MountPoints2\{255188f0-9fd7-11e0-8b62-9b34c9a445bb}\Shell - "" = AutoRun O33 - MountPoints2\{255188f0-9fd7-11e0-8b62-9b34c9a445bb}\Shell\AutoRun\command - "" = G:\TRTauto.exe O33 - MountPoints2\{353808eb-b1ee-11e0-a237-d563b2da5dbe}\Shell - "" = AutoRun O33 - MountPoints2\{353808eb-b1ee-11e0-a237-d563b2da5dbe}\Shell\AutoRun\command - "" = H:\TRTauto.exe O33 - MountPoints2\{7f3cf48a-97d1-11df-b6af-e2c7be346a47}\Shell - "" = AutoRun O33 - MountPoints2\{7f3cf48a-97d1-11df-b6af-e2c7be346a47}\Shell\AutoRun\command - "" = I:\AUTORUN.EXE O33 - MountPoints2\{962d83bc-77c5-11df-a1c1-a18cdb995fb4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\zDjiX.Exe O33 - MountPoints2\{d14ead3b-9645-11df-bc07-8a1bee7c34b3}\Shell - "" = AutoRun O33 - MountPoints2\{d14ead3b-9645-11df-bc07-8a1bee7c34b3}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{d14ead42-9645-11df-bc07-8a1bee7c34b3}\Shell - "" = AutoRun O33 - MountPoints2\{d14ead42-9645-11df-bc07-8a1bee7c34b3}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-23 12:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-07-23 12:30:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-07-23 12:11:49 | 000,000,000 | ---D | C] -- C:\_OTL [2011-07-23 03:01:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2011-07-22 15:12:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes [2011-07-22 15:12:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-22 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-07-22 15:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-07-22 15:11:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-07-22 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-07-22 14:24:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011-07-22 14:23:42 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys [2011-07-22 14:23:42 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys [2011-07-22 14:23:42 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys [2011-07-22 14:23:42 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symtdiv.sys [2011-07-22 14:23:42 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys [2011-07-22 14:23:42 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys [2011-07-22 14:23:42 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys [2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025 [2011-07-22 14:23:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2011-07-22 14:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2011-07-22 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011-07-22 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security 2011 EN + trial reset - peb.pl-ks_93 [2011-07-22 14:14:59 | 000,000,000 | -HSD | C] -- C:\found.000 [2011-07-20 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\Documents\Ankh - The Lost Treasures [2011-07-20 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic [2011-07-20 14:21:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Color-Brush [2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Crown [2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Crown [2011-07-20 05:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011-07-18 11:16:04 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2011-07-18 11:16:04 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2011-07-18 11:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF [2011-07-18 11:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2011-07-18 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations [2011-07-15 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Nancy Drew [2011-07-15 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\directx [2011-06-25 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games [2010-08-25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-23 12:39:44 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011-07-23 12:38:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-07-23 12:38:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-07-23 12:38:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-07-23 12:38:32 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys [2011-07-23 12:33:51 | 000,001,636 | ---- | M] () -- C:\Users\Anna\Desktop\AD-R.lnk [2011-07-23 12:21:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011-07-23 02:45:49 | 000,594,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-07-23 02:45:49 | 000,102,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2011-07-22 15:12:04 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-22 14:25:31 | 002,184,938 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-22 14:24:13 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-22 14:24:13 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-22 14:23:55 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-22 14:07:33 | 000,007,052 | ---- | M] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat [2011-07-13 11:30:04 | 000,316,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-06-29 14:34:04 | 000,000,000 | ---- | M] () -- C:\Windows\Shadow.INI [2011-06-26 17:08:44 | 000,000,000 | ---- | M] () -- C:\Windows\Game.INI [2011-06-21 18:56:44 | 000,017,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2011-06-21 18:56:42 | 000,026,416 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2011-06-01 16:53:42 | 000,012,765 | ---- | M] () -- C:\Users\Anna\Documents\grecja.html [1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-23 12:33:50 | 000,001,636 | ---- | C] () -- C:\Users\Anna\Desktop\AD-R.lnk [2011-07-22 15:12:03 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-22 14:24:21 | 002,184,938 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB [2011-07-22 14:24:14 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-22 14:24:14 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-22 14:23:55 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-22 14:23:30 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf [2011-07-22 14:23:30 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf [2011-07-22 14:23:30 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNetV.inf [2011-07-22 14:23:30 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf [2011-07-22 14:23:30 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf [2011-07-22 14:23:30 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf [2011-07-22 14:23:30 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf [2011-07-22 14:23:19 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\symnetv.cat [2011-07-22 14:23:19 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat [2011-07-22 14:23:19 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat [2011-07-22 14:23:19 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat [2011-07-22 14:23:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini [2011-07-18 11:15:58 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk [2011-06-29 14:34:04 | 000,000,000 | ---- | C] () -- C:\Windows\Shadow.INI [2011-06-26 17:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI [2011-06-02 20:30:23 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-06-01 16:53:42 | 000,012,765 | ---- | C] () -- C:\Users\Anna\Documents\grecja.html [2010-11-10 23:06:31 | 000,174,683 | ---- | C] () -- C:\Windows\hpoins45.dat [2010-08-25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010-08-25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010-08-25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010-08-25 17:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010-08-25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010-08-25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010-08-09 21:53:23 | 000,000,187 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010-07-24 23:46:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-07-23 13:25:13 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010-07-23 13:25:13 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010-07-22 18:52:11 | 000,314,368 | ---- | C] () -- C:\Windows\KSGDeInstall.exe [2010-04-24 16:28:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-04-24 16:28:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-04-24 16:28:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010-04-24 16:28:10 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-04-24 16:28:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010-04-23 18:13:52 | 000,007,052 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat [2010-02-05 08:43:26 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat [2009-12-05 16:35:30 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-12-04 16:37:12 | 000,035,840 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-18 20:42:23 | 000,000,413 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009-09-18 20:42:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009-09-18 14:51:47 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini [2009-09-17 17:11:34 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini [2009-09-17 17:11:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll [2009-09-17 17:11:31 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2009-09-17 17:11:31 | 000,088,064 | ---- | C] () -- C:\Windows\System32\idiom010227.dll [2009-09-17 17:11:30 | 000,099,092 | ---- | C] () -- C:\Windows\System32\bass.dll [2009-09-17 17:11:26 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL [2009-06-09 19:23:05 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009-04-22 16:10:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009-04-22 16:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008-07-06 22:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll [2008-07-06 22:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008-06-29 16:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,316,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,594,344 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,102,418 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-03-09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [color=#E56717]========== LOP Check ==========[/color] [2011-07-20 05:57:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\BitTorrent [2011-05-02 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Casual Mechanics [2011-07-20 06:27:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Crown [2010-07-23 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DAEMON Tools Lite [2011-07-18 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations [2010-08-09 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DrDietman2 [2009-09-04 16:13:33 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\FloodLightGames [2011-05-06 22:24:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Friday's games [2009-12-09 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\funkitron [2009-09-09 13:23:30 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Gamelab [2011-07-20 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic [2009-12-06 15:03:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Imagic403N [2010-01-30 00:21:55 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\iWin [2011-04-23 12:56:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Magic3 [2009-12-08 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\muvee Technologies [2011-07-17 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nitro PDF [2010-12-02 00:13:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Notepad++ [2009-10-18 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nowe Gadu-Gadu [2009-11-28 09:08:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenFM [2009-09-17 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Oxford [2011-05-05 00:34:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PeerNetworking [2009-09-16 11:06:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PlayFirst [2010-02-07 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SBTT [2009-09-25 03:08:34 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SPORE Creature Creator [2010-11-06 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Template [2011-07-20 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\uTorrent [2011-05-02 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\V-Games [2011-03-25 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VDownloader [2010-11-12 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VendelGAMES [2011-07-23 12:37:30 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< :OTL >[/color] [color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [conhost] File not found >[/color] [color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [heueya] File not found >[/color] [color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [keioke] File not found >[/color] [color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [leameec] File not found >[/color] [color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [nwv69b] File not found >[/color] [color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [reouk] File not found >[/color] [color=#A23BEC]< O4 - HKLM..\Run: [ORAHSSSessionManager] File not found >[/color] [color=#A23BEC]< O4 - HKLM..\Run: [] File not found >[/color] [color=#A23BEC]< @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C5AE4E07 >[/color] [color=#A23BEC]< @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:488F7244 >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< :Files >[/color] [color=#A23BEC]< C:\Users\Anna\AppData\Roaming\F443.637 >[/color] [color=#A23BEC]< C:\Windows\MEMORY.DMP >[/color] [color=#A23BEC]< C:\Users\Anna\Desktop\Recycle Bin.lnk >[/color] [color=#A23BEC]< C:\Users\Anna\AppData\Roaming\chrtmp >[/color] [color=#A23BEC]< C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat >[/color] [color=#A23BEC]< C:\Program Files\Common Files\WinPcapNmap.exe >[/color] [color=#A23BEC]< C:\Users\Anna\AppData\Roaming\wklnhst.dat >[/color] [color=#A23BEC]< C:\Windows\kit.ini >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< :Commands >[/color] [color=#A23BEC]< [emptyflash] >[/color] [color=#A23BEC]< [resethosts] >[/color] [color=#A23BEC]< [emptytemp] >[/color] < End of report > </log> [b][u]EXTRAS[/u][/b] <log> OTL Extras logfile created on: 2011-07-23 12:43:18 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,93 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,90% Memory free 6,06 Gb Paging File | 4,91 Gb Available in Paging File | 80,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,96 Gb Total Space | 143,03 Gb Free Space | 64,44% Space Free | Partition Type: NTFS Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Drive F: | 14,56 Mb Total Space | 10,63 Mb Free Space | 72,96% Space Free | Partition Type: FAT Drive K: | 1,86 Gb Total Space | 0,96 Gb Free Space | 51,67% Space Free | Partition Type: FAT Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{386DCE31-654E-472A-B9E6-101CC3476D72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{388029A1-F8F7-4A0F-93A3-4708E8BACF4E}" = rport=139 | protocol=6 | dir=out | app=system | "{3F0ABE11-660E-4FAF-89A8-C71269A670B4}" = rport=137 | protocol=17 | dir=out | app=system | "{4E25237A-0D54-4AB3-B083-2A16D3793EEA}" = lport=138 | protocol=17 | dir=in | app=system | "{5E729D74-1BF5-44A1-9BFB-28DEEA3F0626}" = rport=10243 | protocol=6 | dir=out | app=system | "{67A10C69-BFA5-4E52-9FB0-4EB4A63397C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6DE9F1EE-BCD5-4C5E-9885-E7BA858EFAC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7014ACAF-6577-48FA-B2CC-5792141BAC4F}" = lport=139 | protocol=6 | dir=in | app=system | "{7B014A4D-D52A-4D15-9E52-16BAFB98B516}" = lport=17001 | protocol=17 | dir=in | name=ko.kurnik.pl | "{9260E63B-2EBD-4ADD-A32C-80708AE1E79F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95831269-91D6-4D70-ACC9-164E6DCF5B85}" = lport=445 | protocol=6 | dir=in | app=system | "{99A77498-FACD-43D0-BA22-066EC5EF8F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B01A3A09-D112-45CF-AA71-F308D2D7AD4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B512A2D8-367B-4E2F-83C1-2C7D3FCBCC0C}" = lport=2869 | protocol=6 | dir=in | app=system | "{BBC78D0F-D7DD-4C93-A79A-231C20AA7529}" = lport=137 | protocol=17 | dir=in | app=system | "{CBF1E23F-6D33-413A-A525-C04984590FFD}" = rport=138 | protocol=17 | dir=out | app=system | "{D0EB1410-F9F1-4740-8707-06ECFA574AB1}" = lport=10243 | protocol=6 | dir=in | app=system | "{D686C1F6-B1D2-45AE-B998-3811FBDCD3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F119DCC0-ADC1-42ED-A6F6-97DC88E04FC1}" = lport=2869 | protocol=6 | dir=in | app=system | "{F6857440-7DA4-45E9-B5D0-E9197CFE449A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F9E32DEB-9208-4B4C-812D-2981AFF516EE}" = rport=445 | protocol=6 | dir=out | app=system | "{FBA6E6A9-DDBC-40AD-9FA2-3E50B3A92BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0C9D0D83-CABE-447B-A547-0490CEBCCFED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{10656DC8-778B-4CA5-B215-7E2A103BD2AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{10E99A8F-37A5-4B27-A3A1-6337D3602992}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{158ECF4E-52E6-4BD6-9B15-3A1033ED4BF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{21513197-96E2-4AC5-BAAF-50373B52FAEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2324828B-ED0F-4BD2-A7C4-B5AD534FDA57}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{3851096C-36DD-4835-9499-0C154EBF6AF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{399F70A6-311D-4EEA-8311-85DFADC7F5B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{3D491E2A-5057-4E8F-9D15-DE73E22E8F46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4189FAB8-890B-48FC-B300-28B0D12BF263}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{4B4B9515-500C-4C6F-A697-AC72624785E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4B87C204-8FF3-470B-B356-4BFE87153F8A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{50956512-86C8-4EFE-900E-33C8DC094593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{58AF6471-CAEC-4822-9EA3-B46A77303DE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{59713904-77D7-4711-83C5-3C43ABE510D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{5BE493D5-F19C-421E-B9C0-2705C81A1AC3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6939465A-FA8B-4737-9DB7-A3429B302E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{77F8EFC5-4C8A-41C0-82A5-E81C505121EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7CD4006B-374E-4052-B379-C4D7623A4A7F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{8077F54E-396B-412A-AF51-D721847374B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{86B0D20B-A9F3-4235-B637-E41061920648}" = protocol=6 | dir=out | app=system | "{8F08D2B7-2116-4F17-BABA-D01B795293F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{99F99351-1809-4D3D-852C-00E13A256640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AC1B5872-D4FB-489D-B5BB-59E29145E6B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{B8ED8B1D-42E2-41BA-ADF2-0F712F42FF1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8FE4E2F-1FFF-4129-8700-05B35A6E33BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C9DEC4E0-7510-42DF-97BE-1252049A8786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CD0BACCB-26E2-458A-8F2C-DC558A827955}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DBA43BB8-8528-4842-8C35-C73A0A286A0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC9B8ABB-C5AA-4F2B-92D8-EA37692D09BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{E63A7C88-F35D-4136-8781-EB38E7A9A539}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{E6A70BD9-E44D-45B7-B82C-DA8B7B4E52C6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{EC72D096-B027-4BFE-98B8-0C24900250D4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{EF57BBE4-C5B2-4C59-B33E-D968626128E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F533671D-3BC9-407D-B0C7-416FD18C5156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{F628E70F-D14B-4DCE-8C27-F1A918D540F3}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{FF8DDCD0-C18D-4888-BCBF-E164FD87EC2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{13A47A39-2C01-4604-8494-8AC628C6C582}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{1A7D5A70-4E78-4CE9-9AFF-F20B5F4D744D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{1E0857E6-56F2-47A3-9FFD-0FD1499D8978}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{CD44667E-F363-405E-9B70-058DCAFACBAD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "TCP Query User{D59BE3C9-0248-4617-9D29-A720BA51CAAA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{FAB7C0E5-32ED-44BF-9140-7060B5A287CD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{4B48EDDD-2652-4EAC-AA4B-AC40D6D50F9F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{59731E99-DA6F-41D2-9D8E-012D46F542B8}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{699BCB26-36F8-41AA-8CEA-9DB45F707B47}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{9E6C223B-D6C5-48B4-9209-9B0967E6C8EA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{A35553BA-AEC4-4FB4-ADBA-FF7AC7EB0F80}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{DC9C02FE-6B40-4A03-B9A5-2B5F82D2CD8C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0A50CB27-D2D5-4B7D-A001-30B1782A450B}" = DJ_AIO_06_K209a-z_SW_Min "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5A3ECDDA-562C-4281-BFE5-A4C8F32EACA3}" = K209a-z "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{6051912A-F7B8-445C-A99D-81AA4C118836}" = HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 "{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live "{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live "{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752 "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2 "{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ad-Remover" = Ad-Remover par C_XX "ALLPlayer_is1" = ALLPlayer V4.X "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Dzieńdobry!" = Dzieńdobry! "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0 "Larry 7" = Larry 7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US) "NIS" = Norton Internet Security "Notepad++" = Notepad++ "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "Organizer ucznia_is1" = Organizer ucznia v1.0 "Oxford Wordpower Genie" = Oxford Wordpower Genie "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Shop for HP Supplies" = Shop for HP Supplies "Slownik jezyka polskiego 3t" = Słownik języka polskiego PWN "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veoh Web Player Beta" = Veoh Web Player "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR "WTA-059fb0fd-b8d8-4443-9f2f-1ef716b6ac80" = Nancy Drew - Curse of Blackmoor Manor "WTA-0861cc54-ec49-4001-a4fd-21f471969c6e" = Natalie Brooks - Mystery at Hillcrest High "WTA-223e2a26-507b-41a8-86d7-b4cd0657f9cd" = Pizza Chef 2 "WTA-3df06af8-8ee8-476e-ac7c-796aad66da7f" = Nancy Drew Dossier - Lights, Camera, Curses "WTA-447aeb2b-886f-4f03-9af8-313f57cac62b" = Nancy Drew - The Phantom of Venice "WTA-5c1baa70-9736-45ba-9a68-594992602e97" = Jewelry Secret: Mystery Stones "WTA-6c40bcb4-2c92-4b4e-9fd1-467e7a2c02e3" = Lamp of Aladdin "WTA-716722e1-fc74-4410-a606-bca808f76b7a" = Magic Encyclopedia - Illusions "WTA-73ab29f6-8c46-4e63-aa14-067b3f991b31" = Ankh - The Lost Treasures "WTA-74a522d8-4237-4701-8ccd-af6af2b93896" = Farm Craft 2: Global Vegetable Crisis "WTA-87131e9b-2788-4ade-8202-5139abf9dfa8" = Guardians of Magic: Amanda's Awakening "WTA-a5b8a596-480d-4d62-a46e-981fd5914522" = Star Crossed Love "WTA-aeeb9eb2-a7a3-4302-ac80-a4fd79ddb165" = Royal Trouble "WTA-b33633d7-04bb-4e59-8ce9-a588f228b1cc" = BurgerTime Deluxe "WTA-c852c0f3-ac6b-4571-9c0b-30b68c6f008d" = Nancy Drew Dossier - Resorting to Danger! "WTA-cccbacc6-39a0-452e-ab7d-ab7a29f6c532" = Dream Inn: The Driftwood "WTA-cdf86317-d8b7-4840-b870-81b84a83b9f5" = Text Express 2 Deluxe "WTA-e1b5858f-56fd-4b45-b57e-a49c8d84ad6d" = Magic Encyclopedia - Moon Light "WTA-ff4f570d-41eb-4a16-8321-60c84451dbb4" = FunPark Beach Blast [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-07-21 15:29:52 | Computer Name = komputersiostra | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 744 Start Time: 01cc47d84d850769 Termination Time: 8658 Error - 2011-07-22 06:46:03 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-22 06:46:03 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-22 08:03:17 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-22 08:03:17 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-22 21:01:46 | Computer Name = komputersiostra | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.26.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: ea4 Start Time: 01cc48d1a17b4f45 Termination Time: 31 Error - 2011-07-23 06:29:35 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-23 06:29:35 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-23 06:30:31 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-23 06:30:31 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = [ OSession Events ] Error - 2009-12-11 11:58:54 | Computer Name = komputersiostra | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2709 seconds with 2400 seconds of active time. This session ended with a crash. [ System Events ] Error - 2010-04-09 11:51:38 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026 Description = Error - 2010-04-09 16:00:18 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. Error - 2010-04-09 16:12:21 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524292 Description = Error loading virus definitions. Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524293 Description = Error loading Symantec real time Anti-Virus driver. Error - 2010-04-10 03:19:26 | Computer Name = komputersiostra | Source = HTTP | ID = 15016 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026 Description = Error - 2010-04-10 09:27:50 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. < End of report > </log> To by było na tyle
wirusolog komentarz 23 lipca 2011 komentarz 23 lipca 2011 [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found [2011-06-26 12:24:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com [2010-01-15 17:39:06 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - File not found :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2] [/code] Kliknij w [b]Wykonaj Skrypt[/b]. Tym razem restartu nie będzie a pojawi się po chwili notatnik - wklej mi jego zawartość.
annmegmonn komentarz 24 lipca 2011 Autor komentarz 24 lipca 2011 (edytowane) ========== OTL ========== Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com\chrome\content folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\skin folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\locale\en-US folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\locale folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\defaults\preferences folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\defaults folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\content folder moved successfully. C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{08C06D61-F1F3-4799-86F8-BE1A89362C85} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}\ deleted successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ deleted successfully. OTL by OldTimer - Version 3.2.26.1 log created on 07242011_173803
wirusolog komentarz 25 lipca 2011 komentarz 25 lipca 2011 (edytowane) Wszystko zostało pomyślnie usunięte. [hr] [b]1.[/b] Uruchom OTL i wciśnij [b]Sprzątanie[/b]. [b]2.[/b] Uruchom Ad-Remover i wciśnij przycisk [b]UNINNSTAL[/b]. [b]3.[/b] [list] [*]System jest dziurawy. Aktualizacja SP do wersji [url=http://www.microsoft.com/downloads/pl-pl/details.aspx?FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d][b][color=blue][u]Windows Vista SP2[/url][/b][/color][/u] + przeglądarka [url=http://windows.microsoft.com/pl-PL/internet-explorer/products/ie/home][b][color=blue][u]Internet Explorer 9[/url][/b][/color][/u]. [*]Starszą Java odmontuj zastępując [url="http://www.oracle.com/technetwork/java/javase/downloads/index.html"][color="#0000FF"][b]Java 6 Update 26 (JRE)[/b][/color][/url] [*]Starszy Adobe Reader odinstaluj i wstaw najnowszy [url="http://get.adobe.com/reader/"][color="#0000FF"][b]Adobe Reader X (10.1)[/b][/color][/url] (nie zaznaczaj montażu sponsoringu McAfee). [*]Do aktualizacji wtyczki Adobe: [url="http://get.adobe.com/flashplayer/"][color="#0000FF"][b]Adobe Flash Player 10.3.181.34[/b][/color][/url] + [url="http://get.adobe.com/shockwave/"][color="#0000FF"][b]Adobe Shockwave Player 11.6.0.626[/b][/color][/url]. [*]Kodeki też możesz zaaktualizować. [*]Aktualizacja liska do wersji [url=http://www.mozilla.com/pl/firefox/][b][color=blue][u]5.01[/url][/b][/color][/u][/list] [b]4.[/b] Do wyczyszczenia punkty przywracania systemu: [url=http://www.searchengines.pl/Czyszczenie-punktow-przywracania-systemu-t141981.html][b][color="#0000FF"][u]LINK[/url][/b][/color][/u] [b]5.[/b] Zalecam [b]pełne skanowanie[/b] [url=http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][b][color="#0000FF"][u]MBAM[/url][/b][/color][/u] (po instalacji zaaktualizuj ręczne baze wirusów, usuń to co znajdzie i wklej raport końcowy). [b]6.[/b] Przeskanuj też cały system za pomocą [url=http://www.hotfix.pl/instrukcja-uzytkowania-dr-web-cureit--a193.htm][b][color=blue][u]Dr.Web CureIt![/url][/b][/color][/u]
annmegmonn komentarz 25 lipca 2011 Autor komentarz 25 lipca 2011 (edytowane) Zainstalowałam tak jak napisaleś te dodatkowe elementy dla visty (pierwszy link- przebiegło pozytywnie, bez błędów), potem próbowałam zainstalować internet exloprer po czym wyświetlil mi się komunikat, że należy pobrać odpowiednie aktualizacje.. a takowych nie znajadę, bo dostępu do internetu jako tako ciagle nie mam.. próbowałam jeszcze poinstalować adobe readera i flash playera, ale wyskakuje też coś z tymi błędami aktualizacji (podejrzewam, że to po prostu przez brak dostępu do neta.. ) skanowania jak na razie nie próbowałam, nie wiem czy je zrobić w MBAM czy w ogóle nie? a właśnie, co do java to niby pobrałam to Java 6 update 26 (jre) ale tam potem jest wiele do wyboru z windowsa ja akurat pobrałam windows x86 kernell czy jakoś tak, ale po odpaleniu znowu wyskoczyły błędy
wirusolog komentarz 25 lipca 2011 komentarz 25 lipca 2011 Nie mam pojęcia, czemu nie posiadasz internetu... Może pokaż nowe logi z OTL.
annmegmonn komentarz 25 lipca 2011 Autor komentarz 25 lipca 2011 nie wiem czy Ci to jakoś pomoże, ale gdy próbuję włączyć przegladarke (chociażby mozille) wyskakuje mi coś takiego: "the proxy server is refusing connection" -> i raczej nie będzie to problem z połączeniem sieci, bo na innym laptopie działa doskonale Ogólnie to jeszcze nie wiem czy to istotne, ale akurat laptop został kupiony za granicą i polskiego menu nie ma (chociaż nie wiem czy to w ogóle mogloby wpłynąć na wynikające błędy) ale i tak mówię bo nie mam nic do stracenia x) i podczas bycia na kompie i nicnierobienia przy wlaczonym ,ale wciąż niedziałającym necie wyświetliło mi się jeszcze niedawno, że MBAM zablokował podejrzaną stronę, ale nie zdążyłam przepisać jaką, bo chmurka zniknęła x) a oto log z OTL: <log> OTL logfile created on: 2011-07-25 17:44:42 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,93 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,70% Memory free 6,08 Gb Paging File | 4,73 Gb Available in Paging File | 77,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,96 Gb Total Space | 136,08 Gb Free Space | 61,31% Space Free | Partition Type: NTFS Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-25 17:40:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-08-25 18:45:44 | 000,136,216 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2010-08-25 18:45:42 | 000,266,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2010-08-25 18:45:40 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2010-08-25 18:45:36 | 000,171,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe PRC - [2009-11-18 15:13:18 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe PRC - [2009-11-18 03:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2009-11-18 03:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2009-11-18 03:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2009-11-17 19:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-05-19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009-04-10 23:28:16 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-10 23:28:10 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-10 23:28:06 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-10 23:28:00 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-10 23:28:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe PRC - [2009-04-10 23:28:00 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe PRC - [2009-04-10 23:27:50 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-10 23:27:34 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-04-10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009-02-26 13:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008-10-09 16:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PRC - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2008-09-24 02:21:52 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe PRC - [2008-09-15 16:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe PRC - [2008-08-02 01:14:02 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008-05-29 15:32:32 | 002,685,496 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe PRC - [2008-05-02 01:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2008-04-17 20:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2008-04-17 20:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2008-04-15 23:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2008-04-11 18:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2008-04-03 20:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe PRC - [2008-01-21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008-01-21 04:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2008-01-21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-01-21 04:23:32 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe PRC - [2007-10-18 01:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe PRC - [2007-09-26 16:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2006-11-02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-25 17:40:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe MOD - [2011-06-17 03:25:36 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll MOD - [2011-06-17 03:25:36 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll MOD - [2011-04-28 18:00:50 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2011-04-21 18:04:00 | 000,834,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2011-04-12 18:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010-08-17 05:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-10 23:28:26 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-10 23:28:26 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-10 23:28:26 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-04-10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-10 23:28:26 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-10 23:28:26 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-10 23:28:26 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-10 23:28:26 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-10 23:28:26 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-10 23:28:24 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-10 23:28:24 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-10 23:28:24 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-10 23:28:24 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-10 23:28:24 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-10 23:28:22 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-10 23:28:22 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-10 23:28:22 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-10 23:28:20 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-10 23:28:20 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-10 23:28:20 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-10 23:28:18 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-10 23:28:18 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-04-10 23:27:14 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2008-01-21 04:25:29 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008-01-21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-21 04:24:06 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2008-01-21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2010-10-12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS) SRV - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010-08-13 11:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15) DRV - [2010-08-13 11:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010-08-13 11:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010-08-13 11:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG) DRV - [2010-08-09 05:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86) DRV - [2010-07-29 05:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA) DRV - [2010-07-29 04:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP) DRV - [2010-07-29 04:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010-07-23 13:25:13 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-07-23 13:25:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-07-23 11:22:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-07-13 03:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS -- (SYMTDIv) DRV - [2010-06-27 06:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON) DRV - [2010-06-27 06:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86) DRV - [2010-06-13 12:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS) DRV - [2008-12-20 09:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-06-29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008-06-10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-06-05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007-10-18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-06-19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006-11-28 19:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50) DRV - [2006-11-28 19:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51859 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 51859 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-22 14:25:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011-07-22 14:23:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-24 22:40:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-02 20:30:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M] [2009-09-18 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions [2011-07-24 17:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions [2010-09-25 12:49:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-23 21:08:32 | 000,001,827 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\bing.xml [2011-06-26 12:23:40 | 000,002,055 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\daemon-search.xml [2010-08-20 10:53:28 | 000,002,064 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\youtube-video-search.xml [2011-07-25 17:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-24 23:42:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} File not found (No name found) -- [2011-07-22 14:25:38 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN [2011-06-24 22:40:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-02-17 20:59:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-06-02 20:29:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2011-07-23 12:21:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe (VSD Software) O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant) O7 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-25 17:43:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2011-07-25 17:24:05 | 000,731,424 | ---- | C] (Solid State Networks) -- C:\Users\Anna\Desktop\install_flashplayer10_mssd_aih.exe [2011-07-25 16:50:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2011-07-25 16:50:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2011-07-25 16:50:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2011-07-25 16:29:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011-07-25 15:56:03 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll [2011-07-25 15:55:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe [2011-07-25 15:46:51 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2011-07-25 15:46:50 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll [2011-07-25 15:46:49 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll [2011-07-25 15:46:49 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll [2011-07-25 15:46:49 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll [2011-07-25 15:46:49 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll [2011-07-25 15:46:49 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2011-07-25 15:46:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2011-07-25 15:46:48 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll [2011-07-25 15:46:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2011-07-25 15:46:48 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll [2011-07-25 15:46:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll [2011-07-25 15:46:44 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll [2011-07-25 15:46:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll [2011-07-25 15:46:44 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll [2011-07-25 15:46:44 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll [2011-07-25 15:46:44 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime [2011-07-25 15:46:44 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys [2011-07-25 15:46:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll [2011-07-25 15:46:43 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll [2011-07-25 15:46:43 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll [2011-07-25 15:46:43 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll [2011-07-25 15:46:43 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll [2011-07-25 15:46:43 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2011-07-25 15:46:43 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll [2011-07-25 15:46:43 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys [2011-07-25 15:46:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2011-07-25 15:46:43 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2011-07-25 15:46:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll [2011-07-25 15:46:43 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe [2011-07-25 15:46:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe [2011-07-25 15:46:42 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr [2011-07-25 15:46:42 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011-07-25 15:46:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe [2011-07-25 15:46:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime [2011-07-25 15:46:42 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe [2011-07-25 15:46:41 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2011-07-25 15:46:41 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2011-07-25 15:46:41 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll [2011-07-25 15:46:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll [2011-07-25 15:46:40 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll [2011-07-25 15:46:40 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll [2011-07-25 15:46:40 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe [2011-07-25 15:46:40 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll [2011-07-25 15:46:40 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll [2011-07-25 15:46:40 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll [2011-07-25 15:46:39 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll [2011-07-25 15:46:39 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll [2011-07-25 15:46:39 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll [2011-07-25 15:46:39 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll [2011-07-25 15:46:39 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll [2011-07-25 15:46:39 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2011-07-25 15:46:39 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll [2011-07-25 15:46:39 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll [2011-07-25 15:46:39 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll [2011-07-25 15:46:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll [2011-07-25 15:46:39 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll [2011-07-25 15:46:39 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe [2011-07-25 15:46:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe [2011-07-25 15:46:38 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll [2011-07-25 15:46:38 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2011-07-25 15:46:38 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll [2011-07-25 15:46:38 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime [2011-07-25 15:46:38 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime [2011-07-25 15:46:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe [2011-07-25 15:46:37 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2011-07-25 15:46:37 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2011-07-25 15:46:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll [2011-07-25 15:46:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe [2011-07-25 15:46:36 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2011-07-25 15:46:36 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011-07-25 15:46:36 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll [2011-07-25 15:46:36 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe [2011-07-25 15:46:36 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2011-07-25 15:46:36 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll [2011-07-25 15:46:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011-07-25 15:46:35 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2011-07-25 15:46:35 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011-07-25 15:46:35 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll [2011-07-25 15:46:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll [2011-07-25 15:46:34 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011-07-25 15:46:34 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL [2011-07-25 15:46:28 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe [2011-07-25 15:46:15 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll [2011-07-25 15:46:15 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll [2011-07-25 15:46:15 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll [2011-07-25 15:46:15 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll [2011-07-25 15:46:15 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll [2011-07-25 15:46:14 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011-07-25 15:46:14 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2011-07-25 15:46:14 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll [2011-07-25 15:46:14 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll [2011-07-25 15:46:14 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe [2011-07-25 15:46:14 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll [2011-07-25 15:46:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys [2011-07-25 15:46:14 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys [2011-07-25 15:46:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011-07-25 15:46:13 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll [2011-07-25 15:46:13 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe [2011-07-25 15:46:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2011-07-25 15:46:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe [2011-07-25 15:46:13 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll [2011-07-25 15:46:13 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll [2011-07-25 15:46:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll [2011-07-25 15:46:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll [2011-07-25 15:46:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011-07-25 15:46:11 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll [2011-07-25 15:46:11 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe [2011-07-25 15:46:11 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2011-07-25 15:46:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll [2011-07-25 15:46:11 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe [2011-07-25 15:46:11 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll [2011-07-25 15:46:11 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll [2011-07-25 15:46:11 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll [2011-07-25 15:46:11 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll [2011-07-25 15:46:10 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe [2011-07-25 15:46:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll [2011-07-25 15:46:10 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll [2011-07-25 15:46:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2011-07-25 15:46:10 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2011-07-25 15:46:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll [2011-07-25 15:46:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe [2011-07-25 15:46:09 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe [2011-07-25 15:46:09 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll [2011-07-25 15:46:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll [2011-07-25 15:46:09 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe [2011-07-25 15:46:08 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2011-07-25 15:46:08 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll [2011-07-25 15:46:08 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll [2011-07-25 15:46:08 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll [2011-07-25 15:46:08 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll [2011-07-25 15:46:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll [2011-07-25 15:46:08 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe [2011-07-25 15:46:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll [2011-07-25 15:46:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll [2011-07-25 15:46:08 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll [2011-07-25 15:46:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe [2011-07-25 15:46:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll [2011-07-25 15:46:07 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll [2011-07-25 15:46:07 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll [2011-07-25 15:46:07 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll [2011-07-25 15:46:07 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe [2011-07-25 15:46:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2011-07-25 15:46:06 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2011-07-25 15:46:06 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll [2011-07-25 15:46:06 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe [2011-07-25 15:46:06 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe [2011-07-25 15:46:06 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2011-07-25 15:46:06 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll [2011-07-25 15:46:06 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2011-07-25 15:46:06 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll [2011-07-25 15:46:06 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2011-07-25 15:46:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll [2011-07-25 15:46:06 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2011-07-25 15:46:06 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2011-07-25 15:46:05 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll [2011-07-25 15:46:05 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll [2011-07-25 15:46:05 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll [2011-07-25 15:46:04 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll [2011-07-25 15:46:03 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll [2011-07-25 15:46:03 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2011-07-25 15:46:03 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll [2011-07-25 15:46:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll [2011-07-25 15:46:02 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll [2011-07-25 15:46:01 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll [2011-07-25 15:46:01 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll [2011-07-25 15:46:01 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll [2011-07-25 15:46:01 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll [2011-07-25 15:46:01 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll [2011-07-25 15:46:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe [2011-07-25 15:46:01 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys [2011-07-25 15:46:00 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2011-07-25 15:46:00 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll [2011-07-25 15:46:00 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll [2011-07-25 15:45:59 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll [2011-07-25 15:45:59 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll [2011-07-25 15:45:59 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll [2011-07-25 15:45:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe [2011-07-25 15:45:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2011-07-25 15:45:59 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll [2011-07-25 15:45:59 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe [2011-07-25 15:45:59 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2011-07-25 15:45:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe [2011-07-25 15:45:58 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll [2011-07-25 15:45:58 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2011-07-25 15:45:58 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl [2011-07-25 15:45:58 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll [2011-07-25 15:45:58 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll [2011-07-25 15:45:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2011-07-25 15:45:58 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe [2011-07-25 15:45:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011-07-25 15:45:58 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe [2011-07-25 15:45:57 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll [2011-07-25 15:45:57 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll [2011-07-25 15:45:57 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2011-07-25 15:45:57 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys [2011-07-25 15:45:57 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime [2011-07-25 15:45:57 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe [2011-07-25 15:45:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe [2011-07-25 15:45:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll [2011-07-25 15:45:56 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll [2011-07-25 15:45:56 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2011-07-25 15:45:56 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll [2011-07-25 15:45:56 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll [2011-07-25 15:45:56 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll [2011-07-25 15:45:56 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2011-07-25 15:45:56 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe [2011-07-25 15:45:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime [2011-07-25 15:45:56 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011-07-25 15:45:54 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2011-07-25 15:45:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll [2011-07-25 15:45:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll [2011-07-25 15:45:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll [2011-07-25 15:45:52 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll [2011-07-25 15:45:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll [2011-07-25 15:45:52 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll [2011-07-25 15:45:51 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll [2011-07-25 15:45:51 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll [2011-07-25 15:45:51 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011-07-25 15:45:51 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011-07-25 15:45:50 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll [2011-07-25 15:45:50 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll [2011-07-25 15:45:50 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll [2011-07-25 15:45:50 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll [2011-07-25 15:45:50 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll [2011-07-25 15:45:50 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011-07-25 15:45:50 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2011-07-25 15:45:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2011-07-25 15:45:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll [2011-07-25 15:45:48 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll [2011-07-25 15:45:48 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll [2011-07-25 15:45:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011-07-25 15:45:48 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe [2011-07-25 15:45:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll [2011-07-25 15:45:47 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll [2011-07-25 15:45:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL [2011-07-25 15:45:47 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe [2011-07-25 15:45:47 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll [2011-07-25 15:45:47 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll [2011-07-25 15:45:47 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll [2011-07-25 15:45:47 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll [2011-07-25 15:45:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011-07-25 15:45:47 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2011-07-25 15:45:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011-07-25 15:45:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll [2011-07-25 15:45:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll [2011-07-25 15:45:46 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll [2011-07-25 15:45:46 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll [2011-07-25 15:45:46 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll [2011-07-25 15:45:46 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll [2011-07-25 15:45:46 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011-07-25 15:45:46 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll [2011-07-25 15:45:46 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011-07-25 15:45:46 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll [2011-07-25 15:45:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll [2011-07-25 15:45:46 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll [2011-07-25 15:45:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll [2011-07-25 15:45:45 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011-07-25 15:45:45 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2011-07-25 15:45:45 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011-07-25 15:45:45 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll [2011-07-25 15:45:45 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll [2011-07-25 15:45:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2011-07-25 15:45:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2011-07-25 15:45:44 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011-07-25 15:45:44 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011-07-25 15:45:44 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll [2011-07-25 15:45:44 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll [2011-07-25 15:45:44 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll [2011-07-25 15:45:43 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime [2011-07-25 15:45:43 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll [2011-07-25 15:45:43 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2011-07-25 15:45:43 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2011-07-25 15:45:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll [2011-07-25 15:45:42 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll [2011-07-25 15:45:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll [2011-07-25 15:45:41 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll [2011-07-25 15:45:41 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll [2011-07-25 15:45:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL [2011-07-25 15:45:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe [2011-07-25 15:45:40 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2011-07-25 15:45:40 | 000,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011-07-25 15:45:40 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll [2011-07-25 15:45:40 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll [2011-07-25 15:45:40 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll [2011-07-25 15:45:40 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2011-07-25 15:45:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll [2011-07-25 15:45:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll [2011-07-25 15:45:40 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll [2011-07-25 15:45:40 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2011-07-25 15:45:39 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME [2011-07-25 15:45:39 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL [2011-07-25 15:45:39 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll [2011-07-25 15:45:39 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll [2011-07-25 15:45:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011-07-25 15:45:39 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll [2011-07-25 15:45:38 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll [2011-07-25 15:45:38 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011-07-25 15:45:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2011-07-25 15:45:37 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll [2011-07-25 15:45:37 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe [2011-07-25 15:45:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2011-07-25 15:45:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll [2011-07-25 15:45:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax [2011-07-25 15:45:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll [2011-07-25 15:45:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll [2011-07-25 15:45:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll [2011-07-25 15:45:36 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2011-07-25 15:45:35 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe [2011-07-25 15:45:35 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2011-07-25 15:45:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe [2011-07-25 15:45:35 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2011-07-25 15:45:35 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2011-07-25 15:45:35 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll [2011-07-25 15:45:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2011-07-25 15:45:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe [2011-07-25 15:45:35 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll [2011-07-25 15:45:35 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll [2011-07-25 15:45:34 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll [2011-07-25 15:45:34 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe [2011-07-25 15:45:34 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll [2011-07-25 15:45:34 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2011-07-25 15:45:34 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011-07-25 15:45:34 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll [2011-07-25 15:45:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe [2011-07-25 15:45:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll [2011-07-25 15:45:33 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe [2011-07-25 15:45:33 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll [2011-07-25 15:45:33 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll [2011-07-25 15:45:33 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2011-07-25 15:45:33 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll [2011-07-25 15:45:33 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe [2011-07-25 15:45:33 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll [2011-07-25 15:45:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll [2011-07-25 15:45:32 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll [2011-07-25 15:45:32 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll [2011-07-25 15:45:32 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll [2011-07-25 15:45:32 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe [2011-07-25 15:45:32 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2011-07-25 15:45:32 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll [2011-07-25 15:45:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys [2011-07-25 15:45:31 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl [2011-07-25 15:45:31 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll [2011-07-25 15:45:31 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll [2011-07-25 15:45:31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll [2011-07-25 15:45:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2011-07-25 15:45:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll [2011-07-25 15:45:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll [2011-07-25 15:45:30 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL [2011-07-25 15:45:30 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL [2011-07-25 15:45:30 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL [2011-07-25 15:45:30 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll [2011-07-25 15:45:29 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll [2011-07-25 15:45:29 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll [2011-07-25 15:45:29 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe [2011-07-25 15:45:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll [2011-07-25 15:45:28 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll [2011-07-25 15:45:28 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2011-07-25 15:45:28 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll [2011-07-25 15:45:28 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll [2011-07-25 15:45:28 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx [2011-07-25 15:45:28 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll [2011-07-25 15:45:28 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll [2011-07-25 15:45:28 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll [2011-07-25 15:45:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll [2011-07-25 15:45:27 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe [2011-07-25 15:45:27 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2011-07-25 15:45:27 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2011-07-25 15:45:27 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011-07-25 15:45:27 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2011-07-25 15:45:26 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll [2011-07-25 15:45:25 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll [2011-07-25 15:45:25 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys [2011-07-25 15:45:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll [2011-07-25 15:45:25 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys [2011-07-25 15:45:24 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll [2011-07-25 15:45:24 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2011-07-25 15:45:24 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2011-07-25 15:45:24 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll [2011-07-25 15:45:23 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll [2011-07-25 15:45:23 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll [2011-07-25 15:45:23 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll [2011-07-25 15:45:23 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx [2011-07-25 15:45:23 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll [2011-07-25 15:45:23 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll [2011-07-25 15:45:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll [2011-07-25 15:45:22 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll [2011-07-25 15:45:22 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys [2011-07-25 15:45:22 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll [2011-07-25 15:45:22 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll [2011-07-25 15:45:22 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe [2011-07-25 15:45:22 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe [2011-07-25 15:45:22 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll [2011-07-25 15:45:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe [2011-07-25 15:45:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll [2011-07-25 15:45:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll [2011-07-25 15:45:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe [2011-07-25 15:45:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll [2011-07-25 15:45:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll [2011-07-25 15:45:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2011-07-25 15:45:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll [2011-07-25 15:45:21 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll [2011-07-25 15:45:21 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe [2011-07-25 15:45:21 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe [2011-07-25 15:45:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll [2011-07-25 15:45:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe [2011-07-25 15:45:21 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe [2011-07-25 15:45:21 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys [2011-07-25 15:45:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2011-07-25 15:45:20 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll [2011-07-25 15:45:20 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp [2011-07-25 15:45:20 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll [2011-07-25 15:45:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll [2011-07-25 15:45:20 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys [2011-07-25 15:45:19 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime [2011-07-25 15:45:18 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011-07-25 15:45:18 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll [2011-07-25 15:45:18 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll [2011-07-25 15:45:18 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2011-07-25 15:45:18 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll [2011-07-25 15:42:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011-07-25 15:28:10 | 498,580,680 | ---- | C] (Microsoft Corporation) -- C:\Users\Anna\Desktop\Windows6.0-KB948465-X86(2).exe [2011-07-25 12:42:22 | 001,168,176 | ---- | C] (Microsoft Corporation) -- C:\Users\Anna\Desktop\IE9-WindowsVista-x86-plk.exe [2011-07-23 12:30:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-07-22 15:12:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes [2011-07-22 15:12:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-22 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-07-22 15:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-07-22 15:11:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-07-22 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-07-22 14:24:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011-07-22 14:23:42 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys [2011-07-22 14:23:42 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys [2011-07-22 14:23:42 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys [2011-07-22 14:23:42 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symtdiv.sys [2011-07-22 14:23:42 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys [2011-07-22 14:23:42 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys [2011-07-22 14:23:42 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys [2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025 [2011-07-22 14:23:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2011-07-22 14:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2011-07-22 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011-07-22 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security 2011 EN + trial reset - peb.pl-ks_93 [2011-07-22 14:14:59 | 000,000,000 | -HSD | C] -- C:\found.000 [2011-07-20 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\Documents\Ankh - The Lost Treasures [2011-07-20 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic [2011-07-20 14:21:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Color-Brush [2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Crown [2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Crown [2011-07-20 05:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011-07-18 11:16:04 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2011-07-18 11:16:04 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2011-07-18 11:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF [2011-07-18 11:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2011-07-18 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations [2011-07-15 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Nancy Drew [2011-07-15 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\directx [2011-07-14 15:52:58 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011-07-14 15:52:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011-07-13 01:07:27 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011-06-25 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games [2011-06-23 22:15:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2011-06-23 22:15:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2011-06-23 22:15:50 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2011-06-23 22:15:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2011-06-23 22:15:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2011-06-23 22:15:49 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2011-06-23 22:15:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2011-06-23 22:15:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2011-06-23 22:15:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2011-06-23 22:15:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2011-06-23 22:15:48 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2011-06-23 22:15:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2011-06-23 22:15:41 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2011-06-23 22:15:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2011-06-23 22:15:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2011-06-23 22:15:23 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2011-06-23 22:15:22 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2011-06-23 22:15:22 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2011-06-23 22:15:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2011-06-23 22:15:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2011-06-23 22:15:19 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2011-06-23 22:15:18 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2011-06-23 22:15:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2011-06-23 22:15:17 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2011-06-23 22:15:16 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2011-06-23 22:15:16 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2011-06-23 22:15:16 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2011-06-23 22:15:16 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2011-06-23 22:15:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2011-06-23 22:15:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2011-06-23 22:15:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2011-06-23 22:15:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2011-06-23 22:15:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2011-06-23 22:15:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2011-06-23 22:15:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2011-06-23 22:15:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2011-06-23 22:15:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2011-06-23 22:15:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2011-06-23 22:15:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2011-06-23 22:15:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2011-06-23 22:15:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2011-06-23 22:15:03 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2011-06-23 22:15:02 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2011-06-23 22:15:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2011-06-23 22:15:00 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2011-06-23 22:14:59 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2011-06-23 22:14:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2011-06-23 22:14:56 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2011-06-23 22:14:54 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2011-06-23 22:14:53 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2011-06-23 22:14:53 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2011-06-23 22:14:51 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2011-06-23 22:14:51 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2011-06-23 22:14:46 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2011-06-23 22:14:45 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2011-06-23 22:14:45 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2011-06-23 22:14:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2011-06-23 22:14:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2011-06-23 22:14:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2011-06-23 22:14:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2011-06-23 22:14:40 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2011-06-23 22:14:39 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2011-06-23 22:14:37 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2011-06-23 22:14:37 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2011-06-23 22:14:34 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2011-06-23 22:14:33 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2011-06-23 22:14:33 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2011-06-23 22:14:33 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2011-06-23 22:14:32 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2011-06-23 22:14:32 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2011-06-23 22:14:15 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2011-06-23 22:14:14 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2011-06-23 22:14:14 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2011-06-23 22:14:13 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2011-06-23 22:14:12 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2011-06-23 22:14:10 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2011-06-23 22:14:08 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2011-06-23 22:14:06 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2011-06-16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011-06-16 20:16:22 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011-06-16 20:16:22 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011-06-16 20:16:22 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011-06-16 20:16:21 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011-06-16 20:16:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010-08-25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-25 17:40:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2011-07-25 17:25:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-07-25 17:25:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-07-25 17:20:50 | 000,731,424 | ---- | M] (Solid State Networks) -- C:\Users\Anna\Desktop\install_flashplayer10_mssd_aih.exe [2011-07-25 17:07:55 | 000,000,134 | ---- | M] () -- C:\Users\Anna\Desktop\Rozwiązywanie problemów z programem Internet Explorer.url [2011-07-25 17:04:30 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011-07-25 17:03:49 | 000,000,903 | ---- | M] () -- C:\Users\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011-07-25 17:02:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-07-25 17:02:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-07-25 17:01:56 | 002,185,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB [2011-07-25 16:57:00 | 000,316,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-07-25 16:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-07-25 16:55:51 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys [2011-07-25 13:55:16 | 498,580,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Anna\Desktop\Windows6.0-KB948465-X86(2).exe [2011-07-25 12:59:16 | 000,000,104 | ---- | M] () -- C:\Users\Anna\Desktop\Recycle Bin - Shortcut.lnk [2011-07-25 12:18:22 | 072,436,296 | ---- | M] () -- C:\Users\Anna\Desktop\launch.exe [2011-07-25 11:51:02 | 001,168,176 | ---- | M] (Microsoft Corporation) -- C:\Users\Anna\Desktop\IE9-WindowsVista-x86-plk.exe [2011-07-23 12:21:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011-07-22 15:12:04 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-22 14:24:13 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-22 14:24:13 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-22 14:23:55 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-22 14:07:33 | 000,007,052 | ---- | M] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-06-29 14:34:04 | 000,000,000 | ---- | M] () -- C:\Windows\Shadow.INI [2011-06-26 17:08:44 | 000,000,000 | ---- | M] () -- C:\Windows\Game.INI [2011-06-21 18:56:44 | 000,017,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2011-06-21 18:56:42 | 000,026,416 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2011-06-02 15:34:49 | 002,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011-06-01 16:53:42 | 000,012,765 | ---- | M] () -- C:\Users\Anna\Documents\grecja.html [1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-25 17:07:55 | 000,000,134 | ---- | C] () -- C:\Users\Anna\Desktop\Rozwiązywanie problemów z programem Internet Explorer.url [2011-07-25 15:46:40 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2011-07-25 15:46:38 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2011-07-25 15:46:15 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2011-07-25 15:46:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011-07-25 15:46:11 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2011-07-25 15:45:34 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2011-07-25 15:45:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011-07-25 15:45:22 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2011-07-25 15:45:22 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2011-07-25 15:45:20 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011-07-25 12:59:16 | 000,000,104 | ---- | C] () -- C:\Users\Anna\Desktop\Recycle Bin - Shortcut.lnk [2011-07-25 12:40:22 | 072,436,296 | ---- | C] () -- C:\Users\Anna\Desktop\launch.exe [2011-07-22 15:12:03 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-22 14:24:21 | 002,185,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB [2011-07-22 14:24:14 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-22 14:24:14 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-22 14:23:55 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-22 14:23:30 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf [2011-07-22 14:23:30 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf [2011-07-22 14:23:30 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNetV.inf [2011-07-22 14:23:30 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf [2011-07-22 14:23:30 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf [2011-07-22 14:23:30 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf [2011-07-22 14:23:30 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf [2011-07-22 14:23:19 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\symnetv.cat [2011-07-22 14:23:19 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat [2011-07-22 14:23:19 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat [2011-07-22 14:23:19 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat [2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat [2011-07-22 14:23:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini [2011-07-18 11:15:58 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk [2011-06-29 14:34:04 | 000,000,000 | ---- | C] () -- C:\Windows\Shadow.INI [2011-06-26 17:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI [2011-06-02 20:30:23 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-06-01 16:53:42 | 000,012,765 | ---- | C] () -- C:\Users\Anna\Documents\grecja.html [2010-11-10 23:06:31 | 000,174,683 | ---- | C] () -- C:\Windows\hpoins45.dat [2010-08-25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010-08-25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010-08-25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010-08-25 17:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010-08-25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010-08-25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010-08-09 21:53:23 | 000,000,187 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010-07-24 23:46:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-07-23 13:25:13 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010-07-23 13:25:13 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010-07-22 18:52:11 | 000,314,368 | ---- | C] () -- C:\Windows\KSGDeInstall.exe [2010-04-24 16:28:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-04-24 16:28:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-04-24 16:28:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010-04-24 16:28:10 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-04-24 16:28:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010-04-23 18:13:52 | 000,007,052 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat [2010-02-05 08:43:26 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat [2009-12-05 16:35:30 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-12-04 16:37:12 | 000,035,840 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-18 20:42:23 | 000,000,413 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009-09-18 20:42:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009-09-18 14:51:47 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini [2009-09-17 17:11:34 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini [2009-09-17 17:11:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll [2009-09-17 17:11:31 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2009-09-17 17:11:31 | 000,088,064 | ---- | C] () -- C:\Windows\System32\idiom010227.dll [2009-09-17 17:11:30 | 000,099,092 | ---- | C] () -- C:\Windows\System32\bass.dll [2009-09-17 17:11:26 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL [2009-06-09 19:23:05 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009-04-22 16:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008-07-06 22:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll [2008-07-06 22:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008-06-29 16:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,316,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-03-09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [color=#E56717]========== LOP Check ==========[/color] [2011-07-20 05:57:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\BitTorrent [2011-05-02 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Casual Mechanics [2011-07-20 06:27:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Crown [2010-07-23 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DAEMON Tools Lite [2011-07-18 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations [2010-08-09 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DrDietman2 [2009-09-04 16:13:33 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\FloodLightGames [2011-05-06 22:24:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Friday's games [2009-12-09 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\funkitron [2009-09-09 13:23:30 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Gamelab [2011-07-20 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic [2009-12-06 15:03:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Imagic403N [2010-01-30 00:21:55 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\iWin [2011-04-23 12:56:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Magic3 [2009-12-08 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\muvee Technologies [2011-07-17 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nitro PDF [2010-12-02 00:13:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Notepad++ [2009-10-18 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nowe Gadu-Gadu [2009-11-28 09:08:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenFM [2009-09-17 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Oxford [2011-05-05 00:34:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PeerNetworking [2009-09-16 11:06:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PlayFirst [2010-02-07 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SBTT [2009-09-25 03:08:34 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SPORE Creature Creator [2010-11-06 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Template [2011-07-20 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\uTorrent [2011-05-02 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\V-Games [2011-03-25 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VDownloader [2010-11-12 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VendelGAMES [2011-07-25 16:54:28 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-04-10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-07-25 16:55:51 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys [2011-07-25 16:55:50 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys [2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys [2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2007-05-18 06:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2009-04-10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys [2009-04-10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2008-01-21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < End of report > </log> [b][u]EXTRAS[/u][/b] <log> OTL Extras logfile created on: 2011-07-25 17:44:42 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,93 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,70% Memory free 6,08 Gb Paging File | 4,73 Gb Available in Paging File | 77,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,96 Gb Total Space | 136,08 Gb Free Space | 61,31% Space Free | Partition Type: NTFS Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{386DCE31-654E-472A-B9E6-101CC3476D72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{388029A1-F8F7-4A0F-93A3-4708E8BACF4E}" = rport=139 | protocol=6 | dir=out | app=system | "{3F0ABE11-660E-4FAF-89A8-C71269A670B4}" = rport=137 | protocol=17 | dir=out | app=system | "{4E25237A-0D54-4AB3-B083-2A16D3793EEA}" = lport=138 | protocol=17 | dir=in | app=system | "{5E729D74-1BF5-44A1-9BFB-28DEEA3F0626}" = rport=10243 | protocol=6 | dir=out | app=system | "{67A10C69-BFA5-4E52-9FB0-4EB4A63397C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6DE9F1EE-BCD5-4C5E-9885-E7BA858EFAC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7014ACAF-6577-48FA-B2CC-5792141BAC4F}" = lport=139 | protocol=6 | dir=in | app=system | "{7B014A4D-D52A-4D15-9E52-16BAFB98B516}" = lport=17001 | protocol=17 | dir=in | name=ko.kurnik.pl | "{9260E63B-2EBD-4ADD-A32C-80708AE1E79F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95831269-91D6-4D70-ACC9-164E6DCF5B85}" = lport=445 | protocol=6 | dir=in | app=system | "{99A77498-FACD-43D0-BA22-066EC5EF8F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B01A3A09-D112-45CF-AA71-F308D2D7AD4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B512A2D8-367B-4E2F-83C1-2C7D3FCBCC0C}" = lport=2869 | protocol=6 | dir=in | app=system | "{BBC78D0F-D7DD-4C93-A79A-231C20AA7529}" = lport=137 | protocol=17 | dir=in | app=system | "{CBF1E23F-6D33-413A-A525-C04984590FFD}" = rport=138 | protocol=17 | dir=out | app=system | "{D0EB1410-F9F1-4740-8707-06ECFA574AB1}" = lport=10243 | protocol=6 | dir=in | app=system | "{D686C1F6-B1D2-45AE-B998-3811FBDCD3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F119DCC0-ADC1-42ED-A6F6-97DC88E04FC1}" = lport=2869 | protocol=6 | dir=in | app=system | "{F6857440-7DA4-45E9-B5D0-E9197CFE449A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F9E32DEB-9208-4B4C-812D-2981AFF516EE}" = rport=445 | protocol=6 | dir=out | app=system | "{FBA6E6A9-DDBC-40AD-9FA2-3E50B3A92BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0C9D0D83-CABE-447B-A547-0490CEBCCFED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{10656DC8-778B-4CA5-B215-7E2A103BD2AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{10E99A8F-37A5-4B27-A3A1-6337D3602992}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{158ECF4E-52E6-4BD6-9B15-3A1033ED4BF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{21513197-96E2-4AC5-BAAF-50373B52FAEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2324828B-ED0F-4BD2-A7C4-B5AD534FDA57}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{3851096C-36DD-4835-9499-0C154EBF6AF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{399F70A6-311D-4EEA-8311-85DFADC7F5B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{3D491E2A-5057-4E8F-9D15-DE73E22E8F46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4189FAB8-890B-48FC-B300-28B0D12BF263}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{4B4B9515-500C-4C6F-A697-AC72624785E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4B87C204-8FF3-470B-B356-4BFE87153F8A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{50956512-86C8-4EFE-900E-33C8DC094593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{58AF6471-CAEC-4822-9EA3-B46A77303DE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{59713904-77D7-4711-83C5-3C43ABE510D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{5BE493D5-F19C-421E-B9C0-2705C81A1AC3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6939465A-FA8B-4737-9DB7-A3429B302E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{77F8EFC5-4C8A-41C0-82A5-E81C505121EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7CD4006B-374E-4052-B379-C4D7623A4A7F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{8077F54E-396B-412A-AF51-D721847374B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{86B0D20B-A9F3-4235-B637-E41061920648}" = protocol=6 | dir=out | app=system | "{8F08D2B7-2116-4F17-BABA-D01B795293F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{99F99351-1809-4D3D-852C-00E13A256640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AC1B5872-D4FB-489D-B5BB-59E29145E6B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{B8ED8B1D-42E2-41BA-ADF2-0F712F42FF1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8FE4E2F-1FFF-4129-8700-05B35A6E33BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C9DEC4E0-7510-42DF-97BE-1252049A8786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CD0BACCB-26E2-458A-8F2C-DC558A827955}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DBA43BB8-8528-4842-8C35-C73A0A286A0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC9B8ABB-C5AA-4F2B-92D8-EA37692D09BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{E63A7C88-F35D-4136-8781-EB38E7A9A539}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{E6A70BD9-E44D-45B7-B82C-DA8B7B4E52C6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{EC72D096-B027-4BFE-98B8-0C24900250D4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{EF57BBE4-C5B2-4C59-B33E-D968626128E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F533671D-3BC9-407D-B0C7-416FD18C5156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{F628E70F-D14B-4DCE-8C27-F1A918D540F3}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{FF8DDCD0-C18D-4888-BCBF-E164FD87EC2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{13A47A39-2C01-4604-8494-8AC628C6C582}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{1A7D5A70-4E78-4CE9-9AFF-F20B5F4D744D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{1E0857E6-56F2-47A3-9FFD-0FD1499D8978}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{CD44667E-F363-405E-9B70-058DCAFACBAD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "TCP Query User{D59BE3C9-0248-4617-9D29-A720BA51CAAA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{FAB7C0E5-32ED-44BF-9140-7060B5A287CD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{4B48EDDD-2652-4EAC-AA4B-AC40D6D50F9F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{59731E99-DA6F-41D2-9D8E-012D46F542B8}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{699BCB26-36F8-41AA-8CEA-9DB45F707B47}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{9E6C223B-D6C5-48B4-9209-9B0967E6C8EA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{A35553BA-AEC4-4FB4-ADBA-FF7AC7EB0F80}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{DC9C02FE-6B40-4A03-B9A5-2B5F82D2CD8C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0A50CB27-D2D5-4B7D-A001-30B1782A450B}" = DJ_AIO_06_K209a-z_SW_Min "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5A3ECDDA-562C-4281-BFE5-A4C8F32EACA3}" = K209a-z "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{6051912A-F7B8-445C-A99D-81AA4C118836}" = HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 "{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live "{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live "{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752 "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2 "{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "ALLPlayer_is1" = ALLPlayer V4.X "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Dzieńdobry!" = Dzieńdobry! "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0 "Larry 7" = Larry 7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US) "NIS" = Norton Internet Security "Notepad++" = Notepad++ "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "Organizer ucznia_is1" = Organizer ucznia v1.0 "Oxford Wordpower Genie" = Oxford Wordpower Genie "Shop for HP Supplies" = Shop for HP Supplies "Slownik jezyka polskiego 3t" = Słownik języka polskiego PWN "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veoh Web Player Beta" = Veoh Web Player "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR "WTA-059fb0fd-b8d8-4443-9f2f-1ef716b6ac80" = Nancy Drew - Curse of Blackmoor Manor "WTA-0861cc54-ec49-4001-a4fd-21f471969c6e" = Natalie Brooks - Mystery at Hillcrest High "WTA-223e2a26-507b-41a8-86d7-b4cd0657f9cd" = Pizza Chef 2 "WTA-3df06af8-8ee8-476e-ac7c-796aad66da7f" = Nancy Drew Dossier - Lights, Camera, Curses "WTA-447aeb2b-886f-4f03-9af8-313f57cac62b" = Nancy Drew - The Phantom of Venice "WTA-5c1baa70-9736-45ba-9a68-594992602e97" = Jewelry Secret: Mystery Stones "WTA-6c40bcb4-2c92-4b4e-9fd1-467e7a2c02e3" = Lamp of Aladdin "WTA-716722e1-fc74-4410-a606-bca808f76b7a" = Magic Encyclopedia - Illusions "WTA-73ab29f6-8c46-4e63-aa14-067b3f991b31" = Ankh - The Lost Treasures "WTA-74a522d8-4237-4701-8ccd-af6af2b93896" = Farm Craft 2: Global Vegetable Crisis "WTA-87131e9b-2788-4ade-8202-5139abf9dfa8" = Guardians of Magic: Amanda's Awakening "WTA-a5b8a596-480d-4d62-a46e-981fd5914522" = Star Crossed Love "WTA-aeeb9eb2-a7a3-4302-ac80-a4fd79ddb165" = Royal Trouble "WTA-b33633d7-04bb-4e59-8ce9-a588f228b1cc" = BurgerTime Deluxe "WTA-c852c0f3-ac6b-4571-9c0b-30b68c6f008d" = Nancy Drew Dossier - Resorting to Danger! "WTA-cccbacc6-39a0-452e-ab7d-ab7a29f6c532" = Dream Inn: The Driftwood "WTA-cdf86317-d8b7-4840-b870-81b84a83b9f5" = Text Express 2 Deluxe "WTA-e1b5858f-56fd-4b45-b57e-a49c8d84ad6d" = Magic Encyclopedia - Moon Light "WTA-ff4f570d-41eb-4a16-8321-60c84451dbb4" = FunPark Beach Blast [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-07-25 09:44:50 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-25 09:44:50 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-25 11:13:07 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-25 11:13:07 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-25 11:13:48 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-25 11:13:48 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-25 11:15:51 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-25 11:15:51 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = Error - 2011-07-25 11:16:18 | Computer Name = komputersiostra | Source = SPP | ID = 16387 Description = Error - 2011-07-25 11:16:18 | Computer Name = komputersiostra | Source = System Restore | ID = 8193 Description = [ OSession Events ] Error - 2009-12-11 11:58:54 | Computer Name = komputersiostra | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2709 seconds with 2400 seconds of active time. This session ended with a crash. [ System Events ] Error - 2010-04-09 11:51:38 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026 Description = Error - 2010-04-09 16:00:18 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. Error - 2010-04-09 16:12:21 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524292 Description = Error loading virus definitions. Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524293 Description = Error loading Symantec real time Anti-Virus driver. Error - 2010-04-10 03:19:26 | Computer Name = komputersiostra | Source = HTTP | ID = 15016 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000 Description = Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026 Description = Error - 2010-04-10 09:27:50 | Computer Name = komputersiostra | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B} because another computer on the network has the same name. The server could not start. < End of report > </log>
wirusolog komentarz 25 lipca 2011 komentarz 25 lipca 2011 (edytowane) [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Ranges: Range1 ([http] in Local intranet) IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51859 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 51859 :Commands [Reboot] [/code] Klik w [b]Wykonaj Skryot[/b]. OTL poprosi Cię o restart komputera - zgódź się i po restarcie pojawi się notatnik - wklej mi go. Zobacz czy internet działa. [b]2.[/b] Poproszę o wykaz z [url=http://www.hotfix.pl/instrukcja-obslugi-tdsskiller-a341.htm][b][color=blue][u]TDSSKiller'a[/url][/b][/color][/u].
annmegmonn komentarz 25 lipca 2011 Autor komentarz 25 lipca 2011 Po restarcie kompa wyszły mi jakieś syfy na komputrze - jakieś pliki z kompa nawet niektóre dokumenty zapisane w powerpoincie czy coś.. ale w sumie one pojawiły się przy wcześnieszym wykonywaniu skryptu.. po czym w czasie sprzątania znikły notatki nie pokazał mi się wcale, ale poszperałam i znalazłam log na dysku c, oto i on: <log> ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully. HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 51859 removed from network.proxy.http_port ========== COMMANDS ========== OTL by OldTimer - Version 3.2.26.1 log created on 07252011_181947 </log> [color="#FF8C00"][u][b] TU SPRÓBOWAŁAM WEJSĆ NA NETA I NIE OGĘ UWIERZYĆ, ALE SIĘ UDAŁO Xd[/b][/u][/color] no i teraz wykaz: 2011/07/25 18:26:31.0326 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42 2011/07/25 18:26:31.0326 ================================================================================ 2011/07/25 18:26:31.0326 SystemInfo: 2011/07/25 18:26:31.0326 2011/07/25 18:26:31.0326 OS Version: 6.0.6002 ServicePack: 2.0 2011/07/25 18:26:31.0326 Product type: Workstation 2011/07/25 18:26:31.0326 ComputerName: KOMPUTERSIOSTRA 2011/07/25 18:26:31.0326 UserName: Anna 2011/07/25 18:26:31.0326 Windows directory: C:\Windows 2011/07/25 18:26:31.0326 System windows directory: C:\Windows 2011/07/25 18:26:31.0326 Processor architecture: Intel x86 2011/07/25 18:26:31.0326 Number of processors: 2 2011/07/25 18:26:31.0326 Page size: 0x1000 2011/07/25 18:26:31.0326 Boot type: Normal boot 2011/07/25 18:26:31.0326 ================================================================================ 2011/07/25 18:26:32.0901 Initialize success 2011/07/25 18:26:48.0501 ================================================================================ 2011/07/25 18:26:48.0501 Scan started 2011/07/25 18:26:48.0501 Mode: Manual; 2011/07/25 18:26:48.0501 ================================================================================ 2011/07/25 18:26:49.0983 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/07/25 18:26:50.0295 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/07/25 18:26:50.0904 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/07/25 18:26:51.0075 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/07/25 18:26:51.0216 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/07/25 18:26:51.0434 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/07/25 18:26:51.0637 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/07/25 18:26:51.0777 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/07/25 18:26:51.0902 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys 2011/07/25 18:26:52.0058 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/07/25 18:26:52.0214 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys 2011/07/25 18:26:52.0401 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/07/25 18:26:52.0526 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/07/25 18:26:52.0666 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/07/25 18:26:52.0807 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/07/25 18:26:52.0947 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/25 18:26:53.0072 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/07/25 18:26:53.0228 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys 2011/07/25 18:26:53.0400 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys 2011/07/25 18:26:53.0602 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/07/25 18:26:53.0821 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys 2011/07/25 18:26:53.0992 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/07/25 18:26:54.0195 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/25 18:26:54.0367 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/25 18:26:54.0523 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/07/25 18:26:54.0944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/07/25 18:26:55.0178 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/07/25 18:26:55.0381 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/25 18:26:55.0521 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/07/25 18:26:55.0677 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/07/25 18:26:55.0802 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/25 18:26:56.0130 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/25 18:26:56.0301 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/07/25 18:26:56.0410 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/07/25 18:26:56.0629 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/25 18:26:56.0894 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys 2011/07/25 18:26:57.0066 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys 2011/07/25 18:26:57.0253 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/25 18:26:57.0362 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/07/25 18:26:57.0502 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/07/25 18:26:57.0690 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/07/25 18:26:57.0877 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/07/25 18:26:58.0314 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/07/25 18:26:58.0501 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/07/25 18:26:58.0641 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/07/25 18:26:58.0922 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/07/25 18:26:59.0281 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/25 18:26:59.0437 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/07/25 18:26:59.0686 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/07/25 18:26:59.0827 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/07/25 18:27:00.0014 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/07/25 18:27:00.0108 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/07/25 18:27:00.0279 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/07/25 18:27:00.0482 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/07/25 18:27:00.0716 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/07/25 18:27:00.0888 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/25 18:27:01.0044 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/07/25 18:27:01.0200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/07/25 18:27:01.0324 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/25 18:27:01.0621 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/07/25 18:27:01.0917 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/07/25 18:27:02.0120 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/25 18:27:02.0307 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/07/25 18:27:02.0650 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/07/25 18:27:02.0791 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/25 18:27:02.0978 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/07/25 18:27:03.0118 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/07/25 18:27:03.0274 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 2011/07/25 18:27:03.0415 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/07/25 18:27:03.0586 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 2011/07/25 18:27:04.0023 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/07/25 18:27:04.0335 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/07/25 18:27:04.0507 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/07/25 18:27:04.0647 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/07/25 18:27:04.0850 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/25 18:27:05.0146 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/07/25 18:27:05.0396 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys 2011/07/25 18:27:06.0004 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/07/25 18:27:06.0472 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/07/25 18:27:06.0675 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys 2011/07/25 18:27:06.0831 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys 2011/07/25 18:27:06.0956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/25 18:27:07.0112 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/25 18:27:07.0408 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/07/25 18:27:07.0564 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/07/25 18:27:07.0736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/07/25 18:27:07.0845 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/07/25 18:27:08.0017 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/25 18:27:08.0157 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/07/25 18:27:08.0298 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/07/25 18:27:08.0407 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/25 18:27:08.0532 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 2011/07/25 18:27:08.0703 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/25 18:27:08.0953 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/07/25 18:27:09.0078 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/25 18:27:09.0265 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/07/25 18:27:09.0390 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/07/25 18:27:09.0530 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/07/25 18:27:09.0639 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/07/25 18:27:09.0951 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys 2011/07/25 18:27:10.0107 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys 2011/07/25 18:27:10.0372 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/07/25 18:27:10.0466 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/07/25 18:27:10.0700 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/07/25 18:27:10.0903 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/07/25 18:27:11.0090 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/25 18:27:11.0262 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/25 18:27:11.0355 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys 2011/07/25 18:27:11.0496 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/07/25 18:27:11.0683 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/07/25 18:27:11.0870 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/25 18:27:12.0057 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/07/25 18:27:12.0213 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/07/25 18:27:12.0478 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/25 18:27:12.0681 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/25 18:27:12.0853 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/25 18:27:13.0024 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/07/25 18:27:13.0149 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/07/25 18:27:13.0305 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/07/25 18:27:13.0461 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/07/25 18:27:13.0711 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/25 18:27:13.0882 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/25 18:27:14.0023 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/07/25 18:27:14.0210 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/07/25 18:27:14.0350 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/25 18:27:14.0475 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/07/25 18:27:14.0631 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/07/25 18:27:15.0037 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/25 18:27:15.0255 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS 2011/07/25 18:27:15.0552 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS 2011/07/25 18:27:15.0786 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/07/25 18:27:16.0035 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/25 18:27:16.0238 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/25 18:27:16.0394 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/25 18:27:16.0722 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/07/25 18:27:17.0018 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/25 18:27:17.0236 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/25 18:27:17.0548 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/07/25 18:27:17.0829 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/07/25 18:27:18.0079 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/07/25 18:27:18.0219 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/25 18:27:18.0484 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/07/25 18:27:18.0625 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/07/25 18:27:18.0781 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/07/25 18:27:18.0952 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/07/25 18:27:19.0155 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/07/25 18:27:19.0296 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/07/25 18:27:19.0951 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/25 18:27:20.0122 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/07/25 18:27:20.0263 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/07/25 18:27:20.0434 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/07/25 18:27:20.0575 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys 2011/07/25 18:27:20.0793 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys 2011/07/25 18:27:20.0980 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/07/25 18:27:21.0168 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys 2011/07/25 18:27:21.0292 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/07/25 18:27:21.0558 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/07/25 18:27:21.0838 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/25 18:27:21.0994 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/07/25 18:27:22.0150 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/25 18:27:22.0494 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/07/25 18:27:22.0665 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/07/25 18:27:22.0821 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/25 18:27:22.0993 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/25 18:27:23.0118 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/25 18:27:23.0258 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/25 18:27:23.0445 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/25 18:27:23.0632 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/25 18:27:23.0804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/25 18:27:23.0991 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/07/25 18:27:24.0085 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/25 18:27:24.0241 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/07/25 18:27:24.0459 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/25 18:27:24.0646 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/07/25 18:27:24.0818 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS 2011/07/25 18:27:24.0990 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/07/25 18:27:25.0161 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 2011/07/25 18:27:25.0426 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/25 18:27:25.0598 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/07/25 18:27:25.0754 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/07/25 18:27:26.0004 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/07/25 18:27:26.0331 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/07/25 18:27:26.0472 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/25 18:27:26.0596 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/25 18:27:26.0706 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/07/25 18:27:26.0908 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/07/25 18:27:27.0096 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/07/25 18:27:27.0267 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/07/25 18:27:27.0408 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/07/25 18:27:27.0673 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/07/25 18:27:27.0891 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/07/25 18:27:27.0891 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/07/25 18:27:27.0907 sptd - detected Locked file (1) 2011/07/25 18:27:28.0110 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS 2011/07/25 18:27:28.0297 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS 2011/07/25 18:27:28.0484 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/07/25 18:27:28.0656 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/25 18:27:28.0796 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/25 18:27:29.0607 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/25 18:27:29.0841 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/07/25 18:27:30.0138 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS 2011/07/25 18:27:30.0340 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS 2011/07/25 18:27:30.0496 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS 2011/07/25 18:27:30.0652 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS 2011/07/25 18:27:30.0824 SYMTDIv (a5fb04f87a9cc3ea6b839fefd6790419) C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS 2011/07/25 18:27:30.0996 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/07/25 18:27:31.0089 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/07/25 18:27:31.0308 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys 2011/07/25 18:27:31.0635 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/07/25 18:27:31.0838 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/25 18:27:31.0978 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/25 18:27:32.0103 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/07/25 18:27:32.0275 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/07/25 18:27:32.0462 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/25 18:27:32.0634 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/25 18:27:32.0883 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/25 18:27:33.0086 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/07/25 18:27:33.0195 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/25 18:27:33.0351 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/07/25 18:27:33.0492 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/25 18:27:33.0694 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/25 18:27:33.0835 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/07/25 18:27:33.0975 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/07/25 18:27:34.0116 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/07/25 18:27:34.0256 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/25 18:27:34.0521 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/25 18:27:34.0771 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/07/25 18:27:34.0958 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/25 18:27:35.0145 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/25 18:27:35.0286 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/07/25 18:27:35.0473 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/25 18:27:35.0613 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/25 18:27:35.0738 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/25 18:27:35.0972 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/25 18:27:36.0128 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/07/25 18:27:36.0502 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/25 18:27:36.0814 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/07/25 18:27:37.0002 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/07/25 18:27:37.0173 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/07/25 18:27:37.0329 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys 2011/07/25 18:27:37.0470 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/07/25 18:27:37.0594 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/07/25 18:27:37.0813 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/07/25 18:27:38.0016 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/07/25 18:27:38.0234 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/07/25 18:27:38.0406 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/25 18:27:38.0452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/25 18:27:38.0702 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/07/25 18:27:38.0858 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/25 18:27:39.0139 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/07/25 18:27:39.0357 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/07/25 18:27:39.0607 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/07/25 18:27:39.0763 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/25 18:27:39.0950 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/25 18:27:40.0106 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys 2011/07/25 18:27:40.0324 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys 2011/07/25 18:27:40.0418 ================================================================================ 2011/07/25 18:27:40.0418 Scan finished 2011/07/25 18:27:40.0418 ================================================================================ 2011/07/25 18:27:40.0449 Detected object count: 1 2011/07/25 18:28:59.0448 Locked file(sptd) - User select action: Skip [color="#2E8B57"] Tu mi jakiś syf jeden się pokazał, ale dałam że pomijam go.. zgaduję, ze pewnie miałam go usunąć ;p[/color] [u]A i złapałam tą chmurkę co MBAM blokuje - pozwól, że zacytuję: Podejrzana strona- 194.242.2.62 Typ- wychodzące Port: 49234 Działanie: svchost.exe[/u]
wirusolog komentarz 25 lipca 2011 komentarz 25 lipca 2011 To co wykrył TDSSKiller to fałszywy alarm. No i możesz teraz wykonywać dalsze punkty w poście nr. [b]#8[/b].
annmegmonn komentarz 26 lipca 2011 Autor komentarz 26 lipca 2011 wszystko zrobione, [url="http://www.sendspace.com/file/rd696l"]oto wyniki skanu MBAM'em:[/url] i robiłam także ten skan doktorkiem, ale zaraz po szybkim skanowaniu zrobił mi się restart kompa i chciałam powtórzyć i znowu się zrobił .. więc nie mogłam zrobić pełnego skanowania no chyba, że spróbuję jeszcze raz.. [url="http://www.sendspace.com/file/kofdx0"]Log z szybkiego skanowania[/url]
wirusolog komentarz 26 lipca 2011 komentarz 26 lipca 2011 Podczas szybkiego skanowania musisz zapauzować i wybrać Pełne skanowanie.
annmegmonn komentarz 26 lipca 2011 Autor komentarz 26 lipca 2011 ok, to spróbuję tak jak mówisz wyniki z tego pełnego skanowania wyślę Ci jednak dopiero ok. 10 sierpnia, bo właśnie wyjeżdzam, mam nadzieję, że będziesz w stanie sprawdzić to w tym terminie a za dotychczasową pomoc serdeczne dzięki
annmegmonn komentarz 22 sierpnia 2011 Autor komentarz 22 sierpnia 2011 (edytowane) oto raport z pełnego skanowania DoctorWeb'em : http://www.sendspace.com/file/bqim3i
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.