x-kom hosting

Samoczynne restartowanie systemu - "usługa Program uruchamiający proces serwera DCOM została nieoczekiwanie przerwana"

Igorrodz
utworzono
utworzono (edytowane)

Elo,

Grałem sobie dzisiaj spokojnie w [b]Sniper Elite V2[/b] aż tu nagle pojawia mi się następujący komunikat: "System Windows musi być uruchomiony ponownie, ponieważ usługa Program uruchamiający proces serwera DCOM została nieoczekiwanie przerwana" po czym (po około minucie) nastąpił restart peceta.

[url="http://obrazki.elektroda.net/64_1337025242.jpg"][img]http://obrazki.elektroda.net/64_1337025242_thumb.jpg[/img][/url]

Nadmienić muszę, że wczoraj grając w tą samą grę również pojawił mi się niespodziewany komunikat (jednak innej treści), mniej więcej taki: "System Windows musi być uruchomiony ponownie ponieważ usługa zasilanie została nieoczekiwanie przerwana" po czym nastąpił restart systemu.
Tu nie zdążyłem zrobić screena bo zanim się zorientowałem restart właśnie nastąpił.

Konfiguracja mojego peceta:
Phenom II x3 720 Black Edition @3.4Ghz + Scythe Ninja 2
Gigabyte GA-990XA-UD3
SpecTek Incorporated 2x 2GB DDR3 1333Mhz
Gigabyte GTX460 1GB SuperOverclocked
Corsair TX650W v.1
Lancool K62 Black

Oto Logi z OTL -
[b]OTL.txt[/b]
[log]OTL logfile created on: 2012-05-14 22:06:10 - Run 2
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Rodziewicz\Desktop\Foldery\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 40,58% Memory free
7,99 Gb Paging File | 5,17 Gb Available in Paging File | 64,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 89,38 Gb Free Space | 38,38% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 7,26 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 27,84 Gb Free Space | 47,51% Space Free | Partition Type: NTFS
Drive F: | 31,85 Gb Total Space | 17,00 Gb Free Space | 53,38% Space Free | Partition Type: NTFS
Drive G: | 341,79 Gb Total Space | 291,08 Gb Free Space | 85,16% Space Free | Partition Type: NTFS
Drive H: | 341,79 Gb Total Space | 70,35 Gb Free Space | 20,58% Space Free | Partition Type: NTFS
Drive I: | 247,92 Gb Total Space | 165,05 Gb Free Space | 66,58% Space Free | Partition Type: NTFS
Drive J: | 232,88 Gb Total Space | 226,21 Gb Free Space | 97,14% Space Free | Partition Type: NTFS
Drive K: | 1,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOMOWY | User Name: Rodziewicz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-05-03 10:55:14 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-05-03 10:55:14 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2012-04-23 22:45:16 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Rodziewicz\Desktop\Foldery\OTL\OTL.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-02-29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-02-07 17:19:44 | 003,865,504 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012-02-07 17:18:30 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012-02-07 17:18:28 | 001,185,704 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012-02-07 17:18:24 | 001,181,104 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012-01-18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-11-24 22:36:29 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011-11-06 23:04:38 | 000,531,456 | ---- | M] (Irfan Skiljan) -- C:\Program Files (x86)\IrfanView\i_view32.exe
PRC - [2011-10-31 21:32:54 | 000,540,872 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe
PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
PRC - [2010-04-07 15:00:04 | 005,758,976 | ---- | M] ([url="http://www.emule-project.net"]http://www.emule-project.net[/url]) -- C:\Program Files (x86)\eMule\emule.exe
PRC - [2009-08-20 14:34:04 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009-06-03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009-04-16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009-04-15 16:56:30 | 000,271,760 | R--- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-05-09 16:49:13 | 000,041,696 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\12051400\uiext.dll
MOD - [2012-05-04 22:58:48 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012-05-03 10:55:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MOD - [2012-05-03 10:55:14 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-05-03 10:55:14 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOD - [2012-05-03 10:55:14 | 000,838,584 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MOD - [2012-05-03 10:55:14 | 000,646,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MOD - [2012-05-03 10:55:14 | 000,371,640 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MOD - [2012-05-03 10:55:14 | 000,269,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MOD - [2012-05-03 10:55:14 | 000,187,320 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MOD - [2012-05-03 10:55:14 | 000,170,936 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MOD - [2012-05-03 10:55:14 | 000,158,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MOD - [2012-05-03 10:55:14 | 000,109,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MOD - [2012-05-03 10:55:14 | 000,105,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MOD - [2012-05-03 10:55:14 | 000,105,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MOD - [2012-05-03 10:55:14 | 000,043,960 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MOD - [2012-05-03 10:55:14 | 000,022,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MOD - [2012-05-03 10:55:14 | 000,020,920 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MOD - [2012-05-03 10:55:14 | 000,019,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MOD - [2012-05-03 10:55:14 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MOD - [2012-05-03 10:55:14 | 000,016,312 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MOD - [2012-05-03 10:55:13 | 015,743,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll
MOD - [2012-05-02 19:51:53 | 000,120,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MOD - [2012-04-23 22:45:16 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Rodziewicz\Desktop\Foldery\OTL\OTL.exe
MOD - [2012-04-21 21:36:03 | 000,321,320 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\crashhandler.dll
MOD - [2012-04-21 21:35:59 | 006,641,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steamclient.dll
MOD - [2012-04-21 21:35:59 | 000,444,200 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\vstdlib_s.dll
MOD - [2012-04-21 21:35:59 | 000,272,168 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\tier0_s.dll
MOD - [2012-04-21 21:35:59 | 000,122,864 | ---- | M] (Valve) -- C:\Program Files (x86)\Steam\CSERHelper.dll
MOD - [2012-04-21 21:35:52 | 000,669,480 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\vgui2_s.DLL
MOD - [2012-04-21 21:35:51 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-04-21 21:35:51 | 001,910,568 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamservice.dll
MOD - [2012-04-21 21:35:51 | 001,726,248 | ---- | M] (Valve Corporation) -- c:\program files (x86)\steam\bin\serverbrowser.dll
MOD - [2012-04-21 21:35:48 | 009,955,112 | ---- | M] (The ICU Project) -- C:\Program Files (x86)\Steam\bin\icudt.dll
MOD - [2012-04-21 21:35:46 | 002,316,072 | ---- | M] (Valve Corporation) -- c:\program files (x86)\steam\bin\friendsui.dll
MOD - [2012-04-21 21:35:46 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-04-21 21:35:46 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012-04-21 21:35:46 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-04-21 21:35:46 | 000,173,864 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\filesystem_steam.DLL
MOD - [2012-04-21 21:35:46 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012-04-21 21:35:45 | 003,970,856 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\SteamUI.dll
MOD - [2012-04-21 21:35:45 | 002,975,056 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.dll
MOD - [2012-04-21 21:35:45 | 001,039,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Steam\DbgHelp.dll
MOD - [2012-04-21 06:21:01 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
MOD - [2012-04-04 15:56:38 | 002,165,320 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MOD - [2012-04-04 15:56:38 | 000,476,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MOD - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MOD - [2012-03-07 01:15:28 | 000,228,632 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1045\uiLangRes.dll
MOD - [2012-03-07 01:15:28 | 000,095,232 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1045\Base.dll
MOD - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
MOD - [2012-03-07 01:15:15 | 004,675,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\CommonRes.dll
MOD - [2012-03-07 01:15:13 | 000,215,736 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2012-03-07 01:15:10 | 000,399,088 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MOD - [2012-03-07 01:15:10 | 000,214,736 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2012-03-07 01:15:10 | 000,027,264 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswUtil.dll
MOD - [2012-03-07 01:15:09 | 000,217,296 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswLog.dll
MOD - [2012-03-07 01:15:08 | 000,682,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAux.dll
MOD - [2012-03-07 01:15:07 | 000,337,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MOD - [2012-03-07 01:15:07 | 000,184,872 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswData.dll
MOD - [2012-03-07 01:15:07 | 000,164,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MOD - [2012-03-07 01:15:07 | 000,153,936 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTask.dll
MOD - [2012-03-07 01:15:07 | 000,098,864 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MOD - [2012-03-07 01:15:07 | 000,050,448 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MOD - [2012-03-07 01:15:06 | 000,406,816 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashBase.dll
MOD - [2012-03-07 01:15:06 | 000,061,760 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MOD - [2012-03-07 01:15:03 | 000,345,040 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MOD - [2012-03-07 01:15:03 | 000,096,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MOD - [2012-03-03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2012-03-01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2012-03-01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2012-03-01 02:02:00 | 015,009,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll
MOD - [2012-03-01 02:02:00 | 007,713,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvwgf2um.dll
MOD - [2012-03-01 02:02:00 | 002,301,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll
MOD - [2012-02-29 14:26:48 | 000,154,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
MOD - [2012-02-29 14:26:42 | 000,691,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
MOD - [2012-02-29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012-02-28 03:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2012-02-28 03:12:01 | 001,103,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2012-02-28 03:11:07 | 001,127,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2012-02-28 03:08:15 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
MOD - [2012-02-28 03:04:32 | 001,792,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2012-02-23 18:23:15 | 002,111,448 | ---- | M] (AVAST! Software) -- C:\Program Files\AVAST Software\Avast\aswAra.dll
MOD - [2012-02-07 17:19:44 | 003,865,504 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
MOD - [2012-02-07 17:17:54 | 002,421,160 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDResources.dll
MOD - [2012-02-07 17:17:30 | 003,637,248 | ---- | M] (Project JEDI) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl
MOD - [2012-01-18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MOD - [2012-01-02 01:32:55 | 003,781,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MOD - [2012-01-02 01:32:53 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2012-01-02 01:32:53 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2012-01-02 01:32:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2012-01-02 01:32:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MOD - [2011-12-16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2011-11-24 22:36:29 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
MOD - [2011-11-17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2011-11-17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
MOD - [2011-11-17 07:34:52 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2011-11-17 07:34:52 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2011-11-17 07:28:48 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2011-11-06 23:04:39 | 000,029,184 | ---- | M] (-) -- C:\Program Files (x86)\IrfanView\Plugins\ANSI2UNICODE.DLL
MOD - [2011-11-06 23:04:38 | 000,531,456 | ---- | M] (Irfan Skiljan) -- C:\Program Files (x86)\IrfanView\i_view32.exe
MOD - [2011-10-31 21:32:54 | 000,540,872 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe
MOD - [2011-10-31 21:32:54 | 000,070,344 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files (x86)\Ad Muncher v4.91\AM32-32700.dll
MOD - [2011-10-31 17:37:18 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
MOD - [2011-10-05 12:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011-08-27 06:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2011-08-27 06:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2011-07-16 06:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2011-07-16 06:24:22 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2011-07-04 19:46:24 | 004,514,400 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\ggsip.dll
MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-07-04 19:45:36 | 000,815,712 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\networkdao.dll
MOD - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
MOD - [2011-05-24 12:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2011-05-24 12:40:05 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll
MOD - [2011-05-24 12:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2011-04-20 11:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-04-13 17:48:41 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2011-04-13 17:46:19 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2011-04-13 17:46:19 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2011-03-09 17:49:27 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
MOD - [2011-03-09 17:49:16 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
MOD - [2011-02-17 11:00:46 | 000,327,680 | ---- | M] ([url="http://hunspell.sourceforge.net/"]http://hunspell.sourceforge.net/[/url]) -- C:\Program Files (x86)\Gadu-Gadu 10\libhunspell.dll
MOD - [2011-02-17 11:00:44 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Gadu-Gadu 10\dbghelp.dll
MOD - [2011-02-17 11:00:44 | 000,319,488 | ---- | M] (The cURL library, [url="http://curl.haxx.se/"]http://curl.haxx.se/[/url]) -- C:\Program Files (x86)\Gadu-Gadu 10\libcurl.dll
MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2011-02-17 10:59:32 | 001,163,264 | ---- | M] (The OpenSSL Project, [url="http://www.openssl.org/"]http://www.openssl.org/[/url]) -- C:\Program Files (x86)\Gadu-Gadu 10\LIBEAY32.dll
MOD - [2011-02-17 10:59:32 | 000,253,952 | ---- | M] (The OpenSSL Project, [url="http://www.openssl.org/"]http://www.openssl.org/[/url]) -- C:\Program Files (x86)\Gadu-Gadu 10\SSLEAY32.dll
MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\zlib1.dll
MOD - [2010-11-21 05:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2010-11-21 05:25:11 | 003,207,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mf.dll
MOD - [2010-11-21 05:25:11 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll
MOD - [2010-11-21 05:25:10 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmploc.DLL
MOD - [2010-11-21 05:25:10 | 011,410,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmp.dll
MOD - [2010-11-21 05:25:10 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll
MOD - [2010-11-21 05:25:10 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll
MOD - [2010-11-21 05:24:51 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2010-11-21 05:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2010-11-21 05:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2010-11-21 05:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2010-11-21 05:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2010-11-21 05:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2010-11-21 05:24:28 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll
MOD - [2010-11-21 05:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
MOD - [2010-11-21 05:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2010-11-21 05:24:23 | 001,828,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll
MOD - [2010-11-21 05:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2010-11-21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010-11-21 05:24:20 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2010-11-21 05:24:16 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2010-11-21 05:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2010-11-21 05:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2010-11-21 05:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2010-11-21 05:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2010-11-21 05:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2010-11-21 05:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2010-11-21 05:24:15 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2010-11-21 05:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2010-11-21 05:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2010-11-21 05:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2010-11-21 05:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2010-11-21 05:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2010-11-21 05:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
MOD - [2010-11-21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2010-11-21 05:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2010-11-21 05:24:08 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
MOD - [2010-11-21 05:24:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll
MOD - [2010-11-21 05:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll
MOD - [2010-11-21 05:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2010-11-21 05:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2010-11-21 05:24:08 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll
MOD - [2010-11-21 05:24:08 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2010-11-21 05:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2010-11-21 05:24:03 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wer.dll
MOD - [2010-11-21 05:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2010-11-21 05:24:03 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
MOD - [2010-11-21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2010-11-21 05:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2010-11-21 05:24:02 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll
MOD - [2010-11-21 05:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010-11-21 05:24:01 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2010-11-21 05:24:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2010-11-21 05:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2010-11-21 05:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2010-11-21 05:24:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv
MOD - [2010-11-21 05:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2010-11-21 05:23:59 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2010-11-21 05:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010-11-21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2010-11-21 05:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2010-11-21 05:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010-11-21 05:23:54 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2010-11-21 05:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2010-11-21 05:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2010-11-21 05:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2010-11-21 05:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2010-11-21 05:23:51 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\asycfilt.dll
MOD - [2010-11-21 05:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2010-11-21 05:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010-11-21 05:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2010-11-21 05:23:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
MOD - [2010-11-21 05:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2010-11-03 22:55:00 | 002,457,088 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\vcl150.bpl
MOD - [2010-11-03 22:55:00 | 002,150,400 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl
MOD - [2010-11-03 22:55:00 | 000,321,024 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\vclimg150.bpl
MOD - [2010-11-03 22:55:00 | 000,235,520 | ---- | M] (Embarcadero Technologies, Inc.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\vclx150.bpl
MOD - [2010-04-07 15:01:26 | 000,102,400 | ---- | M] ([url="http://www.emule-project.net"]http://www.emule-project.net[/url]) -- C:\Program Files (x86)\eMule\lang\pl_PL.dll
MOD - [2010-04-07 15:00:04 | 005,758,976 | ---- | M] ([url="http://www.emule-project.net"]http://www.emule-project.net[/url]) -- C:\Program Files (x86)\eMule\emule.exe
MOD - [2009-07-14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009-07-14 03:16:21 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009-07-14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009-07-14 03:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009-07-14 03:16:19 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
MOD - [2009-07-14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009-07-14 03:16:17 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009-07-14 03:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
MOD - [2009-07-14 03:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009-07-14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009-07-14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009-07-14 03:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll
MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009-07-14 03:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009-07-14 03:16:12 | 000,791,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\opengl32.dll
MOD - [2009-07-14 03:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009-07-14 03:16:12 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PhotoMetadataHandler.dll
MOD - [2009-07-14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009-07-14 03:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll
MOD - [2009-07-14 03:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2009-07-14 03:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009-07-14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009-07-14 03:16:12 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfos.dll
MOD - [2009-07-14 03:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009-07-14 03:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll
MOD - [2009-07-14 03:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll
MOD - [2009-07-14 03:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009-07-14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll
MOD - [2009-07-14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netbios.dll
MOD - [2009-07-14 03:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009-07-14 03:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009-07-14 03:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009-07-14 03:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2009-07-14 03:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll
MOD - [2009-07-14 03:15:39 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfplat.dll
MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009-07-14 03:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll
MOD - [2009-07-14 03:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll
MOD - [2009-07-14 03:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IconCodecService.dll
MOD - [2009-07-14 03:15:22 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\glu32.dll
MOD - [2009-07-14 03:15:21 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fundisc.dll
MOD - [2009-07-14 03:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll
MOD - [2009-07-14 03:15:20 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fdProxy.dll
MOD - [2009-07-14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\es.dll
MOD - [2009-07-14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009-07-14 03:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll
MOD - [2009-07-14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009-07-14 03:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2009-07-14 03:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll
MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009-07-14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009-07-14 03:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009-07-14 03:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009-07-14 03:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddraw.dll
MOD - [2009-07-14 03:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll
MOD - [2009-07-14 03:15:09 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dciman32.dll
MOD - [2009-07-14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009-07-14 03:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll
MOD - [2009-07-14 03:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
MOD - [2009-07-14 03:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
MOD - [2009-07-14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009-07-14 03:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll
MOD - [2009-07-14 03:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009-07-14 03:14:10 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\hhctrl.ocx
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv
MOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009-07-14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009-07-14 03:05:46 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icmp.dll
MOD - [2009-06-03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009-06-03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009-06-03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
MOD - [2009-04-16 00:52:20 | 000,075,048 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\CLRCEngine3.dll
MOD - [2009-04-16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
MOD - [2006-12-26 15:18:26 | 000,353,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\CyberLink\Power2Go\MSVCR71.dll
MOD - [2006-12-26 15:18:22 | 000,509,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\CyberLink\Power2Go\MSVCP71.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2011-12-26 15:33:26 | 000,289,792 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-05-04 22:58:49 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-03 10:55:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-04-21 21:35:51 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-02-29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-03-07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2012-03-07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2012-03-07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2012-03-07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2012-03-07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2012-03-07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012-02-07 15:09:00 | 000,030,592 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Program Files\HWiNFO64\HWiNFO64A.SYS -- (HWiNFO32)
DRV:[b]64bit:[/b] - [2012-01-17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011-05-11 18:23:10 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-05-11 18:23:10 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-03-07 11:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:[b]64bit:[/b] - [2011-03-07 11:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:[b]64bit:[/b] - [2011-01-13 13:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-11-09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-05-19 20:44:00 | 001,137,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV - [2011-11-28 10:42:58 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011-10-31 16:25:30 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002-01-12 17:30:34 | 000,003,567 | ---- | M] (Beyond Logic [url="http://www.beyondlogic.org"]http://www.beyondlogic.org[/url]) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PortTalk.sys -- (PortTalk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=SPLBR1&pc=SPLH"]http://www.bing.com/...=SPLBR1&pc=SPLH[/url]
IE - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000\..\SearchScopes\{BD9AB335-39C5-41c3-A47A-FAFB929F1057}: "URL" = [url="http://uk.search.yahoo.com/search?p=%7BsearchTerms%7D&fr=chr-devicevm&type=IEBDSV"]http://uk.search.yah...evm&type=IEBDSV[/url]
IE - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000\..\SearchScopes\{E2462FB2-6E9E-47ce-8A57-8693D8274191}: "URL" = [url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q=%7BsearchTerms%7D"]http://www.google.co...q={searchTerms}[/url]
IE - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher v4.91\FirefoxExtension_2.0 [2011-10-31 21:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-29 16:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-03 10:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher v4.91\FirefoxExtension_2.0 [2011-10-31 21:32:54 | 000,000,000 | ---D | M]

[2011-12-16 17:03:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rodziewicz\AppData\Roaming\mozilla\Extensions
[2012-05-07 21:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rodziewicz\AppData\Roaming\mozilla\Firefox\Profiles\fc7csxn5.default\extensions
[2012-04-16 19:39:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rodziewicz\AppData\Roaming\mozilla\Firefox\Profiles\fc7csxn5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-05-03 10:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-10-31 21:32:54 | 000,000,000 | ---D | M] (Ad Muncher Browser Extensions) -- C:\PROGRAM FILES (X86)\AD MUNCHER V4.91\FIREFOXEXTENSION_2.0
[2012-03-29 16:02:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\RODZIEWICZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FC7CSXN5.DEFAULT\EXTENSIONS\{4DC70064-89E2-4A55-8FC6-E8CDEAE3618C}.XPI
() (No name found) -- C:\USERS\RODZIEWICZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FC7CSXN5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RODZIEWICZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FC7CSXN5.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012-05-03 10:55:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-02-21 18:36:02 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-02-21 18:36:02 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-02-21 18:36:02 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-02-21 18:36:02 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-02-21 18:36:02 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-02-21 18:36:02 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Spybot - Search & Destroy = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.7.20106_0\
CHR - Extension: YouTube = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Szukaj w Google = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.16_0\
CHR - Extension: avast! WebRep = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-05-09 16:22:54 | 000,883,758 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15210 more lines...
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe (Murray Hurps Corp Pty Ltd)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe ([url="http://www.emule-project.net"]http://www.emule-project.net[/url])
O4 - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000..\Run: [Odkurzacz-MCD] C:\Program Files (x86)\Odkurzacz\odk_mcd.exe (Franmo Software)
O4 - HKU\S-1-5-21-1955565246-2597569832-3964930277-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: Block frame with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_frame"]http://www.admuncher...d=menu_ie_frame[/url] File not found
O8:[b]64bit:[/b] - Extra context menu item: Block image with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_image"]http://www.admuncher...d=menu_ie_image[/url] File not found
O8:[b]64bit:[/b] - Extra context menu item: Block link with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_link"]http://www.admuncher...id=menu_ie_link[/url] File not found
O8:[b]64bit:[/b] - Extra context menu item: Don't filter page with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_exclude"]http://www.admuncher...menu_ie_exclude[/url] File not found
O8:[b]64bit:[/b] - Extra context menu item: Report page to the Ad Muncher developers - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_report"]http://www.admuncher...=menu_ie_report[/url] File not found
O8 - Extra context menu item: Block frame with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_frame"]http://www.admuncher...d=menu_ie_frame[/url] File not found
O8 - Extra context menu item: Block image with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_image"]http://www.admuncher...d=menu_ie_image[/url] File not found
O8 - Extra context menu item: Block link with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_link"]http://www.admuncher...id=menu_ie_link[/url] File not found
O8 - Extra context menu item: Don't filter page with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_exclude"]http://www.admuncher...menu_ie_exclude[/url] File not found
O8 - Extra context menu item: Report page to the Ad Muncher developers - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_report"]http://www.admuncher...=menu_ie_report[/url] File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F3DDA35-2874-4E97-9ED5-544FBB86E730}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F3DDA35-2874-4E97-9ED5-544FBB86E730}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{270B206B-1CA6-456B-8427-008727D3246A}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-16 16:26:07 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk H:\
O32 - AutoRun File - [2012-03-27 13:30:14 | 000,000,143 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{25dd2a4c-03c1-11e1-8ba1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{25dd2a4c-03c1-11e1-8ba1-806e6f6e6963}\Shell\AutoRun\command - "" = K:\setup.exe -- [2012-03-27 12:16:34 | 000,971,335 | R--- | M] (1C Company. )
O33 - MountPoints2\{25dd2a4c-03c1-11e1-8ba1-806e6f6e6963}\Shell\install\command - "" = K:\setup.exe -- [2012-03-27 12:16:34 | 000,971,335 | R--- | M] (1C Company. )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-05-13 14:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2012-05-13 14:00:36 | 001,363,968 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranFD.exe
[2012-05-13 14:00:36 | 000,289,792 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragS.exe
[2012-05-13 14:00:36 | 000,284,672 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDC.exe
[2012-05-13 14:00:36 | 000,253,952 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefrag.dll
[2012-05-13 14:00:36 | 000,130,048 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2012-05-13 14:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2012-05-11 18:41:01 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Local\SniperV2
[2012-05-11 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[2012-05-11 17:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64
[2012-05-03 23:08:19 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Local\SniperV2 Demo
[2012-05-03 22:26:29 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012-05-03 10:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-05-03 10:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-04-24 18:58:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-04-21 12:57:50 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\Documents\Diablo III
[2012-04-21 12:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012-04-20 19:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012-04-20 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
[2012-04-20 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012-04-20 19:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012-04-19 22:31:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012-04-19 17:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012-04-19 17:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012-04-16 19:41:54 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\Desktop\Skróty
[2012-04-16 19:39:34 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\Desktop\Foldery
[2012-04-15 01:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012-04-15 01:02:29 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012-04-15 01:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012-04-08 13:36:04 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Roaming\ParetoLogic
[2012-04-08 13:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012-04-02 18:12:03 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Roaming\FreeStone Group
[2012-04-02 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Card Stability Test
[2012-04-02 18:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Card Stability Test
[2012-03-30 15:34:32 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Roaming\SpeedyPC Software
[2012-03-30 15:34:32 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Roaming\DriverCure
[2012-03-30 15:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012-03-30 15:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryNuke 2012

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-05-14 22:09:11 | 006,291,456 | -HS- | M] () -- C:\Users\Rodziewicz\NTUSER.DAT
[2012-05-14 21:57:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-14 21:49:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-14 21:44:51 | 000,045,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-14 21:44:51 | 000,045,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-14 21:36:44 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-14 21:36:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012-05-14 21:36:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-14 21:36:09 | 3219,152,896 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-14 21:34:52 | 000,000,139 | ---- | M] () -- C:\Users\Rodziewicz\AppData\Roaming\Network Monitor II_Traffic.ini
[2012-05-14 21:34:43 | 005,801,242 | -H-- | M] () -- C:\Users\Rodziewicz\AppData\Local\IconCache.db
[2012-05-14 21:34:33 | 000,306,533 | ---- | M] () -- C:\Users\Rodziewicz\Desktop\błąd_0001.jpg
[2012-05-14 00:19:09 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-05-14 00:19:09 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-05-14 00:19:09 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-05-14 00:19:09 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-05-14 00:19:09 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-05-14 00:13:18 | 002,697,942 | ---- | M] () -- C:\Users\Rodziewicz\Desktop\video-2012-05-14-00-12-48.mp4
[2012-05-13 23:51:06 | 000,007,609 | ---- | M] () -- C:\Users\Rodziewicz\AppData\Local\resmon.resmoncfg
[2012-05-13 11:53:02 | 000,292,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-05-11 17:14:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-05-11 16:46:01 | 000,000,221 | ---- | M] () -- C:\Users\Rodziewicz\Desktop\Sniper Elite V2.url
[2012-05-09 16:22:54 | 000,883,758 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012-05-09 16:07:19 | 000,883,758 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120509-162254.backup
[2012-04-25 00:30:51 | 000,883,758 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120509-160719.backup
[2012-04-25 00:30:22 | 000,883,758 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120425-003051.backup
[2012-04-24 18:58:20 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120425-003022.backup
[2012-04-20 19:06:54 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012-04-19 22:31:28 | 000,001,347 | ---- | M] () -- C:\Users\Rodziewicz\Desktop\Men of War. Condemned Heroes.lnk
[2012-04-08 13:42:01 | 000,001,362 | ---- | M] () -- C:\Users\Rodziewicz\Documents\cc_20120408_134157.reg
[2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-05-14 21:34:33 | 000,306,533 | ---- | C] () -- C:\Users\Rodziewicz\Desktop\błąd_0001.jpg
[2012-05-14 00:17:14 | 002,697,942 | ---- | C] () -- C:\Users\Rodziewicz\Desktop\video-2012-05-14-00-12-48.mp4
[2012-05-11 16:46:01 | 000,000,221 | ---- | C] () -- C:\Users\Rodziewicz\Desktop\Sniper Elite V2.url
[2012-04-20 19:06:34 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012-04-19 22:31:28 | 000,001,347 | ---- | C] () -- C:\Users\Rodziewicz\Desktop\Men of War. Condemned Heroes.lnk
[2012-04-15 01:02:35 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012-04-08 13:41:59 | 000,001,362 | ---- | C] () -- C:\Users\Rodziewicz\Documents\cc_20120408_134157.reg
[2012-03-30 10:37:45 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-03-11 20:02:26 | 000,000,191 | ---- | C] () -- C:\ProgramData\Spybot - Search & Destroyation.ination.ini
[2012-03-08 18:46:20 | 000,007,609 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Local\resmon.resmoncfg
[2012-03-05 09:25:54 | 000,000,620 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Roaming\Network Monitor II_Settings.ini
[2012-03-03 22:42:35 | 000,000,139 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Roaming\Network Monitor II_Traffic.ini
[2012-02-29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-01-21 22:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Local\{812F9B85-3B53-4CEA-9BD8-5A5D1424DB29}
[2011-11-29 21:59:07 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011-11-29 21:59:07 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011-11-29 21:59:07 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011-11-29 21:54:49 | 000,018,560 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011-11-17 09:17:00 | 000,000,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011-11-15 21:56:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011-11-12 00:57:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-11-12 00:57:40 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-11-12 00:57:40 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-11-12 00:57:40 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-10-31 18:48:08 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUser.dat{4e05d663-03cf-11e1-a769-50e549528c17}.TMContainer00000000000000000002.regtrans-ms
[2011-10-31 18:48:08 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUser.dat{4e05d663-03cf-11e1-a769-50e549528c17}.TMContainer00000000000000000001.regtrans-ms
[2011-10-31 18:48:08 | 000,065,536 | -HS- | C] () -- C:\ProgramData\NTUser.dat{4e05d663-03cf-11e1-a769-50e549528c17}.TM.blf
[2011-10-31 18:05:23 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-10-31 18:05:22 | 000,000,035 | ---- | C] () -- C:\Windows\vbaddin.ini
[2011-10-31 17:38:22 | 000,000,272 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011-10-31 17:28:04 | 000,062,312 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-10-31 17:09:18 | 000,397,312 | R--- | C] () -- C:\Windows\SysWow64\zshp1020.exe
[2011-10-31 17:09:18 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1020.dll
[2011-10-31 16:39:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-10-31 16:22:41 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011-10-31 16:12:43 | 005,801,242 | -H-- | C] () -- C:\Users\Rodziewicz\AppData\Local\IconCache.db
[2011-10-31 16:11:33 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUser.dat{b1d372d4-03c2-11e1-9fbb-e5eb622576c2}.TMContainer00000000000000000002.regtrans-ms
[2011-10-31 16:11:33 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUser.dat{b1d372d4-03c2-11e1-9fbb-e5eb622576c2}.TMContainer00000000000000000001.regtrans-ms
[2011-10-31 16:11:33 | 000,262,144 | ---- | C] () -- C:\ProgramData\NTUser.dat
[2011-10-31 16:11:33 | 000,065,536 | -HS- | C] () -- C:\ProgramData\NTUser.dat{b1d372d4-03c2-11e1-9fbb-e5eb622576c2}.TM.blf
[2011-10-31 16:09:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[color=#E56717]========== LOP Check ==========[/color]

[2011-11-20 14:44:47 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\BinarySense
[2012-03-11 17:13:23 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\DAEMON Tools Lite
[2012-03-30 15:34:32 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\DriverCure
[2012-03-15 14:06:17 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\Folding@home-x86
[2012-04-02 18:12:03 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\FreeStone Group
[2011-11-19 23:03:29 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\Gadu-Gadu
[2011-12-28 01:42:23 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\Gadu-Gadu 10
[2011-12-18 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\ImgBurn
[2011-11-06 23:04:39 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\IrfanView
[2011-11-19 23:09:16 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\Nowe Gadu-Gadu
[2011-10-31 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\Opera
[2011-11-10 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\Origin
[2012-04-08 13:36:04 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\ParetoLogic
[2012-03-30 15:34:32 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\SpeedyPC Software
[2011-11-06 23:51:45 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\Splashtop
[2012-02-26 17:25:41 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\The Creative Assembly
[2011-11-19 18:41:51 | 000,000,000 | ---D | M] -- C:\Users\Rodziewicz\AppData\Roaming\Wildfire
[2012-01-21 13:39:05 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2011-10-31 16:19:47 | 000,000,156 | ---- | M] () -- C:\csb.log
[2012-05-14 21:36:09 | 3219,152,896 | -HS- | M] () -- C:\hiberfil.sys
[2011-10-31 16:15:53 | 000,000,189 | ---- | M] () -- C:\Install.log
[2011-11-08 21:28:11 | 000,034,677 | ---- | M] () -- C:\M1319.log
[2012-05-14 21:36:09 | 4292,206,592 | -HS- | M] () -- C:\pagefile.sys
[2011-10-31 16:12:42 | 000,003,192 | ---- | M] () -- C:\RHDSetup.log
[2011-11-28 23:20:42 | 000,935,006 | ---- | M] () -- C:\service.log
[2012-01-19 22:29:59 | 000,133,958 | ---- | M] () -- C:\shared.log

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2010-11-21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010-11-21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010-11-21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2010-11-21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010-11-21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010-11-21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report > [/log]

[b]Extras.txt[/b]
[log]OTL Extras logfile created on: 2012-05-14 22:06:10 - Run 2
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Rodziewicz\Desktop\Foldery\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 40,58% Memory free
7,99 Gb Paging File | 5,17 Gb Available in Paging File | 64,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 89,38 Gb Free Space | 38,38% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 7,26 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 27,84 Gb Free Space | 47,51% Space Free | Partition Type: NTFS
Drive F: | 31,85 Gb Total Space | 17,00 Gb Free Space | 53,38% Space Free | Partition Type: NTFS
Drive G: | 341,79 Gb Total Space | 291,08 Gb Free Space | 85,16% Space Free | Partition Type: NTFS
Drive H: | 341,79 Gb Total Space | 70,35 Gb Free Space | 20,58% Space Free | Partition Type: NTFS
Drive I: | 247,92 Gb Total Space | 165,05 Gb Free Space | 66,58% Space Free | Partition Type: NTFS
Drive J: | 232,88 Gb Total Space | 226,21 Gb Free Space | 97,14% Space Free | Partition Type: NTFS
Drive K: | 1,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOMOWY | User Name: Rodziewicz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1955565246-2597569832-3964930277-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [[ Odkurz tutaj ]] -- C:\Program Files (x86)\Odkurzacz\odkurzacz.exe %1 (Franmo Software)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [[ Odkurz tutaj ]] -- C:\Program Files (x86)\Odkurzacz\odkurzacz.exe %1 (Franmo Software)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"Defraggler" = Defraggler
"HWiNFO64_is1" = HWiNFO64 Version 3.95
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}" = Men of War
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0427.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Oprogramowanie
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0DBC9A-422A-4888-A8E5-A32EC1779E68}_is1" = Sunrise Seven 1.2.61
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Polish
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C49F8E1C-0BAE-4836-A670-AE76BA32BE90}" = ChomikBox
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8BED654-3833-48DE-A802-7757CF920871}" = Men of War: Wietnam
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3F5B440-0ACB-4F72-842D-E8DEC4236FFC}_is1" = Men of War: Condemned Heroes (Remove Only)
"Ad Muncher" = Ad Muncher v4.92 Build 32700
"avast" = avast! Free Antivirus
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.3.0
"Diablo II" = Diablo II
"Diablo III Beta" = Diablo III Beta
"eMule" = eMule
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"Gadu-Gadu 10" = Gadu-Gadu 10
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"HP-LaserJet 1020 series" = LaserJet 1020 series
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0427.1
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"IrfanView" = IrfanView (remove only)
"Kalendarz XP" = Kalendarz XP v29.85
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.61.0.1400
"Mozilla Firefox 12.0 (x86 pl)" = Mozilla Firefox 12.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OCCT" = OCCT 4.1.1
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"Opera 11.64.1403" = Opera 11.64
"Origin" = Origin
"SpeedFan" = SpeedFan (remove only)
"Steam App 10500" = Empire: Total War
"Steam App 10540" = Football Manager 2009
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 550" = Left 4 Dead 2
"Steam App 55370" = Saints Row: The Third - Initiation Station
"Steam App 63380" = Sniper Elite V2
"UltraISO_is1" = UltraISO Premium V9.51
"Video Card Stability Test" = Video Card Stability Test

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1955565246-2597569832-3964930277-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-05-13 13:06:24 | Computer Name = Domowy | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2012-05-13 13:06:30 | Computer Name = Domowy | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2012-05-13 13:06:31 | Computer Name = Domowy | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2012-05-13 13:06:32 | Computer Name = Domowy | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2012-05-13 13:06:33 | Computer Name = Domowy | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2012-05-13 13:07:45 | Computer Name = Domowy | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2012-05-13 13:07:46 | Computer Name = Domowy | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2012-05-14 11:02:34 | Computer Name = Domowy | Source = WinMgmt | ID = 10
Description =

Error - 2012-05-14 15:34:05 | Computer Name = Domowy | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: svchost.exe_PlugPlay, wersja: 6.1.7600.16385,
sygnatura czasowa: 0x4a5bc3c1 Nazwa modułu powodującego błąd: RPCRT4.dll, wersja:
6.1.7601.17514, sygnatura czasowa: 0x4ce7c96e Kod wyjątku: 0xc0000005 Przesunięcie
błędu: 0x0000000000026687 Identyfikator procesu powodującego błąd: 0x304 Godzina
uruchomienia aplikacji powodującej błąd: 0x01cd31e271637f8b Ścieżka aplikacji powodującej
błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\RPCRT4.dll
Identyfikator
raportu: c3d544f3-9dfb-11e1-8aaa-50e549528c17

Error - 2012-05-14 15:37:18 | Computer Name = Domowy | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2012-05-14 15:38:11 | Computer Name = Domowy | Source = PNRPSvc | ID = 102
Description =

Error - 2012-05-14 15:38:11 | Computer Name = Domowy | Source = PNRPSvc | ID = 102
Description =

Error - 2012-05-14 15:38:11 | Computer Name = Domowy | Source = Service Control Manager | ID = 7023
Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie;
wystąpił następujący błąd: %%-2140993535

Error - 2012-05-14 15:38:11 | Computer Name = Domowy | Source = Service Control Manager | ID = 7001
Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania
nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535

Error - 2012-05-14 15:38:11 | Computer Name = Domowy | Source = Service Control Manager | ID = 7023
Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie;
wystąpił następujący błąd: %%-2140993535

Error - 2012-05-14 15:38:11 | Computer Name = Domowy | Source = Service Control Manager | ID = 7001
Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania
nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535

Error - 2012-05-14 15:38:11 | Computer Name = Domowy | Source = Service Control Manager | ID = 7023
Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie;
wystąpił następujący błąd: %%-2140993535

Error - 2012-05-14 15:38:11 | Computer Name = Domowy | Source = Service Control Manager | ID = 7001
Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania
nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535

Error - 2012-05-14 15:39:15 | Computer Name = Domowy | Source = Service Control Manager | ID = 7038
Description = Usługa nvUpdatusService nie może zalogować się jako .\UpdatusUser
za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: %%1330 Aby
upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w
programie Microsoft Management Console (MMC).

Error - 2012-05-14 15:39:15 | Computer Name = Domowy | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi NVIDIA Update Service Daemon z powodu następującego
błędu: %%1069


< End of report >[/log]

A oto logi z RIST -
[b]RIST.txt[/b]
[log]Logfile of random's system information tool 1.09 (written by random/random)
Run by Rodziewicz at 2012-05-14 22:08:56
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 92 GB (38%) free of 238 GB
Total RAM: 4093 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:09:07, on 2012-05-14
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Rodziewicz\Desktop\Foldery\OTL\OTL.exe
C:\Users\Rodziewicz\Desktop\DOWNLOAD\RSIT.exe
C:\Program Files (x86)\trend micro\Rodziewicz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe" /bt
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files (x86)\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Block frame with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_frame"]http://www.admuncher...d=menu_ie_frame[/url]
O8 - Extra context menu item: Block image with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_image"]http://www.admuncher...d=menu_ie_image[/url]
O8 - Extra context menu item: Block link with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_link"]http://www.admuncher...id=menu_ie_link[/url]
O8 - Extra context menu item: Don't filter page with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_exclude"]http://www.admuncher...menu_ie_exclude[/url]
O8 - Extra context menu item: Report page to the Ad Muncher developers - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_report"]http://www.admuncher...=menu_ie_report[/url]
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F3DDA35-2874-4E97-9ED5-544FBB86E730}: NameServer = 8.8.8.8,8.8.4.4
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11935 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Rodziewicz\AppData\Roaming\Mozilla\Firefox\Profiles\fc7csxn5.default

"{3ED591BC-7CC7-495B-A526-B2431356EDC1}"=C:\Program Files (x86)\Ad Muncher v4.91\FirefoxExtension_2.0
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/esnlaunch,version=1.104.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
allegro-pl.xml
fbc-pl.xml
google.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml

C:\Users\Rodziewicz\AppData\Roaming\Mozilla\Firefox\Profiles\fc7csxn5.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-19 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-19 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ad Muncher"=C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe [2011-10-31 540872]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2012-02-07 3865504]
"UpdatePSTShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-09-29 210216]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-16 91432]
"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2009-04-16 50472]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-11-24 1242448]
"Gadu-Gadu 10"=C:\Program Files (x86)\Gadu-Gadu 10\gg.exe [2011-07-04 13374048]
"Odkurzacz-MCD"=C:\Program Files (x86)\Odkurzacz\odk_mcd.exe [2011-02-20 370688]
"eMuleAutoStart"=C:\Program Files (x86)\eMule\emule.exe [2010-04-07 5758976]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
SDWinLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-14 22:08:57 ----D---- C:\Program Files (x86)\trend micro
2012-05-14 22:08:56 ----D---- C:\rsit
2012-05-09 16:19:51 ----A---- C:\Windows\SysWOW64\DWrite.dll
2012-05-09 16:19:48 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 16:19:47 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-03 10:55:20 ----D---- C:\ProgramData\Mozilla
2012-05-03 10:55:19 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-24 18:58:08 ----D---- C:\_OTL
2012-04-21 12:57:50 ----D---- C:\ProgramData\Blizzard Entertainment
2012-04-20 19:06:34 ----D---- C:\Program Files (x86)\Diablo III Beta
2012-04-20 19:06:34 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-04-20 19:04:53 ----D---- C:\ProgramData\Battle.net
2012-04-19 22:31:37 ----D---- C:\Windows\SysWOW64\directx
2012-04-19 17:50:53 ----D---- C:\Program Files (x86)\Common Files\Java
2012-04-19 17:50:13 ----A---- C:\Windows\SysWOW64\javaws.exe
2012-04-19 17:50:13 ----A---- C:\Windows\SysWOW64\javaw.exe
2012-04-19 17:50:13 ----A---- C:\Windows\SysWOW64\java.exe
2012-04-19 17:49:56 ----D---- C:\Program Files (x86)\Java
2012-04-15 01:02:22 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2

======List of files/folders modified in the last 1 month======

2012-05-14 22:08:57 ----RD---- C:\Program Files (x86)
2012-05-14 22:08:55 ----D---- C:\Windows\Temp
2012-05-14 21:36:48 ----D---- C:\Program Files (x86)\Steam
2012-05-14 21:36:13 ----D---- C:\ProgramData\NVIDIA
2012-05-14 21:34:52 ----A---- C:\Users\Rodziewicz\AppData\Roaming\Network Monitor II_Traffic.ini
2012-05-14 00:19:09 ----D---- C:\Windows\System32
2012-05-14 00:19:09 ----D---- C:\Windows\inf
2012-05-13 19:07:57 ----D---- C:\Windows\Microsoft.NET
2012-05-13 19:07:46 ----RSD---- C:\Windows\assembly
2012-05-13 15:43:24 ----SHD---- C:\System Volume Information
2012-05-13 14:00:36 ----RD---- C:\Program Files
2012-05-13 11:54:28 ----D---- C:\Windows\Prefetch
2012-05-13 11:54:17 ----D---- C:\Windows\winsxs
2012-05-13 11:53:04 ----D---- C:\Windows
2012-05-12 23:46:10 ----D---- C:\Windows\SysWOW64
2012-05-12 13:15:31 ----D---- C:\Program Files (x86)\Opera
2012-05-06 02:35:52 ----D---- C:\Program Files (x86)\Kalendarz XP
2012-05-04 22:58:48 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 22:58:39 ----A---- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-03 23:07:36 ----SHD---- C:\Windows\Installer
2012-05-03 17:17:49 ----D---- C:\Program Files (x86)\Common Files\Steam
2012-05-03 10:55:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-05-03 10:55:20 ----HD---- C:\ProgramData
2012-04-25 00:30:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-04-24 19:13:05 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-24 16:44:04 ----D---- C:\Fraps
2012-04-20 19:06:53 ----D---- C:\Program Files (x86)\Common Files
2012-04-19 22:36:54 ----D---- C:\Program Files (x86)\1C Company
2012-04-19 19:41:01 ----D---- C:\Windows\Tasks
2012-04-19 17:50:36 ----D---- C:\Program Files (x86)\Origin
2012-04-19 17:49:58 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2012-04-19 17:48:49 ----D---- C:\Program Files (x86)\Hewlett-Packard
2012-04-18 22:24:21 ----D---- C:\Windows\pss
2012-04-15 01:02:35 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 athr;TP-LINK Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys []
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys []
S3 ALSysIO;ALSysIO; \??\C:\Users\RODZIE~1\AppData\Local\Temp\ALSysIO64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2011-11-28 25640]
S3 GPU-Z;GPU-Z; \??\C:\Users\RODZIE~1\AppData\Local\Temp\GPU-Z.sys []
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2011-10-31 30528]
S3 netr28ux;Sterownik karty RT2870 USB Wireless LAN Card dla systemu Vista; C:\Windows\system32\DRIVERS\netr28ux.sys []
S3 PortTalk;PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-15 271760]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-04-21 489256]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 PuranDefrag;PuranDefrag; C:\Windows\system32\PuranDefragS.exe []

-----------------EOF-----------------[/log]

[b]INFO.txt[/b]
[log]info.txt logfile of random's system information tool 1.09 2012-05-14 22:09:09

======Uninstall list======

@BIOS-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\Setup.exe" -l0x9 -removeonly
-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
Ad Muncher v4.92 Build 32700-->"C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe" /P "InstallerAction=Uninstall" /P "InstallTarget=C:\Program Files (x86)\Ad Muncher v4.91"
Adobe Reader X (10.1.3) - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-AA1000000001}
AutoGreen B10.1021.1-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C75FAD21-EC08-42F3-92D6-C9C0AB355345}
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Battlefield 3™-->"C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging
Call of Duty: Modern Warfare 3 - Dedicated Server-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/42750
Call of Duty: Modern Warfare 3 - Multiplayer-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/42690
Call of Duty: Modern Warfare 3-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/42680
ChomikBox-->MsiExec.exe /I{C49F8E1C-0BAE-4836-A670-AE76BA32BE90}
CrystalDiskInfo 4.3.0-->"C:\Program Files (x86)\CrystalDiskInfo\unins000.exe"
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
Diablo III Beta-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo III Beta\Uninstall.exe
Easy Tune 6 B11.0427.1-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
Empire: Total War-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10500
eMule-->"C:\Program Files (x86)\eMule\Uninstall.exe"
ESN Sonar-->C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
Etron USB3.0 Host Controller-->"C:\Program Files (x86)\InstallShield Installation Information\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}\SETUP.EXE" -runfromtemp -l0x0409 -removeonly
Etron USB3.0 Host Controller-->MsiExec.exe /I{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}
Folding@home-x86-->MsiExec.exe /I{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}
Football Manager 2009-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10540
Fraps-->"C:\Fraps\uninstall.exe"
Gadu-Gadu 10-->C:\Program Files (x86)\Gadu-Gadu 10\Uninstall.exe
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HD Tune 2.55-->"C:\Program Files (x86)\HD Tune\unins000.exe"
ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
inSSIDer-->MsiExec.exe /I{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Kalendarz XP v29.85-->C:\Program Files (x86)\Kalendarz XP\uninstall.exe
K-Lite Codec Pack 7.9.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
LaserJet 1020 series-->C:\Program Files (x86)\Zenographics\{14342D0B-FBDE-4981-9508-8E49A1BFCC55}\SETUP.EXE -u "HPLJInstaller.dll=Hplj1020.inf"
Left 4 Dead 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/550
LG CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LG CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LG CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
LG CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
LG CyberLink PowerDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
LG CyberLink PowerDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
LG ODD Auto Oprogramowanie-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
LG Power Tools-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
LG Power Tools-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{CC8E94A2-55C7-4460-953C-2A790180578C}
Malwarebytes Anti-Malware wersja 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Men of War: Condemned Heroes (Remove Only)-->"C:\Program Files (x86)\1C Company\Men of War. Condemned Heroes\unins000.exe"
Men of War: Wietnam-->"C:\Program Files (x86)\InstallShield Installation Information\{E8BED654-3833-48DE-A802-7757CF920871}\setup.exe" -runfromtemp -l0x0415 -removeonly
Men of War-->"C:\Program Files (x86)\InstallShield Installation Information\{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}\setup.exe" -runfromtemp -l0x0015 -removeonly
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox 12.0 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OCCT 4.1.1-->C:\Program Files (x86)\OCCTPT\uninst.exe
Odkurzacz 12.6-->"C:\Program Files (x86)\Odkurzacz\unins000.exe"
Opera 11.64-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly
Saints Row: The Third - Initiation Station-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/55370
Sniper Elite V2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/63380
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 2-->"C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sunrise Seven 1.2.61-->"C:\Program Files (x86)\Sunrise Seven\unins000.exe"
The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0015 -removeonly
UltraISO Premium V9.51-->"C:\Program Files (x86)\UltraISO\unins000.exe"
Video Card Stability Test-->C:\Program Files (x86)\Video Card Stability Test\uninstall.exe

======Hosts File======

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======System event log======

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Usługa Distributed Link Tracking Client weszła w stan stopped.
Record Number: 5
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informacje
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Usługa Desktop Window Manager Session Manager weszła w stan stopped.
Record Number: 4
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informacje
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Usługa Power weszła w stan stopped.
Record Number: 3
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informacje
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Usługa Windows Event Log weszła w stan stopped.
Record Number: 2
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informacje
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Usługa Diagnostic Policy Service weszła w stan stopped.
Record Number: 1
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: 37L4247F27-25
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20111031130727.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247F27-25
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20111031130724.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247F27-25
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20111031130720.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247F27-25
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20111031130720.366511-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: 37L4247F27-25
Event Code: 1532
Message: Usługa profilów użytkowników została zatrzymana.


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101121035831.124372-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

=====Security event log=====

Computer Name: Domowy
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 25141
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120126185008.806491-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Domowy
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: DOMOWY$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 5

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x268
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 25140
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120126185008.806491-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Domowy
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0xb600c

Typ logowania: 3

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 25139
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120126184818.589187-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Domowy
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 3

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0xb600c
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x0
Nazwa procesu: -

Informacje o sieci:
Nazwa stacji roboczej: RODZIEWICZ
Adres źródłowy sieci: fe80::69b3:f161:d08a:181e
Port źródłowy: 52864

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: NtLmSsp
Pakiet uwierzytelniania: NTLM
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): NTLM V1
Długość klucza: 128

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 25138
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120126184805.096416-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Domowy
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 3

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0xb43ec
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x0
Nazwa procesu: -

Informacje o sieci:
Nazwa stacji roboczej: RODZIEWICZ
Adres źródłowy sieci: fe80::69b3:f161:d08a:181e
Port źródłowy: 52835

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: NtLmSsp
Pakiet uwierzytelniania: NTLM
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): NTLM V1
Długość klucza: 128

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 25137
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120126184804.461379-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=3
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3

-----------------EOF-----------------[/log]

radekx
komentarz
komentarz

A wykluczyłeś infekcję?

  • Dobra wypowiedź 1
Gość
komentarz
komentarz

Prosiłem żebyś odinstalowł Spaybota. Tak czy nie? :dance:

To teraz zobacz co Twój ukochany program robi z plikiem hosts i połaczeniem internetowy (blokada DNS). Wywaliło usługę bo Spaybocik nie chce żebyś grał. :idea:

Ale gadanie squonka, to tylko takie gadanie

[code]O1 HOSTS File: ([2012-05-09 16:22:54 | 000,883,758 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com[/code]

and


[code][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)[/code]


Start > uruchom > services.msc

sprawdź uslugę [b]Program uruchamiający proces serwera DCOM[/b]

powinno być stan Automatyczny/ Uruchomiono

i t o samo dla usługi [b]Zdalne wywoływanie procedur RPC[/b]

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz

[quote name='radekx' timestamp='1337027564' post='1500905'] A wykluczyłeś infekcję? [/quote]
Avast i Malwarebytes nic nie wykrywają.

[quote name='squonk' timestamp='1337027809' post='1500912'] Prosiłem żebyś odinstalowł Spaybota. [/quote]
Odinstalowane.

[quote name='squonk' timestamp='1337027809' post='1500912'] powinno być stan Automatyczny/ Uruchomiono [/quote]
Obie usługi tak właśnie są skonfigurowane.

Gość
komentarz
komentarz

Przywróc plik hosts do domyslnej postaci.

Uruchom OTL i w oknie Własne opcje skanowania skrypt wklej:

[code]:Commands
[resethosts]
[emptyflash]
[emptytemp][/code]

Kliknij w [b]Wykonaj skrypt.[/b]

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz

Done

[log]All processes killed
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Rodziewicz
->Flash cache emptied: 4611 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rodziewicz
->Temp folder emptied: 49603847 bytes
->Temporary Internet Files folder emptied: 466521 bytes
->Java cache emptied: 2012855 bytes
->FireFox cache emptied: 1141510740 bytes
->Google Chrome cache emptied: 13569331 bytes
->Opera cache emptied: 4650014 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18696 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 46425928 bytes

Total Files Cleaned = 1 200,00 mb


OTL by OldTimer - Version 3.2.41.0 log created on 05142012_233231

Files\Folders moved on Reboot...
C:\Users\Rodziewicz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot... [/log]

Gość
komentarz
komentarz

Zobacz ile plików tymczasowych było na dysku

[code]Total Files Cleaned = 1 200,00 mb[/code]

Zwolniłem Ci 1,2 GB wolnego miejsca. Wisisz mi browarek.


[quote]
Nadmienić muszę, że wczoraj grając w tą samą grę również pojawił mi się niespodziewany komunikat (jednak innej treści), mniej więcej taki: "System Windows musi być uruchomiony ponownie ponieważ usługa zasilanie została nieoczekiwanie przerwana" po czym nastąpił restart systemu.
Tu nie zdążyłem zrobić screena bo zanim się zorientowałem restart właśnie nastąpił.

[/quote]

Masz odznaczone Automatyczne uruchamianie w Zaawansowanych opcjach systemu?

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz

[quote name='squonk' timestamp='1337031463' post='1500957'] Wisisz mi browarek. [/quote]
Brackie Zamkowe bądź Mastne może być? :cfaniak:
[spoiler][img]http://1.bp.blogspot.com/-hyarn1JIsfg/TVWdiyadXQI/AAAAAAAAApI/3dpaqNNAQ9U/s1600/Brackie+Mastne.jpg[/img][/spoiler]

[quote name='squonk' timestamp='1337031463' post='1500957'] Masz odznaczone Automatyczne uruchamianie w Zaawansowanych opcjach systemu? [/quote]
Teraz już tak ;)

Gość
komentarz
komentarz

Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej:

[code]:Files
C:\Windows\SysNative\drivers\etc\hosts.20120509-162254.backup
C:\Windows\SysNative\drivers\etc\hosts.20120509-160719.backup
C:\Windows\SysNative\drivers\etc\hosts.20120425-003051.backup
C:\Windows\SysNative\drivers\etc\hosts.20120425-003022.backup

:OTL
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

:Commands
[reboot][/code]


Kliknij w [b]Wykonaj skrypt[/b].

2. Odinstaluj RSIT

3.Zrób nowy skan z OTL i przedstaw raport. Tylko nie wklejaj juz żadnych skryptów. OTL ma lecieć na ustawieniach domyślnych.

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz

Po wykonaniu skryptu podanego przez Ciebie na pulpicie pokazały mi się dotychczas ukryte ikony - desktop.ini (2 szt). Dziwne :E

Oto log z OTL (na ustawieniach domyślnych - kliknąłem w [b]Skanuj [/b]zaraz po uruchomieniu programu - program nie wygenerował logu EXTRAS) -
[log]OTL logfile created on: 2012-05-15 17:26:44 - Run 3
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Rodziewicz\Desktop\Foldery\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,81% Memory free
7,99 Gb Paging File | 5,55 Gb Available in Paging File | 69,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 90,04 Gb Free Space | 38,66% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 7,26 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 27,84 Gb Free Space | 47,51% Space Free | Partition Type: NTFS
Drive F: | 31,85 Gb Total Space | 17,00 Gb Free Space | 53,38% Space Free | Partition Type: NTFS
Drive G: | 341,79 Gb Total Space | 291,08 Gb Free Space | 85,16% Space Free | Partition Type: NTFS
Drive H: | 341,79 Gb Total Space | 70,35 Gb Free Space | 20,58% Space Free | Partition Type: NTFS
Drive I: | 247,92 Gb Total Space | 165,05 Gb Free Space | 66,58% Space Free | Partition Type: NTFS
Drive J: | 232,88 Gb Total Space | 226,21 Gb Free Space | 97,14% Space Free | Partition Type: NTFS
Drive K: | 1,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOMOWY | User Name: Rodziewicz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-05-03 10:55:14 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-04-23 22:45:16 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Rodziewicz\Desktop\Foldery\OTL\OTL.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-02-29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-11-24 22:36:29 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011-10-31 21:32:54 | 000,540,872 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe
PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
PRC - [2010-04-07 15:00:04 | 005,758,976 | ---- | M] ([url="http://www.emule-project.net"]http://www.emule-project.net[/url]) -- C:\Program Files (x86)\eMule\emule.exe
PRC - [2009-06-03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009-04-16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-05-04 22:58:48 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012-05-03 10:55:14 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-04-21 21:35:51 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-04-21 21:35:46 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-04-21 21:35:46 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012-04-21 21:35:46 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-04-21 21:35:46 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012-02-29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\zlib1.dll
MOD - [2009-06-03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009-06-03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2011-12-26 15:33:26 | 000,289,792 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-05-04 22:58:49 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-03 10:55:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-04-21 21:35:51 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-02-29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-03-07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2012-03-07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2012-03-07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2012-03-07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2012-03-07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2012-03-07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012-02-07 15:09:00 | 000,030,592 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Program Files\HWiNFO64\HWiNFO64A.SYS -- (HWiNFO32)
DRV:[b]64bit:[/b] - [2012-01-17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011-05-11 18:23:10 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-05-11 18:23:10 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-03-07 11:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:[b]64bit:[/b] - [2011-03-07 11:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:[b]64bit:[/b] - [2011-01-13 13:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-11-09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-05-19 20:44:00 | 001,137,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV - [2011-11-28 10:42:58 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011-10-31 16:25:30 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002-01-12 17:30:34 | 000,003,567 | ---- | M] (Beyond Logic [url="http://www.beyondlogic.org"]http://www.beyondlogic.org[/url]) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PortTalk.sys -- (PortTalk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=SPLBR1&pc=SPLH"]http://www.bing.com/...=SPLBR1&pc=SPLH[/url]
IE - HKCU\..\SearchScopes\{BD9AB335-39C5-41c3-A47A-FAFB929F1057}: "URL" = [url="http://uk.search.yahoo.com/search?p=%7BsearchTerms%7D&fr=chr-devicevm&type=IEBDSV"]http://uk.search.yah...evm&type=IEBDSV[/url]
IE - HKCU\..\SearchScopes\{E2462FB2-6E9E-47ce-8A57-8693D8274191}: "URL" = [url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q=%7BsearchTerms%7D"]http://www.google.co...q={searchTerms}[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher v4.91\FirefoxExtension_2.0 [2011-10-31 21:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-29 16:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-03 10:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher v4.91\FirefoxExtension_2.0 [2011-10-31 21:32:54 | 000,000,000 | ---D | M]

[2011-12-16 17:03:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rodziewicz\AppData\Roaming\mozilla\Extensions
[2012-05-07 21:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rodziewicz\AppData\Roaming\mozilla\Firefox\Profiles\fc7csxn5.default\extensions
[2012-04-16 19:39:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rodziewicz\AppData\Roaming\mozilla\Firefox\Profiles\fc7csxn5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-05-03 10:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-10-31 21:32:54 | 000,000,000 | ---D | M] (Ad Muncher Browser Extensions) -- C:\PROGRAM FILES (X86)\AD MUNCHER V4.91\FIREFOXEXTENSION_2.0
[2012-03-29 16:02:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\RODZIEWICZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FC7CSXN5.DEFAULT\EXTENSIONS\{4DC70064-89E2-4A55-8FC6-E8CDEAE3618C}.XPI
() (No name found) -- C:\USERS\RODZIEWICZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FC7CSXN5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RODZIEWICZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FC7CSXN5.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012-05-03 10:55:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-02-21 18:36:02 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-02-21 18:36:02 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-02-21 18:36:02 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-02-21 18:36:02 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-02-21 18:36:02 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-02-21 18:36:02 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: YouTube = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Szukaj w Google = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.16_0\
CHR - Extension: avast! WebRep = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Rodziewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-05-14 23:32:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher v4.91\AdMunch.exe (Murray Hurps Corp Pty Ltd)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe ([url="http://www.emule-project.net"]http://www.emule-project.net[/url])
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files (x86)\Odkurzacz\odk_mcd.exe (Franmo Software)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: Block frame with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_frame"]http://www.admuncher...d=menu_ie_frame[/url] File not found
O8:[b]64bit:[/b] - Extra context menu item: Block image with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_image"]http://www.admuncher...d=menu_ie_image[/url] File not found
O8:[b]64bit:[/b] - Extra context menu item: Block link with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_link"]http://www.admuncher...id=menu_ie_link[/url] File not found
O8:[b]64bit:[/b] - Extra context menu item: Don't filter page with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_exclude"]http://www.admuncher...menu_ie_exclude[/url] File not found
O8:[b]64bit:[/b] - Extra context menu item: Report page to the Ad Muncher developers - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_report"]http://www.admuncher...=menu_ie_report[/url] File not found
O8 - Extra context menu item: Block frame with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_frame"]http://www.admuncher...d=menu_ie_frame[/url] File not found
O8 - Extra context menu item: Block image with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_image"]http://www.admuncher...d=menu_ie_image[/url] File not found
O8 - Extra context menu item: Block link with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_link"]http://www.admuncher...id=menu_ie_link[/url] File not found
O8 - Extra context menu item: Don't filter page with Ad Muncher - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_exclude"]http://www.admuncher...menu_ie_exclude[/url] File not found
O8 - Extra context menu item: Report page to the Ad Muncher developers - [url="http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y8HD341&id=menu_ie_report"]http://www.admuncher...=menu_ie_report[/url] File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F3DDA35-2874-4E97-9ED5-544FBB86E730}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F3DDA35-2874-4E97-9ED5-544FBB86E730}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{270B206B-1CA6-456B-8427-008727D3246A}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-16 16:26:07 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk H:\
O32 - AutoRun File - [2012-03-27 13:30:14 | 000,000,143 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{25dd2a4c-03c1-11e1-8ba1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{25dd2a4c-03c1-11e1-8ba1-806e6f6e6963}\Shell\AutoRun\command - "" = K:\setup.exe -- [2012-03-27 12:16:34 | 000,971,335 | R--- | M] (1C Company. )
O33 - MountPoints2\{25dd2a4c-03c1-11e1-8ba1-806e6f6e6963}\Shell\install\command - "" = K:\setup.exe -- [2012-03-27 12:16:34 | 000,971,335 | R--- | M] (1C Company. )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-05-14 22:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012-05-14 22:08:56 | 000,000,000 | ---D | C] -- C:\rsit
[2012-05-13 14:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2012-05-13 14:00:36 | 001,363,968 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranFD.exe
[2012-05-13 14:00:36 | 000,289,792 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragS.exe
[2012-05-13 14:00:36 | 000,284,672 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDC.exe
[2012-05-13 14:00:36 | 000,253,952 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefrag.dll
[2012-05-13 14:00:36 | 000,130,048 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2012-05-13 14:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2012-05-11 18:41:01 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Local\SniperV2
[2012-05-11 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[2012-05-11 17:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64
[2012-05-09 16:19:51 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-05-09 16:19:49 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-05-09 16:19:48 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-05-09 16:19:47 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-05-03 23:08:19 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Local\SniperV2 Demo
[2012-05-03 22:26:29 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012-05-03 10:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-05-03 10:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-04-24 18:58:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-04-21 12:57:50 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\Documents\Diablo III
[2012-04-21 12:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012-04-20 19:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012-04-20 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
[2012-04-20 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012-04-20 19:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012-04-19 22:31:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012-04-19 17:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012-04-19 17:50:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012-04-19 17:50:13 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012-04-19 17:50:13 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012-04-19 17:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012-04-16 19:41:54 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\Desktop\Skróty
[2012-04-16 19:39:34 | 000,000,000 | ---D | C] -- C:\Users\Rodziewicz\Desktop\Foldery

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-05-15 17:23:58 | 000,045,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-15 17:23:58 | 000,045,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-15 17:16:38 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-15 17:16:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-15 17:16:09 | 3219,152,896 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-15 17:14:46 | 000,000,139 | ---- | M] () -- C:\Users\Rodziewicz\AppData\Roaming\Network Monitor II_Traffic.ini
[2012-05-15 16:57:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-15 16:49:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-14 23:32:35 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012-05-14 21:34:33 | 000,306,533 | ---- | M] () -- C:\Users\Rodziewicz\Desktop\błąd_0001.jpg
[2012-05-14 00:19:09 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-05-14 00:19:09 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-05-14 00:19:09 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-05-14 00:19:09 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-05-14 00:19:09 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-05-14 00:13:18 | 002,697,942 | ---- | M] () -- C:\Users\Rodziewicz\Desktop\video-2012-05-14-00-12-48.mp4
[2012-05-13 23:51:06 | 000,007,609 | ---- | M] () -- C:\Users\Rodziewicz\AppData\Local\resmon.resmoncfg
[2012-05-13 11:53:02 | 000,292,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-05-11 17:14:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-05-11 16:46:01 | 000,000,221 | ---- | M] () -- C:\Users\Rodziewicz\Desktop\Sniper Elite V2.url
[2012-05-04 22:58:48 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-05-04 22:58:48 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-05-04 22:58:39 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-04-20 19:06:54 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012-04-19 22:31:28 | 000,001,347 | ---- | M] () -- C:\Users\Rodziewicz\Desktop\Men of War. Condemned Heroes.lnk
[2012-04-19 17:49:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012-04-19 17:49:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012-04-19 17:49:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012-04-19 17:49:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-05-14 21:34:33 | 000,306,533 | ---- | C] () -- C:\Users\Rodziewicz\Desktop\błąd_0001.jpg
[2012-05-14 00:17:14 | 002,697,942 | ---- | C] () -- C:\Users\Rodziewicz\Desktop\video-2012-05-14-00-12-48.mp4
[2012-05-11 16:46:01 | 000,000,221 | ---- | C] () -- C:\Users\Rodziewicz\Desktop\Sniper Elite V2.url
[2012-04-20 19:06:34 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012-04-19 22:31:28 | 000,001,347 | ---- | C] () -- C:\Users\Rodziewicz\Desktop\Men of War. Condemned Heroes.lnk
[2012-03-11 20:02:26 | 000,000,191 | ---- | C] () -- C:\ProgramData\Spybot - Search & Destroyation.ination.ini
[2012-03-08 18:46:20 | 000,007,609 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Local\resmon.resmoncfg
[2012-03-05 09:25:54 | 000,000,620 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Roaming\Network Monitor II_Settings.ini
[2012-03-03 22:42:35 | 000,000,139 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Roaming\Network Monitor II_Traffic.ini
[2012-02-29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-01-21 22:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Rodziewicz\AppData\Local\{812F9B85-3B53-4CEA-9BD8-5A5D1424DB29}
[2011-11-29 21:59:07 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011-11-29 21:59:07 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011-11-29 21:59:07 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011-11-29 21:54:49 | 000,018,560 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011-11-17 09:17:00 | 000,000,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011-11-15 21:56:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011-11-12 00:57:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-11-12 00:57:40 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-11-12 00:57:40 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-11-12 00:57:40 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-10-31 18:05:23 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-10-31 17:38:22 | 000,000,272 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011-10-31 17:09:18 | 000,397,312 | R--- | C] () -- C:\Windows\SysWow64\zshp1020.exe
[2011-10-31 17:09:18 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1020.dll
[2011-10-31 16:39:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-10-31 16:22:41 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011-10-31 16:09:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

< End of report > [/log]

Gość
komentarz
komentarz

[quote]Po wykonaniu skryptu podanego przez Ciebie na pulpicie pokazały mi się dotychczas ukryte ikony - desktop.ini (2 szt). Dziwne :E[/quote]

OTL przestawia czasem opcje widoku. Pokazuje wtedy ukryte pliki systemowe. Przestaw sobie to recznie.

Uruchom OTL i kliknij [b]Sprzatanie[/b].

Z mojej strony to wszystko.

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz

Dobra, wykonałem. Mam teraz nadzieję, że wszystko będzie działało ok.

[quote name='Igorrodz' timestamp='1337025927' post='1500883'] Nadmienić muszę, że wczoraj grając w tą samą grę również pojawił mi się niespodziewany komunikat (jednak innej treści), mniej więcej taki: "System Windows musi być uruchomiony ponownie ponieważ usługa zasilanie została nieoczekiwanie przerwana" po czym nastąpił restart systemu. [/quote]
Niestety, znowu grając w [b]Sniper Elite V2[/b] wyskoczył mi ten błąd. Nie wiem, jaka może być potencjalna jego przyczyna ale tak dzieję się tylko w tej grze więc obstawiam, że to z nią jest jakiś problem, co nie? Niemniej jak macie jakieś pomysły dla mnie to piszcie. Dodam, że patcha żadnego Rebelion jeszcze nie wydało.

radekx
komentarz
komentarz

A może przeleć jednak jakims lepszym skanerem, np. tym [url="http://www.eset.pl/Pobierz/Dodatkowe_narzedzia/ESET_Online_Scanner"]http://www.eset.pl/Pobierz/Dodatkowe_narzedzia/ESET_Online_Scanner[/url]
Oraz Combofixem

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz

Wolę nie bo:
[quote]4. [b]Nie[/b] używaj programu ComboFix bez wyraźnego zalecenia.[/quote]
A takiego zlecenia od osób polecanych w tym dziale nie otrzymałem.

Co do ESET'a sprawdzę ale wątpię, że to coś da bo bo skanuję Avastem i Malwarebytes regularnie.

Gość
komentarz
komentarz

[quote]A takiego zlecenia od osób polecanych w tym dziale nie otrzymałem.[/quote]
Słusznie.

[quote]Masz odznaczone Automatyczne uruchamianie w Zaawansowanych opcjach systemu?

Teraz już tak ;)[/quote]

Skoro odznaczone, to jest folder zrzutu błedu i tu kłania się diagnostyka BSOD.

[quote]Co do ESET'a sprawdzę ale wątpię, że to coś da bo bo skanuję Avastem i Malwarebytes regularnie. [/quote]

Jeśli juz to ochrona Avasta może miec wpływ. Ale najpierw diagnostyka błedu.

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz (edytowane)

Tak, tylko nie pokazuje mi tego błędu jako BSOD, posiadam jedynie to, które nie jest chyba związane z ta grą:

[log]
Microsoft ® Windows Debugger Version 6.2.8229.0 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17803.amd64fre.win7sp1_gdr.120330-1504
Machine Name:
Kernel base = 0xfffff800`0305d000 PsLoadedModuleList = 0xfffff800`032a1670
Debug session time: Tue May 15 18:22:04.112 2012 (UTC + 2:00)
System Uptime: 0 days 0:07:29.751
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd4018). Type ".hh dbgerr001" for details
Loading unloaded module list
....
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\oca.ini, error 2
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\winxp\triage.ini, error 2
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\user.ini, error 2
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 101, {41, 0, fffff880009e9180, 1}

Page 9854f not present in the dump file. Type ".hh dbgerr004" for details
Page 9917e not present in the dump file. Type ".hh dbgerr004" for details
Page 99199 not present in the dump file. Type ".hh dbgerr004" for details
Page 99cb8 not present in the dump file. Type ".hh dbgerr004" for details
Page 9a3bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99dbe not present in the dump file. Type ".hh dbgerr004" for details
Page 991c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 98dcd not present in the dump file. Type ".hh dbgerr004" for details
Page 999e6 not present in the dump file. Type ".hh dbgerr004" for details
Page 997e7 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa06 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff09 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0b not present in the dump file. Type ".hh dbgerr004" for details
Page 6fd0c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0d not present in the dump file. Type ".hh dbgerr004" for details
Page 7000e not present in the dump file. Type ".hh dbgerr004" for details
Page 90825 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fe26 not present in the dump file. Type ".hh dbgerr004" for details
Page 90a28 not present in the dump file. Type ".hh dbgerr004" for details
Page 90e2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9062f not present in the dump file. Type ".hh dbgerr004" for details
Page 90a30 not present in the dump file. Type ".hh dbgerr004" for details
Page 91431 not present in the dump file. Type ".hh dbgerr004" for details
Page 91632 not present in the dump file. Type ".hh dbgerr004" for details
Page 91333 not present in the dump file. Type ".hh dbgerr004" for details
Page 91d3e not present in the dump file. Type ".hh dbgerr004" for details
Page 9243f not present in the dump file. Type ".hh dbgerr004" for details
Page 97e42 not present in the dump file. Type ".hh dbgerr004" for details
Page 97d43 not present in the dump file. Type ".hh dbgerr004" for details
Page 98044 not present in the dump file. Type ".hh dbgerr004" for details
Page 98548 not present in the dump file. Type ".hh dbgerr004" for details
Page 98549 not present in the dump file. Type ".hh dbgerr004" for details
Page 9894c not present in the dump file. Type ".hh dbgerr004" for details
Page 9884d not present in the dump file. Type ".hh dbgerr004" for details
Page 98a4e not present in the dump file. Type ".hh dbgerr004" for details
Page 98757 not present in the dump file. Type ".hh dbgerr004" for details
Page 98b66 not present in the dump file. Type ".hh dbgerr004" for details
Page 9916d not present in the dump file. Type ".hh dbgerr004" for details
Page 9926e not present in the dump file. Type ".hh dbgerr004" for details
Page 9958e not present in the dump file. Type ".hh dbgerr004" for details
Page 98f8f not present in the dump file. Type ".hh dbgerr004" for details
Page 98b95 not present in the dump file. Type ".hh dbgerr004" for details
Page 99398 not present in the dump file. Type ".hh dbgerr004" for details
Page 99099 not present in the dump file. Type ".hh dbgerr004" for details
Page 9989b not present in the dump file. Type ".hh dbgerr004" for details
Page 994ac not present in the dump file. Type ".hh dbgerr004" for details
Page 99fba not present in the dump file. Type ".hh dbgerr004" for details
Page 9a1bc not present in the dump file. Type ".hh dbgerr004" for details
Page 9a2bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99cbe not present in the dump file. Type ".hh dbgerr004" for details
Page 996bf not present in the dump file. Type ".hh dbgerr004" for details
Page 995c0 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c1 not present in the dump file. Type ".hh dbgerr004" for details
Page 992c2 not present in the dump file. Type ".hh dbgerr004" for details
Page 993c3 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c4 not present in the dump file. Type ".hh dbgerr004" for details
Page 990c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c7 not present in the dump file. Type ".hh dbgerr004" for details
Page 991cb not present in the dump file. Type ".hh dbgerr004" for details
Page 99cd9 not present in the dump file. Type ".hh dbgerr004" for details
Page 99bda not present in the dump file. Type ".hh dbgerr004" for details
Page 99bdb not present in the dump file. Type ".hh dbgerr004" for details
Page 999dc not present in the dump file. Type ".hh dbgerr004" for details
Page 999dd not present in the dump file. Type ".hh dbgerr004" for details
Page 99bde not present in the dump file. Type ".hh dbgerr004" for details
Page 997df not present in the dump file. Type ".hh dbgerr004" for details
Page 99ced not present in the dump file. Type ".hh dbgerr004" for details
Page 997ef not present in the dump file. Type ".hh dbgerr004" for details
Page 994f0 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f1 not present in the dump file. Type ".hh dbgerr004" for details
Page 99ef4 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f5 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f6 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f7 not present in the dump file. Type ".hh dbgerr004" for details
Page 992f8 not present in the dump file. Type ".hh dbgerr004" for details
Page 996f9 not present in the dump file. Type ".hh dbgerr004" for details
Page 996fa not present in the dump file. Type ".hh dbgerr004" for details
Page 995fb not present in the dump file. Type ".hh dbgerr004" for details
Page 6f401 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc02 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f703 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb04 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f705 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f906 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f407 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc12 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc13 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb1c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa1d not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff1f not present in the dump file. Type ".hh dbgerr004" for details
Page 6fe20 not present in the dump file. Type ".hh dbgerr004" for details
Page 8f721 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fb22 not present in the dump file. Type ".hh dbgerr004" for details
Page 90324 not present in the dump file. Type ".hh dbgerr004" for details
Page 90b2c not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2d not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9052f not present in the dump file. Type ".hh dbgerr004" for details
Page 91233 not present in the dump file. Type ".hh dbgerr004" for details
Page 9243b not present in the dump file. Type ".hh dbgerr004" for details
Page 9213c not present in the dump file. Type ".hh dbgerr004" for details
Page 9223d not present in the dump file. Type ".hh dbgerr004" for details
Page 91c3e not present in the dump file. Type ".hh dbgerr004" for details
Page 92440 not present in the dump file. Type ".hh dbgerr004" for details
Page 9874d not present in the dump file. Type ".hh dbgerr004" for details
Page 9894e not present in the dump file. Type ".hh dbgerr004" for details
Page 9854f not present in the dump file. Type ".hh dbgerr004" for details
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
Probably caused by : memory_corruption

Followup: memory_corruption
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000041, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: fffff880009e9180, The PRCB address of the hung processor.
Arg4: 0000000000000001, 0.

Debugging Details:
------------------

Page 9917e not present in the dump file. Type ".hh dbgerr004" for details
Page 99199 not present in the dump file. Type ".hh dbgerr004" for details
Page 99cb8 not present in the dump file. Type ".hh dbgerr004" for details
Page 9a3bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99dbe not present in the dump file. Type ".hh dbgerr004" for details
Page 991c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 98dcd not present in the dump file. Type ".hh dbgerr004" for details
Page 999e6 not present in the dump file. Type ".hh dbgerr004" for details
Page 997e7 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa06 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff09 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0b not present in the dump file. Type ".hh dbgerr004" for details
Page 6fd0c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0d not present in the dump file. Type ".hh dbgerr004" for details
Page 7000e not present in the dump file. Type ".hh dbgerr004" for details
Page 90825 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fe26 not present in the dump file. Type ".hh dbgerr004" for details
Page 90a28 not present in the dump file. Type ".hh dbgerr004" for details
Page 90e2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9062f not present in the dump file. Type ".hh dbgerr004" for details
Page 90a30 not present in the dump file. Type ".hh dbgerr004" for details
Page 91431 not present in the dump file. Type ".hh dbgerr004" for details
Page 91632 not present in the dump file. Type ".hh dbgerr004" for details
Page 91333 not present in the dump file. Type ".hh dbgerr004" for details
Page 91d3e not present in the dump file. Type ".hh dbgerr004" for details
Page 9243f not present in the dump file. Type ".hh dbgerr004" for details
Page 97e42 not present in the dump file. Type ".hh dbgerr004" for details
Page 97d43 not present in the dump file. Type ".hh dbgerr004" for details
Page 98044 not present in the dump file. Type ".hh dbgerr004" for details
Page 98548 not present in the dump file. Type ".hh dbgerr004" for details
Page 98549 not present in the dump file. Type ".hh dbgerr004" for details
Page 9894c not present in the dump file. Type ".hh dbgerr004" for details
Page 9884d not present in the dump file. Type ".hh dbgerr004" for details
Page 98a4e not present in the dump file. Type ".hh dbgerr004" for details
Page 98757 not present in the dump file. Type ".hh dbgerr004" for details
Page 98b66 not present in the dump file. Type ".hh dbgerr004" for details
Page 9916d not present in the dump file. Type ".hh dbgerr004" for details
Page 9926e not present in the dump file. Type ".hh dbgerr004" for details
Page 9958e not present in the dump file. Type ".hh dbgerr004" for details
Page 98f8f not present in the dump file. Type ".hh dbgerr004" for details
Page 98b95 not present in the dump file. Type ".hh dbgerr004" for details
Page 99398 not present in the dump file. Type ".hh dbgerr004" for details
Page 99099 not present in the dump file. Type ".hh dbgerr004" for details
Page 9989b not present in the dump file. Type ".hh dbgerr004" for details
Page 994ac not present in the dump file. Type ".hh dbgerr004" for details
Page 99fba not present in the dump file. Type ".hh dbgerr004" for details
Page 9a1bc not present in the dump file. Type ".hh dbgerr004" for details
Page 9a2bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99cbe not present in the dump file. Type ".hh dbgerr004" for details
Page 996bf not present in the dump file. Type ".hh dbgerr004" for details
Page 995c0 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c1 not present in the dump file. Type ".hh dbgerr004" for details
Page 992c2 not present in the dump file. Type ".hh dbgerr004" for details
Page 993c3 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c4 not present in the dump file. Type ".hh dbgerr004" for details
Page 990c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c7 not present in the dump file. Type ".hh dbgerr004" for details
Page 991cb not present in the dump file. Type ".hh dbgerr004" for details
Page 99cd9 not present in the dump file. Type ".hh dbgerr004" for details
Page 99bda not present in the dump file. Type ".hh dbgerr004" for details
Page 99bdb not present in the dump file. Type ".hh dbgerr004" for details
Page 999dc not present in the dump file. Type ".hh dbgerr004" for details
Page 999dd not present in the dump file. Type ".hh dbgerr004" for details
Page 99bde not present in the dump file. Type ".hh dbgerr004" for details
Page 997df not present in the dump file. Type ".hh dbgerr004" for details
Page 99ced not present in the dump file. Type ".hh dbgerr004" for details
Page 997ef not present in the dump file. Type ".hh dbgerr004" for details
Page 994f0 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f1 not present in the dump file. Type ".hh dbgerr004" for details
Page 99ef4 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f5 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f6 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f7 not present in the dump file. Type ".hh dbgerr004" for details
Page 992f8 not present in the dump file. Type ".hh dbgerr004" for details
Page 996f9 not present in the dump file. Type ".hh dbgerr004" for details
Page 996fa not present in the dump file. Type ".hh dbgerr004" for details
Page 995fb not present in the dump file. Type ".hh dbgerr004" for details
Page 6f401 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc02 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f703 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb04 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f705 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f906 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f407 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc12 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc13 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb1c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa1d not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff1f not present in the dump file. Type ".hh dbgerr004" for details
Page 6fe20 not present in the dump file. Type ".hh dbgerr004" for details
Page 8f721 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fb22 not present in the dump file. Type ".hh dbgerr004" for details
Page 90324 not present in the dump file. Type ".hh dbgerr004" for details
Page 90b2c not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2d not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9052f not present in the dump file. Type ".hh dbgerr004" for details
Page 91233 not present in the dump file. Type ".hh dbgerr004" for details
Page 9243b not present in the dump file. Type ".hh dbgerr004" for details
Page 9213c not present in the dump file. Type ".hh dbgerr004" for details
Page 9223d not present in the dump file. Type ".hh dbgerr004" for details
Page 91c3e not present in the dump file. Type ".hh dbgerr004" for details
Page 92440 not present in the dump file. Type ".hh dbgerr004" for details
Page 9874d not present in the dump file. Type ".hh dbgerr004" for details
Page 9894e not present in the dump file. Type ".hh dbgerr004" for details
Page 9854f not present in the dump file. Type ".hh dbgerr004" for details
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

BUGCHECK_STR: CLOCK_WATCHDOG_TIMEOUT_3_PROC

DEFAULT_BUCKET_ID: CODE_CORRUPTION

PROCESS_NAME: explorer.exe

CURRENT_IRQL: d

STACK_TEXT:
fffff880`07be1e88 fffff800`03132f3a : 00000000`00000101 00000000`00000041 00000000`00000000 fffff880`009e9180 : nt!KeBugCheckEx
fffff880`07be1e90 fffff800`030e5ce7 : 00000000`00000000 fffff800`00000001 00000000`00002710 fffff800`030df08a : nt! ?? ::FNODOBFM::`string'+0x4e2e
fffff880`07be1f20 fffff800`0301e895 : fffff800`03044460 fffff880`07be20d0 fffff800`03044460 00000000`00000000 : nt!KeUpdateSystemTime+0x377
fffff880`07be2020 fffff800`030d8713 : 00000000`c4421ff5 fffff800`0324ee80 fffff800`0324ee80 00000000`00000000 : hal!HalpHpetClockInterrupt+0x8d
fffff880`07be2050 fffff800`030e0ff0 : fffff800`0324ee80 fffff900`00000001 00000000`00000000 fffff880`07be22e8 : nt!KiInterruptDispatchNoLock+0x163
fffff880`07be21e0 fffff800`030fb951 : 00000000`00000000 00000000`00000002 00000000`00000001 00000000`00000111 : nt!KeFlushMultipleRangeTb+0x260
fffff880`07be22b0 fffff800`030fe398 : 00000000`00000002 fffff880`07be2400 fffff900`c01cc000 00000000`00000080 : nt!MiFlushTbAsNeeded+0x1d1
fffff880`07be23c0 fffff800`03204f86 : 00000000`00001b40 fffff880`038a1cc0 00000000`00000021 fffff800`00000028 : nt!MiAllocatePagedPoolPages+0x4cc
fffff880`07be24e0 fffff800`030fc0b0 : 00000000`00001b40 fffff880`038a1cc0 00000000`00000021 fffff800`030e52d2 : nt!MiAllocatePoolPages+0x906
fffff880`07be2620 fffff800`0320790e : 00000000`00000000 00000000`00000000 fffff900`00000020 00000000`00001b40 : nt!ExpAllocateBigPool+0xb0
fffff880`07be2710 fffff960`000b3e55 : 00000000`00001165 00000000`00000000 00000000`00000000 fffff960`000c561d : nt!ExAllocatePoolWithTag+0x82e
fffff880`07be2800 fffff960`000b5378 : 00000000`00000001 fffff880`07be2998 00000000`00000001 fffff960`000c584e : win32k!AllocateObject+0xdd
fffff880`07be2840 fffff960`0008afa3 : fffff880`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x1f8
fffff880`07be2930 fffff960`000a1f24 : 00000000`01010051 fffff900`c225a530 00000000`00000000 00000000`0000002c : win32k!GreCreateDIBitmapReal+0x533
fffff880`07be2a60 fffff960`000a3f22 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!InternalGetIconInfo+0x174
fffff880`07be2b50 fffff800`030db453 : fffffa80`06e7e600 00000000`035be498 fffff880`07be2c18 00000000`00000028 : win32k!NtUserGetIconInfo+0x182
fffff880`07be2c00 00000000`7727192a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`035be478 fffff800`030d3810 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7727192a
fffff880`07be2e50 fffff880`07be2e78 : 00000000`00000000 fffff900`c060e010 00000000`00000000 00000000`00000202 : nt!KiCallUserMode
fffff880`07be2e58 00000000`00000000 : fffff900`c060e010 00000000`00000000 00000000`00000202 fffff880`07be3860 : 0xfffff880`07be2e78


STACK_COMMAND: kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32k
fffff96000037e94-fffff96000037e9b 8 bytes - win32k!GreSelectBrush+5c
[ 90 90 90 90 90 90 90 90:4c cf 6c 03 80 f8 ff ff ]
fffff9600003b684-fffff9600003b689 6 bytes - win32k!NtUserSwitchDesktop (+0x37f0)
[ 48 89 5c 24 08 57:ff 25 ce 62 0a 00 ]
fffff960000700bc-fffff960000700c3 8 bytes - win32k!CreateDesktopHeap+104 (+0x34a38)
[ 90 90 90 90 90 90 90 90:d8 d3 6c 03 80 f8 ff ff ]
fffff96000075aac-fffff96000075ab1 6 bytes - win32k!NtGdiOpenDCW (+0x59f0)
[ 48 8b c4 48 89 58:ff 25 56 68 06 00 ]
fffff9600007eeb8-fffff9600007eebf 8 bytes - win32k!NtGdiGetSystemPaletteUse (+0x940c)
[ 90 90 90 90 90 90 90 90:e0 d7 6c 03 80 f8 ff ff ]
fffff9600007f014-fffff9600007f017 4 bytes - win32k!NtUserSetWindowsHookEx (+0x15c)
[ 48 89 5c 24:ff 25 66 ce ]
fffff9600007f019 - win32k!NtUserSetWindowsHookEx+5 (+0x05)
[ 48:00 ]
fffff9600007f90c-fffff9600007f913 8 bytes - win32k!DestroyCacheDC+1d4 (+0x8f3)
[ 90 90 90 90 90 90 90 90:d4 d4 6c 03 80 f8 ff ff ]
fffff9600007ff78-fffff9600007ff7f 8 bytes - win32k!NtGdiPolyPolyDraw (+0x66c)
[ 90 90 90 90 90 90 90 90:04 d7 6c 03 80 f8 ff ff ]
fffff960000875c8-fffff960000875cd 6 bytes - win32k!NtGdiDeleteObjectApp (+0x7650)
[ 48 89 5c 24 08 57:ff 25 8e 55 10 00 ]
fffff96000089de8-fffff96000089def 8 bytes - win32k!bCaptureBitmapInfo+b8 (+0x2820)
[ 90 90 90 90 90 90 90 90:40 d5 6c 03 80 f8 ff ff ]
fffff960000950d8-fffff960000950df 8 bytes - win32k!NtUserThunkedMenuInfo+4 (+0xb2f0)
[ 90 90 90 90 90 90 90 90:38 f5 6c 03 80 f8 ff ff ]
fffff9600009d738-fffff9600009d73f 8 bytes - win32k!NtUserTrackMouseEvent (+0x8660)
[ 90 90 90 90 90 90 90 90:78 ed 6c 03 80 f8 ff ff ]
fffff960000a3f74-fffff960000a3f7b 8 bytes - win32k!NtUserGetIconInfo+1d4 (+0x683c)
[ 90 90 90 90 90 90 90 90:a4 dd 6c 03 80 f8 ff ff ]
fffff960000b28b8-fffff960000b28bf 8 bytes - win32k!UserGetAtomName+58 (+0xe944)
[ 90 90 90 90 90 90 90 90:30 d3 6c 03 80 f8 ff ff ]
fffff960000b74f4-fffff960000b74fb 8 bytes - win32k!PtiFromThreadId+dc (+0x4c3c)
[ 90 90 90 90 90 90 90 90:c8 dd 6c 03 80 f8 ff ff ]
fffff960000b7f30-fffff960000b7f35 6 bytes - win32k!NtGdiCreateCompatibleDC (+0xa3c)
[ e9 ff fa ff ff 90:ff 25 02 58 fe ff ]
fffff960000bacc8-fffff960000baccd 6 bytes - win32k!NtUserSystemParametersInfo (+0x2d98)
[ 44 89 4c 24 20 4c:ff 25 4a 21 14 00 ]
fffff960000d1a54-fffff960000d1a5b 8 bytes - win32k!ClearSendMessages+180 (+0x16d8c)
[ 90 90 90 90 90 90 90 90:28 d6 6c 03 80 f8 ff ff ]
Page 9917e not present in the dump file. Type ".hh dbgerr004" for details
fffff960000d1a5d-fffff960000d1a61 5 bytes - win32k!NtUserDestroyWindow+1 (+0x09)
[ f3 48 83 ec 20:25 5a e6 f9 ff ]
fffff960000d7480-fffff960000d7485 6 bytes - win32k!NtUserOpenDesktop (+0x5a23)
[ 48 89 5c 24 08 48:ff 25 26 d3 12 00 ]
fffff960000d79d8-fffff960000d79df 8 bytes - win32k!NtUserDragObject+154 (+0x558)
[ 90 90 90 90 90 90 90 90:ac f6 6c 03 80 f8 ff ff ]
fffff960000d9578-fffff960000d957d 6 bytes - win32k!NtUserSetWinEventHook (+0x1ba0)
[ 48 89 5c 24 08 48:ff 25 16 e9 f5 ff ]
fffff960000d98ec-fffff960000d98f3 8 bytes - win32k!NtUserGetGUIThreadInfo+d8 (+0x374)
[ 90 90 90 90 90 90 90 90:80 db 6c 03 80 f8 ff ff ]
fffff960000da640-fffff960000da645 6 bytes - win32k!NtUserGetClipboardData (+0xd54)
[ 48 89 5c 24 08 48:ff 25 72 48 fa ff ]
fffff960000da9a8-fffff960000da9ad 6 bytes - win32k!NtUserAttachThreadInput (+0x368)
[ 48 89 5c 24 08 48:ff 25 5a 69 00 00 ]
fffff960000db2b0-fffff960000db2b5 6 bytes - win32k!NtUserCallHwndParamLock (+0x908)
[ 48 89 5c 24 08 48:ff 25 02 76 fd ff ]
fffff960000dba0c-fffff960000dba11 6 bytes - win32k!NtUserGetAsyncKeyState (+0x75c)
[ 48 89 5c 24 08 48:ff 25 62 85 fc ff ]
fffff960000dc308-fffff960000dc30f 8 bytes - win32k!NtUserGetPriorityClipboardFormat+b0 (+0x8fc)
[ 90 90 90 90 90 90 90 90:b4 eb 6c 03 80 f8 ff ff ]
fffff960000dcb88-fffff960000dcb8d 6 bytes - win32k!NtUserRegisterHotKey (+0x880)
[ 48 8b c4 48 89 58:ff 25 8a 6b 0d 00 ]
fffff960000dd0ac-fffff960000dd0b1 6 bytes - win32k!NtUserSetClipboardViewer (+0x524)
[ 48 89 5c 24 08 57:ff 25 a2 49 ff ff ]
fffff960000dd4f0-fffff960000dd4f5 6 bytes - win32k!NtUserSetSysColors (+0x444)
[ 48 8b c4 48 89 58:ff 25 62 db 11 00 ]
fffff960000de848-fffff960000de84f 8 bytes - win32k!NtUserGetDCEx+168 (+0x1358)
[ 90 90 90 90 90 90 90 90:c4 ed 6c 03 80 f8 ff ff ]
fffff960000defd4-fffff960000defdb 8 bytes - win32k!NtUserSetWindowRgnEx+1cc (+0x78c)
[ 90 90 90 90 90 90 90 90:e0 f1 6c 03 80 f8 ff ff ]
fffff960000e0774-fffff960000e0779 6 bytes - win32k!NtUserBuildNameList (+0x17a0)
[ 48 89 5c 24 08 48:ff 25 72 91 ff ff ]
fffff960000e0c94-fffff960000e0c99 6 bytes - win32k!NtUserSendInput (+0x520)
[ 48 8b c4 48 89 58:ff 25 4e 91 fa ff ]
fffff960000e0e00-fffff960000e0e05 6 bytes - win32k!NtUserBlockInput (+0x16c)
[ 48 89 5c 24 08 48:ff 25 06 eb f9 ff ]
fffff960000e1308-fffff960000e130f 8 bytes - win32k!NtUserGetClassInfoEx (+0x508)
[ 90 90 90 90 90 90 90 90:ec dd 6c 03 80 f8 ff ff ]
fffff960000e1958-fffff960000e195f 8 bytes - win32k!NtUserGetProp+7c (+0x650)
[ 90 90 90 90 90 90 90 90:64 db 6c 03 80 f8 ff ff ]
fffff960000e30c0-fffff960000e30c5 6 bytes - win32k!NtUserGetKeyboardState (+0x1768)
[ 48 89 4c 24 08 53:ff 25 12 8b 11 00 ]
fffff960000e323c-fffff960000e3241 6 bytes - win32k!NtUserGetKeyState (+0x17c)
[ 48 89 5c 24 08 48:ff 25 b2 42 fd ff ]
fffff960000e7d64-fffff960000e7d69 6 bytes - win32k!NtUserRegisterRawInputDevices (+0x4b28)
[ 48 89 5c 24 10 56:ff 25 fa 50 11 00 ]
Page 99199 not present in the dump file. Type ".hh dbgerr004" for details
Page 99cb8 not present in the dump file. Type ".hh dbgerr004" for details
Page 9a3bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99dbe not present in the dump file. Type ".hh dbgerr004" for details
Page 991c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 98dcd not present in the dump file. Type ".hh dbgerr004" for details
Page 999e6 not present in the dump file. Type ".hh dbgerr004" for details
Page 997e7 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa06 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff09 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0b not present in the dump file. Type ".hh dbgerr004" for details
Page 6fd0c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0d not present in the dump file. Type ".hh dbgerr004" for details
Page 7000e not present in the dump file. Type ".hh dbgerr004" for details
Page 90825 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fe26 not present in the dump file. Type ".hh dbgerr004" for details
Page 90a28 not present in the dump file. Type ".hh dbgerr004" for details
Page 90e2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9062f not present in the dump file. Type ".hh dbgerr004" for details
Page 90a30 not present in the dump file. Type ".hh dbgerr004" for details
Page 91431 not present in the dump file. Type ".hh dbgerr004" for details
Page 91632 not present in the dump file. Type ".hh dbgerr004" for details
Page 91333 not present in the dump file. Type ".hh dbgerr004" for details
fffff960000e9718-fffff960000e971d 6 bytes - win32k!NtUserAddClipboardFormatListener (+0x19b4)
[ 48 89 5c 24 08 48:ff 25 5a 68 f9 ff ]
fffff9600018cb5c-fffff9600018cb63 8 bytes - win32k!NtGdiD3dValidateTextureStageState+c (+0xa3444)
[ 90 90 90 90 90 90 90 90:18 ed 6c 03 80 f8 ff ff ]
Page 91d3e not present in the dump file. Type ".hh dbgerr004" for details
Page 9243f not present in the dump file. Type ".hh dbgerr004" for details
Page 97e42 not present in the dump file. Type ".hh dbgerr004" for details
Page 97d43 not present in the dump file. Type ".hh dbgerr004" for details
Page 98044 not present in the dump file. Type ".hh dbgerr004" for details
Page 98548 not present in the dump file. Type ".hh dbgerr004" for details
Page 98549 not present in the dump file. Type ".hh dbgerr004" for details
Page 9894c not present in the dump file. Type ".hh dbgerr004" for details
Page 9884d not present in the dump file. Type ".hh dbgerr004" for details
Page 98a4e not present in the dump file. Type ".hh dbgerr004" for details
Page 98757 not present in the dump file. Type ".hh dbgerr004" for details
fffff96000191098-fffff9600019109d 6 bytes - win32k!NtGdiAlphaBlend (+0x453c)
[ 4c 8b dc 45 89 4b:ff 25 1e 5f 06 00 ]
Page 98b66 not present in the dump file. Type ".hh dbgerr004" for details
Page 9916d not present in the dump file. Type ".hh dbgerr004" for details
Page 9926e not present in the dump file. Type ".hh dbgerr004" for details
Page 9958e not present in the dump file. Type ".hh dbgerr004" for details
Page 98f8f not present in the dump file. Type ".hh dbgerr004" for details
Page 98b95 not present in the dump file. Type ".hh dbgerr004" for details
Page 99398 not present in the dump file. Type ".hh dbgerr004" for details
Page 99099 not present in the dump file. Type ".hh dbgerr004" for details
Page 9989b not present in the dump file. Type ".hh dbgerr004" for details
fffff960001b3718-fffff960001b371f 8 bytes - win32k!GreGetRgnBox+4 (+0x22680)
[ 90 90 90 90 90 90 90 90:18 df 6c 03 80 f8 ff ff ]
fffff960001f6fbc-fffff960001f6fc3 8 bytes - win32k!XLATE::pfnXlateBetweenBitfields+60 (+0x438a4)
[ 90 90 90 90 90 90 90 90:28 f8 6c 03 80 f8 ff ff ]
fffff960001f76b8-fffff960001f76bd 6 bytes - win32k!NtGdiBitBltInternal (+0x6fc)
[ 48 8b c4 48 89 58:ff 25 6a 35 00 00 ]
fffff960001fac28-fffff960001fac2f 8 bytes - win32k!CaptureDriverInfo2W+318 (+0x3570)
[ 90 90 90 90 90 90 90 90:08 ee 6c 03 80 f8 ff ff ]
fffff960001fb058-fffff960001fb05f 8 bytes - win32k!NtGdiGetBitmapBits+d4 (+0x430)
[ 90 90 90 90 90 90 90 90:94 d2 6c 03 80 f8 ff ff ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
Page 994ac not present in the dump file. Type ".hh dbgerr004" for details
Page 99fba not present in the dump file. Type ".hh dbgerr004" for details
Page 9a1bc not present in the dump file. Type ".hh dbgerr004" for details
Page 9a2bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99cbe not present in the dump file. Type ".hh dbgerr004" for details
Page 996bf not present in the dump file. Type ".hh dbgerr004" for details
Page 995c0 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c1 not present in the dump file. Type ".hh dbgerr004" for details
Page 992c2 not present in the dump file. Type ".hh dbgerr004" for details
Page 993c3 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c4 not present in the dump file. Type ".hh dbgerr004" for details
Page 990c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c7 not present in the dump file. Type ".hh dbgerr004" for details
Page 991cb not present in the dump file. Type ".hh dbgerr004" for details
Page 99cd9 not present in the dump file. Type ".hh dbgerr004" for details
Page 99bda not present in the dump file. Type ".hh dbgerr004" for details
Page 99bdb not present in the dump file. Type ".hh dbgerr004" for details
Page 999dc not present in the dump file. Type ".hh dbgerr004" for details
Page 999dd not present in the dump file. Type ".hh dbgerr004" for details
Page 99bde not present in the dump file. Type ".hh dbgerr004" for details
Page 997df not present in the dump file. Type ".hh dbgerr004" for details
Page 99ced not present in the dump file. Type ".hh dbgerr004" for details
Page 997ef not present in the dump file. Type ".hh dbgerr004" for details
Page 994f0 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f1 not present in the dump file. Type ".hh dbgerr004" for details
Page 99ef4 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f5 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f6 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f7 not present in the dump file. Type ".hh dbgerr004" for details
Page 992f8 not present in the dump file. Type ".hh dbgerr004" for details
Page 996f9 not present in the dump file. Type ".hh dbgerr004" for details
Page 996fa not present in the dump file. Type ".hh dbgerr004" for details
Page 995fb not present in the dump file. Type ".hh dbgerr004" for details
Page 6f401 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc02 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f703 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb04 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f705 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f906 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f407 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc12 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc13 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb1c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa1d not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff1f not present in the dump file. Type ".hh dbgerr004" for details
Page 6fe20 not present in the dump file. Type ".hh dbgerr004" for details
Page 8f721 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fb22 not present in the dump file. Type ".hh dbgerr004" for details
Page 90324 not present in the dump file. Type ".hh dbgerr004" for details
Page 90b2c not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2d not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9052f not present in the dump file. Type ".hh dbgerr004" for details
Page 91233 not present in the dump file. Type ".hh dbgerr004" for details
Page 9243b not present in the dump file. Type ".hh dbgerr004" for details
Page 9213c not present in the dump file. Type ".hh dbgerr004" for details
Page 9223d not present in the dump file. Type ".hh dbgerr004" for details
Page 91c3e not present in the dump file. Type ".hh dbgerr004" for details
Page 92440 not present in the dump file. Type ".hh dbgerr004" for details
Page 9874d not present in the dump file. Type ".hh dbgerr004" for details
Page 9894e not present in the dump file. Type ".hh dbgerr004" for details
Page 9854f not present in the dump file. Type ".hh dbgerr004" for details
404 errors : !win32k (fffff96000037e94-fffff9600020c3b5)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: LARGE

FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

Followup: memory_corruption
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000041, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: fffff880009e9180, The PRCB address of the hung processor.
Arg4: 0000000000000001, 0.

Debugging Details:
------------------

Page 9917e not present in the dump file. Type ".hh dbgerr004" for details
Page 99199 not present in the dump file. Type ".hh dbgerr004" for details
Page 99cb8 not present in the dump file. Type ".hh dbgerr004" for details
Page 9a3bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99dbe not present in the dump file. Type ".hh dbgerr004" for details
Page 991c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 98dcd not present in the dump file. Type ".hh dbgerr004" for details
Page 999e6 not present in the dump file. Type ".hh dbgerr004" for details
Page 997e7 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa06 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff09 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0b not present in the dump file. Type ".hh dbgerr004" for details
Page 6fd0c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0d not present in the dump file. Type ".hh dbgerr004" for details
Page 7000e not present in the dump file. Type ".hh dbgerr004" for details
Page 90825 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fe26 not present in the dump file. Type ".hh dbgerr004" for details
Page 90a28 not present in the dump file. Type ".hh dbgerr004" for details
Page 90e2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9062f not present in the dump file. Type ".hh dbgerr004" for details
Page 90a30 not present in the dump file. Type ".hh dbgerr004" for details
Page 91431 not present in the dump file. Type ".hh dbgerr004" for details
Page 91632 not present in the dump file. Type ".hh dbgerr004" for details
Page 91333 not present in the dump file. Type ".hh dbgerr004" for details
Page 91d3e not present in the dump file. Type ".hh dbgerr004" for details
Page 9243f not present in the dump file. Type ".hh dbgerr004" for details
Page 97e42 not present in the dump file. Type ".hh dbgerr004" for details
Page 97d43 not present in the dump file. Type ".hh dbgerr004" for details
Page 98044 not present in the dump file. Type ".hh dbgerr004" for details
Page 98548 not present in the dump file. Type ".hh dbgerr004" for details
Page 98549 not present in the dump file. Type ".hh dbgerr004" for details
Page 9894c not present in the dump file. Type ".hh dbgerr004" for details
Page 9884d not present in the dump file. Type ".hh dbgerr004" for details
Page 98a4e not present in the dump file. Type ".hh dbgerr004" for details
Page 98757 not present in the dump file. Type ".hh dbgerr004" for details
Page 98b66 not present in the dump file. Type ".hh dbgerr004" for details
Page 9916d not present in the dump file. Type ".hh dbgerr004" for details
Page 9926e not present in the dump file. Type ".hh dbgerr004" for details
Page 9958e not present in the dump file. Type ".hh dbgerr004" for details
Page 98f8f not present in the dump file. Type ".hh dbgerr004" for details
Page 98b95 not present in the dump file. Type ".hh dbgerr004" for details
Page 99398 not present in the dump file. Type ".hh dbgerr004" for details
Page 99099 not present in the dump file. Type ".hh dbgerr004" for details
Page 9989b not present in the dump file. Type ".hh dbgerr004" for details
Page 994ac not present in the dump file. Type ".hh dbgerr004" for details
Page 99fba not present in the dump file. Type ".hh dbgerr004" for details
Page 9a1bc not present in the dump file. Type ".hh dbgerr004" for details
Page 9a2bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99cbe not present in the dump file. Type ".hh dbgerr004" for details
Page 996bf not present in the dump file. Type ".hh dbgerr004" for details
Page 995c0 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c1 not present in the dump file. Type ".hh dbgerr004" for details
Page 992c2 not present in the dump file. Type ".hh dbgerr004" for details
Page 993c3 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c4 not present in the dump file. Type ".hh dbgerr004" for details
Page 990c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c7 not present in the dump file. Type ".hh dbgerr004" for details
Page 991cb not present in the dump file. Type ".hh dbgerr004" for details
Page 99cd9 not present in the dump file. Type ".hh dbgerr004" for details
Page 99bda not present in the dump file. Type ".hh dbgerr004" for details
Page 99bdb not present in the dump file. Type ".hh dbgerr004" for details
Page 999dc not present in the dump file. Type ".hh dbgerr004" for details
Page 999dd not present in the dump file. Type ".hh dbgerr004" for details
Page 99bde not present in the dump file. Type ".hh dbgerr004" for details
Page 997df not present in the dump file. Type ".hh dbgerr004" for details
Page 99ced not present in the dump file. Type ".hh dbgerr004" for details
Page 997ef not present in the dump file. Type ".hh dbgerr004" for details
Page 994f0 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f1 not present in the dump file. Type ".hh dbgerr004" for details
Page 99ef4 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f5 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f6 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f7 not present in the dump file. Type ".hh dbgerr004" for details
Page 992f8 not present in the dump file. Type ".hh dbgerr004" for details
Page 996f9 not present in the dump file. Type ".hh dbgerr004" for details
Page 996fa not present in the dump file. Type ".hh dbgerr004" for details
Page 995fb not present in the dump file. Type ".hh dbgerr004" for details
Page 6f401 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc02 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f703 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb04 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f705 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f906 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f407 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc12 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc13 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb1c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa1d not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff1f not present in the dump file. Type ".hh dbgerr004" for details
Page 6fe20 not present in the dump file. Type ".hh dbgerr004" for details
Page 8f721 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fb22 not present in the dump file. Type ".hh dbgerr004" for details
Page 90324 not present in the dump file. Type ".hh dbgerr004" for details
Page 90b2c not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2d not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9052f not present in the dump file. Type ".hh dbgerr004" for details
Page 91233 not present in the dump file. Type ".hh dbgerr004" for details
Page 9243b not present in the dump file. Type ".hh dbgerr004" for details
Page 9213c not present in the dump file. Type ".hh dbgerr004" for details
Page 9223d not present in the dump file. Type ".hh dbgerr004" for details
Page 91c3e not present in the dump file. Type ".hh dbgerr004" for details
Page 92440 not present in the dump file. Type ".hh dbgerr004" for details
Page 9874d not present in the dump file. Type ".hh dbgerr004" for details
Page 9894e not present in the dump file. Type ".hh dbgerr004" for details
Page 9854f not present in the dump file. Type ".hh dbgerr004" for details
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

BUGCHECK_STR: CLOCK_WATCHDOG_TIMEOUT_3_PROC

DEFAULT_BUCKET_ID: CODE_CORRUPTION

PROCESS_NAME: explorer.exe

CURRENT_IRQL: d

STACK_TEXT:
fffff880`07be1e88 fffff800`03132f3a : 00000000`00000101 00000000`00000041 00000000`00000000 fffff880`009e9180 : nt!KeBugCheckEx
fffff880`07be1e90 fffff800`030e5ce7 : 00000000`00000000 fffff800`00000001 00000000`00002710 fffff800`030df08a : nt! ?? ::FNODOBFM::`string'+0x4e2e
fffff880`07be1f20 fffff800`0301e895 : fffff800`03044460 fffff880`07be20d0 fffff800`03044460 00000000`00000000 : nt!KeUpdateSystemTime+0x377
fffff880`07be2020 fffff800`030d8713 : 00000000`c4421ff5 fffff800`0324ee80 fffff800`0324ee80 00000000`00000000 : hal!HalpHpetClockInterrupt+0x8d
fffff880`07be2050 fffff800`030e0ff0 : fffff800`0324ee80 fffff900`00000001 00000000`00000000 fffff880`07be22e8 : nt!KiInterruptDispatchNoLock+0x163
fffff880`07be21e0 fffff800`030fb951 : 00000000`00000000 00000000`00000002 00000000`00000001 00000000`00000111 : nt!KeFlushMultipleRangeTb+0x260
fffff880`07be22b0 fffff800`030fe398 : 00000000`00000002 fffff880`07be2400 fffff900`c01cc000 00000000`00000080 : nt!MiFlushTbAsNeeded+0x1d1
fffff880`07be23c0 fffff800`03204f86 : 00000000`00001b40 fffff880`038a1cc0 00000000`00000021 fffff800`00000028 : nt!MiAllocatePagedPoolPages+0x4cc
fffff880`07be24e0 fffff800`030fc0b0 : 00000000`00001b40 fffff880`038a1cc0 00000000`00000021 fffff800`030e52d2 : nt!MiAllocatePoolPages+0x906
fffff880`07be2620 fffff800`0320790e : 00000000`00000000 00000000`00000000 fffff900`00000020 00000000`00001b40 : nt!ExpAllocateBigPool+0xb0
fffff880`07be2710 fffff960`000b3e55 : 00000000`00001165 00000000`00000000 00000000`00000000 fffff960`000c561d : nt!ExAllocatePoolWithTag+0x82e
fffff880`07be2800 fffff960`000b5378 : 00000000`00000001 fffff880`07be2998 00000000`00000001 fffff960`000c584e : win32k!AllocateObject+0xdd
fffff880`07be2840 fffff960`0008afa3 : fffff880`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x1f8
fffff880`07be2930 fffff960`000a1f24 : 00000000`01010051 fffff900`c225a530 00000000`00000000 00000000`0000002c : win32k!GreCreateDIBitmapReal+0x533
fffff880`07be2a60 fffff960`000a3f22 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!InternalGetIconInfo+0x174
fffff880`07be2b50 fffff800`030db453 : fffffa80`06e7e600 00000000`035be498 fffff880`07be2c18 00000000`00000028 : win32k!NtUserGetIconInfo+0x182
fffff880`07be2c00 00000000`7727192a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`035be478 fffff800`030d3810 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7727192a
fffff880`07be2e50 fffff880`07be2e78 : 00000000`00000000 fffff900`c060e010 00000000`00000000 00000000`00000202 : nt!KiCallUserMode
fffff880`07be2e58 00000000`00000000 : fffff900`c060e010 00000000`00000000 00000000`00000202 fffff880`07be3860 : 0xfffff880`07be2e78


STACK_COMMAND: kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32k
fffff96000037e94-fffff96000037e9b 8 bytes - win32k!GreSelectBrush+5c
[ 90 90 90 90 90 90 90 90:4c cf 6c 03 80 f8 ff ff ]
fffff9600003b684-fffff9600003b689 6 bytes - win32k!NtUserSwitchDesktop (+0x37f0)
[ 48 89 5c 24 08 57:ff 25 ce 62 0a 00 ]
fffff960000700bc-fffff960000700c3 8 bytes - win32k!CreateDesktopHeap+104 (+0x34a38)
[ 90 90 90 90 90 90 90 90:d8 d3 6c 03 80 f8 ff ff ]
fffff96000075aac-fffff96000075ab1 6 bytes - win32k!NtGdiOpenDCW (+0x59f0)
[ 48 8b c4 48 89 58:ff 25 56 68 06 00 ]
fffff9600007eeb8-fffff9600007eebf 8 bytes - win32k!NtGdiGetSystemPaletteUse (+0x940c)
[ 90 90 90 90 90 90 90 90:e0 d7 6c 03 80 f8 ff ff ]
fffff9600007f014-fffff9600007f017 4 bytes - win32k!NtUserSetWindowsHookEx (+0x15c)
[ 48 89 5c 24:ff 25 66 ce ]
fffff9600007f019 - win32k!NtUserSetWindowsHookEx+5 (+0x05)
[ 48:00 ]
fffff9600007f90c-fffff9600007f913 8 bytes - win32k!DestroyCacheDC+1d4 (+0x8f3)
[ 90 90 90 90 90 90 90 90:d4 d4 6c 03 80 f8 ff ff ]
fffff9600007ff78-fffff9600007ff7f 8 bytes - win32k!NtGdiPolyPolyDraw (+0x66c)
[ 90 90 90 90 90 90 90 90:04 d7 6c 03 80 f8 ff ff ]
fffff960000875c8-fffff960000875cd 6 bytes - win32k!NtGdiDeleteObjectApp (+0x7650)
[ 48 89 5c 24 08 57:ff 25 8e 55 10 00 ]
fffff96000089de8-fffff96000089def 8 bytes - win32k!bCaptureBitmapInfo+b8 (+0x2820)
[ 90 90 90 90 90 90 90 90:40 d5 6c 03 80 f8 ff ff ]
fffff960000950d8-fffff960000950df 8 bytes - win32k!NtUserThunkedMenuInfo+4 (+0xb2f0)
[ 90 90 90 90 90 90 90 90:38 f5 6c 03 80 f8 ff ff ]
fffff9600009d738-fffff9600009d73f 8 bytes - win32k!NtUserTrackMouseEvent (+0x8660)
[ 90 90 90 90 90 90 90 90:78 ed 6c 03 80 f8 ff ff ]
fffff960000a3f74-fffff960000a3f7b 8 bytes - win32k!NtUserGetIconInfo+1d4 (+0x683c)
[ 90 90 90 90 90 90 90 90:a4 dd 6c 03 80 f8 ff ff ]
fffff960000b28b8-fffff960000b28bf 8 bytes - win32k!UserGetAtomName+58 (+0xe944)
[ 90 90 90 90 90 90 90 90:30 d3 6c 03 80 f8 ff ff ]
fffff960000b74f4-fffff960000b74fb 8 bytes - win32k!PtiFromThreadId+dc (+0x4c3c)
[ 90 90 90 90 90 90 90 90:c8 dd 6c 03 80 f8 ff ff ]
fffff960000b7f30-fffff960000b7f35 6 bytes - win32k!NtGdiCreateCompatibleDC (+0xa3c)
[ e9 ff fa ff ff 90:ff 25 02 58 fe ff ]
fffff960000bacc8-fffff960000baccd 6 bytes - win32k!NtUserSystemParametersInfo (+0x2d98)
[ 44 89 4c 24 20 4c:ff 25 4a 21 14 00 ]
fffff960000d1a54-fffff960000d1a5b 8 bytes - win32k!ClearSendMessages+180 (+0x16d8c)
[ 90 90 90 90 90 90 90 90:28 d6 6c 03 80 f8 ff ff ]
Page 9917e not present in the dump file. Type ".hh dbgerr004" for details
fffff960000d1a5d-fffff960000d1a61 5 bytes - win32k!NtUserDestroyWindow+1 (+0x09)
[ f3 48 83 ec 20:25 5a e6 f9 ff ]
fffff960000d7480-fffff960000d7485 6 bytes - win32k!NtUserOpenDesktop (+0x5a23)
[ 48 89 5c 24 08 48:ff 25 26 d3 12 00 ]
fffff960000d79d8-fffff960000d79df 8 bytes - win32k!NtUserDragObject+154 (+0x558)
[ 90 90 90 90 90 90 90 90:ac f6 6c 03 80 f8 ff ff ]
fffff960000d9578-fffff960000d957d 6 bytes - win32k!NtUserSetWinEventHook (+0x1ba0)
[ 48 89 5c 24 08 48:ff 25 16 e9 f5 ff ]
fffff960000d98ec-fffff960000d98f3 8 bytes - win32k!NtUserGetGUIThreadInfo+d8 (+0x374)
[ 90 90 90 90 90 90 90 90:80 db 6c 03 80 f8 ff ff ]
fffff960000da640-fffff960000da645 6 bytes - win32k!NtUserGetClipboardData (+0xd54)
[ 48 89 5c 24 08 48:ff 25 72 48 fa ff ]
fffff960000da9a8-fffff960000da9ad 6 bytes - win32k!NtUserAttachThreadInput (+0x368)
[ 48 89 5c 24 08 48:ff 25 5a 69 00 00 ]
fffff960000db2b0-fffff960000db2b5 6 bytes - win32k!NtUserCallHwndParamLock (+0x908)
[ 48 89 5c 24 08 48:ff 25 02 76 fd ff ]
fffff960000dba0c-fffff960000dba11 6 bytes - win32k!NtUserGetAsyncKeyState (+0x75c)
[ 48 89 5c 24 08 48:ff 25 62 85 fc ff ]
fffff960000dc308-fffff960000dc30f 8 bytes - win32k!NtUserGetPriorityClipboardFormat+b0 (+0x8fc)
[ 90 90 90 90 90 90 90 90:b4 eb 6c 03 80 f8 ff ff ]
fffff960000dcb88-fffff960000dcb8d 6 bytes - win32k!NtUserRegisterHotKey (+0x880)
[ 48 8b c4 48 89 58:ff 25 8a 6b 0d 00 ]
fffff960000dd0ac-fffff960000dd0b1 6 bytes - win32k!NtUserSetClipboardViewer (+0x524)
[ 48 89 5c 24 08 57:ff 25 a2 49 ff ff ]
fffff960000dd4f0-fffff960000dd4f5 6 bytes - win32k!NtUserSetSysColors (+0x444)
[ 48 8b c4 48 89 58:ff 25 62 db 11 00 ]
fffff960000de848-fffff960000de84f 8 bytes - win32k!NtUserGetDCEx+168 (+0x1358)
[ 90 90 90 90 90 90 90 90:c4 ed 6c 03 80 f8 ff ff ]
fffff960000defd4-fffff960000defdb 8 bytes - win32k!NtUserSetWindowRgnEx+1cc (+0x78c)
[ 90 90 90 90 90 90 90 90:e0 f1 6c 03 80 f8 ff ff ]
fffff960000e0774-fffff960000e0779 6 bytes - win32k!NtUserBuildNameList (+0x17a0)
[ 48 89 5c 24 08 48:ff 25 72 91 ff ff ]
fffff960000e0c94-fffff960000e0c99 6 bytes - win32k!NtUserSendInput (+0x520)
[ 48 8b c4 48 89 58:ff 25 4e 91 fa ff ]
fffff960000e0e00-fffff960000e0e05 6 bytes - win32k!NtUserBlockInput (+0x16c)
[ 48 89 5c 24 08 48:ff 25 06 eb f9 ff ]
fffff960000e1308-fffff960000e130f 8 bytes - win32k!NtUserGetClassInfoEx (+0x508)
[ 90 90 90 90 90 90 90 90:ec dd 6c 03 80 f8 ff ff ]
fffff960000e1958-fffff960000e195f 8 bytes - win32k!NtUserGetProp+7c (+0x650)
[ 90 90 90 90 90 90 90 90:64 db 6c 03 80 f8 ff ff ]
fffff960000e30c0-fffff960000e30c5 6 bytes - win32k!NtUserGetKeyboardState (+0x1768)
[ 48 89 4c 24 08 53:ff 25 12 8b 11 00 ]
fffff960000e323c-fffff960000e3241 6 bytes - win32k!NtUserGetKeyState (+0x17c)
[ 48 89 5c 24 08 48:ff 25 b2 42 fd ff ]
fffff960000e7d64-fffff960000e7d69 6 bytes - win32k!NtUserRegisterRawInputDevices (+0x4b28)
[ 48 89 5c 24 10 56:ff 25 fa 50 11 00 ]
Page 99199 not present in the dump file. Type ".hh dbgerr004" for details
Page 99cb8 not present in the dump file. Type ".hh dbgerr004" for details
Page 9a3bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99dbe not present in the dump file. Type ".hh dbgerr004" for details
Page 991c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 98dcd not present in the dump file. Type ".hh dbgerr004" for details
Page 999e6 not present in the dump file. Type ".hh dbgerr004" for details
Page 997e7 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa06 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff09 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0b not present in the dump file. Type ".hh dbgerr004" for details
Page 6fd0c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0d not present in the dump file. Type ".hh dbgerr004" for details
Page 7000e not present in the dump file. Type ".hh dbgerr004" for details
Page 90825 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fe26 not present in the dump file. Type ".hh dbgerr004" for details
Page 90a28 not present in the dump file. Type ".hh dbgerr004" for details
Page 90e2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9062f not present in the dump file. Type ".hh dbgerr004" for details
Page 90a30 not present in the dump file. Type ".hh dbgerr004" for details
Page 91431 not present in the dump file. Type ".hh dbgerr004" for details
Page 91632 not present in the dump file. Type ".hh dbgerr004" for details
Page 91333 not present in the dump file. Type ".hh dbgerr004" for details
fffff960000e9718-fffff960000e971d 6 bytes - win32k!NtUserAddClipboardFormatListener (+0x19b4)
[ 48 89 5c 24 08 48:ff 25 5a 68 f9 ff ]
fffff9600018cb5c-fffff9600018cb63 8 bytes - win32k!NtGdiD3dValidateTextureStageState+c (+0xa3444)
[ 90 90 90 90 90 90 90 90:18 ed 6c 03 80 f8 ff ff ]
Page 91d3e not present in the dump file. Type ".hh dbgerr004" for details
Page 9243f not present in the dump file. Type ".hh dbgerr004" for details
Page 97e42 not present in the dump file. Type ".hh dbgerr004" for details
Page 97d43 not present in the dump file. Type ".hh dbgerr004" for details
Page 98044 not present in the dump file. Type ".hh dbgerr004" for details
Page 98548 not present in the dump file. Type ".hh dbgerr004" for details
Page 98549 not present in the dump file. Type ".hh dbgerr004" for details
Page 9894c not present in the dump file. Type ".hh dbgerr004" for details
Page 9884d not present in the dump file. Type ".hh dbgerr004" for details
Page 98a4e not present in the dump file. Type ".hh dbgerr004" for details
Page 98757 not present in the dump file. Type ".hh dbgerr004" for details
fffff96000191098-fffff9600019109d 6 bytes - win32k!NtGdiAlphaBlend (+0x453c)
[ 4c 8b dc 45 89 4b:ff 25 1e 5f 06 00 ]
Page 98b66 not present in the dump file. Type ".hh dbgerr004" for details
Page 9916d not present in the dump file. Type ".hh dbgerr004" for details
Page 9926e not present in the dump file. Type ".hh dbgerr004" for details
Page 9958e not present in the dump file. Type ".hh dbgerr004" for details
Page 98f8f not present in the dump file. Type ".hh dbgerr004" for details
Page 98b95 not present in the dump file. Type ".hh dbgerr004" for details
Page 99398 not present in the dump file. Type ".hh dbgerr004" for details
Page 99099 not present in the dump file. Type ".hh dbgerr004" for details
Page 9989b not present in the dump file. Type ".hh dbgerr004" for details
fffff960001b3718-fffff960001b371f 8 bytes - win32k!GreGetRgnBox+4 (+0x22680)
[ 90 90 90 90 90 90 90 90:18 df 6c 03 80 f8 ff ff ]
fffff960001f6fbc-fffff960001f6fc3 8 bytes - win32k!XLATE::pfnXlateBetweenBitfields+60 (+0x438a4)
[ 90 90 90 90 90 90 90 90:28 f8 6c 03 80 f8 ff ff ]
fffff960001f76b8-fffff960001f76bd 6 bytes - win32k!NtGdiBitBltInternal (+0x6fc)
[ 48 8b c4 48 89 58:ff 25 6a 35 00 00 ]
fffff960001fac28-fffff960001fac2f 8 bytes - win32k!CaptureDriverInfo2W+318 (+0x3570)
[ 90 90 90 90 90 90 90 90:08 ee 6c 03 80 f8 ff ff ]
fffff960001fb058-fffff960001fb05f 8 bytes - win32k!NtGdiGetBitmapBits+d4 (+0x430)
[ 90 90 90 90 90 90 90 90:94 d2 6c 03 80 f8 ff ff ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
Page 994ac not present in the dump file. Type ".hh dbgerr004" for details
Page 99fba not present in the dump file. Type ".hh dbgerr004" for details
Page 9a1bc not present in the dump file. Type ".hh dbgerr004" for details
Page 9a2bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99cbe not present in the dump file. Type ".hh dbgerr004" for details
Page 996bf not present in the dump file. Type ".hh dbgerr004" for details
Page 995c0 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c1 not present in the dump file. Type ".hh dbgerr004" for details
Page 992c2 not present in the dump file. Type ".hh dbgerr004" for details
Page 993c3 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c4 not present in the dump file. Type ".hh dbgerr004" for details
Page 990c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c7 not present in the dump file. Type ".hh dbgerr004" for details
Page 991cb not present in the dump file. Type ".hh dbgerr004" for details
Page 99cd9 not present in the dump file. Type ".hh dbgerr004" for details
Page 99bda not present in the dump file. Type ".hh dbgerr004" for details
Page 99bdb not present in the dump file. Type ".hh dbgerr004" for details
Page 999dc not present in the dump file. Type ".hh dbgerr004" for details
Page 999dd not present in the dump file. Type ".hh dbgerr004" for details
Page 99bde not present in the dump file. Type ".hh dbgerr004" for details
Page 997df not present in the dump file. Type ".hh dbgerr004" for details
Page 99ced not present in the dump file. Type ".hh dbgerr004" for details
Page 997ef not present in the dump file. Type ".hh dbgerr004" for details
Page 994f0 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f1 not present in the dump file. Type ".hh dbgerr004" for details
Page 99ef4 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f5 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f6 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f7 not present in the dump file. Type ".hh dbgerr004" for details
Page 992f8 not present in the dump file. Type ".hh dbgerr004" for details
Page 996f9 not present in the dump file. Type ".hh dbgerr004" for details
Page 996fa not present in the dump file. Type ".hh dbgerr004" for details
Page 995fb not present in the dump file. Type ".hh dbgerr004" for details
Page 6f401 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc02 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f703 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb04 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f705 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f906 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f407 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc12 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc13 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb1c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa1d not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff1f not present in the dump file. Type ".hh dbgerr004" for details
Page 6fe20 not present in the dump file. Type ".hh dbgerr004" for details
Page 8f721 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fb22 not present in the dump file. Type ".hh dbgerr004" for details
Page 90324 not present in the dump file. Type ".hh dbgerr004" for details
Page 90b2c not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2d not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9052f not present in the dump file. Type ".hh dbgerr004" for details
Page 91233 not present in the dump file. Type ".hh dbgerr004" for details
Page 9243b not present in the dump file. Type ".hh dbgerr004" for details
Page 9213c not present in the dump file. Type ".hh dbgerr004" for details
Page 9223d not present in the dump file. Type ".hh dbgerr004" for details
Page 91c3e not present in the dump file. Type ".hh dbgerr004" for details
Page 92440 not present in the dump file. Type ".hh dbgerr004" for details
Page 9874d not present in the dump file. Type ".hh dbgerr004" for details
Page 9894e not present in the dump file. Type ".hh dbgerr004" for details
Page 9854f not present in the dump file. Type ".hh dbgerr004" for details
404 errors : !win32k (fffff96000037e94-fffff9600020c3b5)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: LARGE

FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

Followup: memory_corruption
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000041, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: fffff880009e9180, The PRCB address of the hung processor.
Arg4: 0000000000000001, 0.

Debugging Details:
------------------

Page 9917e not present in the dump file. Type ".hh dbgerr004" for details
Page 99199 not present in the dump file. Type ".hh dbgerr004" for details
Page 99cb8 not present in the dump file. Type ".hh dbgerr004" for details
Page 9a3bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99dbe not present in the dump file. Type ".hh dbgerr004" for details
Page 991c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 98dcd not present in the dump file. Type ".hh dbgerr004" for details
Page 999e6 not present in the dump file. Type ".hh dbgerr004" for details
Page 997e7 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa06 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff09 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0b not present in the dump file. Type ".hh dbgerr004" for details
Page 6fd0c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0d not present in the dump file. Type ".hh dbgerr004" for details
Page 7000e not present in the dump file. Type ".hh dbgerr004" for details
Page 90825 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fe26 not present in the dump file. Type ".hh dbgerr004" for details
Page 90a28 not present in the dump file. Type ".hh dbgerr004" for details
Page 90e2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9062f not present in the dump file. Type ".hh dbgerr004" for details
Page 90a30 not present in the dump file. Type ".hh dbgerr004" for details
Page 91431 not present in the dump file. Type ".hh dbgerr004" for details
Page 91632 not present in the dump file. Type ".hh dbgerr004" for details
Page 91333 not present in the dump file. Type ".hh dbgerr004" for details
Page 91d3e not present in the dump file. Type ".hh dbgerr004" for details
Page 9243f not present in the dump file. Type ".hh dbgerr004" for details
Page 97e42 not present in the dump file. Type ".hh dbgerr004" for details
Page 97d43 not present in the dump file. Type ".hh dbgerr004" for details
Page 98044 not present in the dump file. Type ".hh dbgerr004" for details
Page 98548 not present in the dump file. Type ".hh dbgerr004" for details
Page 98549 not present in the dump file. Type ".hh dbgerr004" for details
Page 9894c not present in the dump file. Type ".hh dbgerr004" for details
Page 9884d not present in the dump file. Type ".hh dbgerr004" for details
Page 98a4e not present in the dump file. Type ".hh dbgerr004" for details
Page 98757 not present in the dump file. Type ".hh dbgerr004" for details
Page 98b66 not present in the dump file. Type ".hh dbgerr004" for details
Page 9916d not present in the dump file. Type ".hh dbgerr004" for details
Page 9926e not present in the dump file. Type ".hh dbgerr004" for details
Page 9958e not present in the dump file. Type ".hh dbgerr004" for details
Page 98f8f not present in the dump file. Type ".hh dbgerr004" for details
Page 98b95 not present in the dump file. Type ".hh dbgerr004" for details
Page 99398 not present in the dump file. Type ".hh dbgerr004" for details
Page 99099 not present in the dump file. Type ".hh dbgerr004" for details
Page 9989b not present in the dump file. Type ".hh dbgerr004" for details
Page 994ac not present in the dump file. Type ".hh dbgerr004" for details
Page 99fba not present in the dump file. Type ".hh dbgerr004" for details
Page 9a1bc not present in the dump file. Type ".hh dbgerr004" for details
Page 9a2bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99cbe not present in the dump file. Type ".hh dbgerr004" for details
Page 996bf not present in the dump file. Type ".hh dbgerr004" for details
Page 995c0 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c1 not present in the dump file. Type ".hh dbgerr004" for details
Page 992c2 not present in the dump file. Type ".hh dbgerr004" for details
Page 993c3 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c4 not present in the dump file. Type ".hh dbgerr004" for details
Page 990c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c7 not present in the dump file. Type ".hh dbgerr004" for details
Page 991cb not present in the dump file. Type ".hh dbgerr004" for details
Page 99cd9 not present in the dump file. Type ".hh dbgerr004" for details
Page 99bda not present in the dump file. Type ".hh dbgerr004" for details
Page 99bdb not present in the dump file. Type ".hh dbgerr004" for details
Page 999dc not present in the dump file. Type ".hh dbgerr004" for details
Page 999dd not present in the dump file. Type ".hh dbgerr004" for details
Page 99bde not present in the dump file. Type ".hh dbgerr004" for details
Page 997df not present in the dump file. Type ".hh dbgerr004" for details
Page 99ced not present in the dump file. Type ".hh dbgerr004" for details
Page 997ef not present in the dump file. Type ".hh dbgerr004" for details
Page 994f0 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f1 not present in the dump file. Type ".hh dbgerr004" for details
Page 99ef4 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f5 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f6 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f7 not present in the dump file. Type ".hh dbgerr004" for details
Page 992f8 not present in the dump file. Type ".hh dbgerr004" for details
Page 996f9 not present in the dump file. Type ".hh dbgerr004" for details
Page 996fa not present in the dump file. Type ".hh dbgerr004" for details
Page 995fb not present in the dump file. Type ".hh dbgerr004" for details
Page 6f401 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc02 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f703 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb04 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f705 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f906 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f407 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc12 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc13 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb1c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa1d not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff1f not present in the dump file. Type ".hh dbgerr004" for details
Page 6fe20 not present in the dump file. Type ".hh dbgerr004" for details
Page 8f721 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fb22 not present in the dump file. Type ".hh dbgerr004" for details
Page 90324 not present in the dump file. Type ".hh dbgerr004" for details
Page 90b2c not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2d not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9052f not present in the dump file. Type ".hh dbgerr004" for details
Page 91233 not present in the dump file. Type ".hh dbgerr004" for details
Page 9243b not present in the dump file. Type ".hh dbgerr004" for details
Page 9213c not present in the dump file. Type ".hh dbgerr004" for details
Page 9223d not present in the dump file. Type ".hh dbgerr004" for details
Page 91c3e not present in the dump file. Type ".hh dbgerr004" for details
Page 92440 not present in the dump file. Type ".hh dbgerr004" for details
Page 9874d not present in the dump file. Type ".hh dbgerr004" for details
Page 9894e not present in the dump file. Type ".hh dbgerr004" for details
Page 9854f not present in the dump file. Type ".hh dbgerr004" for details
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

BUGCHECK_STR: CLOCK_WATCHDOG_TIMEOUT_3_PROC

DEFAULT_BUCKET_ID: CODE_CORRUPTION

PROCESS_NAME: explorer.exe

CURRENT_IRQL: d

STACK_TEXT:
fffff880`07be1e88 fffff800`03132f3a : 00000000`00000101 00000000`00000041 00000000`00000000 fffff880`009e9180 : nt!KeBugCheckEx
fffff880`07be1e90 fffff800`030e5ce7 : 00000000`00000000 fffff800`00000001 00000000`00002710 fffff800`030df08a : nt! ?? ::FNODOBFM::`string'+0x4e2e
fffff880`07be1f20 fffff800`0301e895 : fffff800`03044460 fffff880`07be20d0 fffff800`03044460 00000000`00000000 : nt!KeUpdateSystemTime+0x377
fffff880`07be2020 fffff800`030d8713 : 00000000`c4421ff5 fffff800`0324ee80 fffff800`0324ee80 00000000`00000000 : hal!HalpHpetClockInterrupt+0x8d
fffff880`07be2050 fffff800`030e0ff0 : fffff800`0324ee80 fffff900`00000001 00000000`00000000 fffff880`07be22e8 : nt!KiInterruptDispatchNoLock+0x163
fffff880`07be21e0 fffff800`030fb951 : 00000000`00000000 00000000`00000002 00000000`00000001 00000000`00000111 : nt!KeFlushMultipleRangeTb+0x260
fffff880`07be22b0 fffff800`030fe398 : 00000000`00000002 fffff880`07be2400 fffff900`c01cc000 00000000`00000080 : nt!MiFlushTbAsNeeded+0x1d1
fffff880`07be23c0 fffff800`03204f86 : 00000000`00001b40 fffff880`038a1cc0 00000000`00000021 fffff800`00000028 : nt!MiAllocatePagedPoolPages+0x4cc
fffff880`07be24e0 fffff800`030fc0b0 : 00000000`00001b40 fffff880`038a1cc0 00000000`00000021 fffff800`030e52d2 : nt!MiAllocatePoolPages+0x906
fffff880`07be2620 fffff800`0320790e : 00000000`00000000 00000000`00000000 fffff900`00000020 00000000`00001b40 : nt!ExpAllocateBigPool+0xb0
fffff880`07be2710 fffff960`000b3e55 : 00000000`00001165 00000000`00000000 00000000`00000000 fffff960`000c561d : nt!ExAllocatePoolWithTag+0x82e
fffff880`07be2800 fffff960`000b5378 : 00000000`00000001 fffff880`07be2998 00000000`00000001 fffff960`000c584e : win32k!AllocateObject+0xdd
fffff880`07be2840 fffff960`0008afa3 : fffff880`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x1f8
fffff880`07be2930 fffff960`000a1f24 : 00000000`01010051 fffff900`c225a530 00000000`00000000 00000000`0000002c : win32k!GreCreateDIBitmapReal+0x533
fffff880`07be2a60 fffff960`000a3f22 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!InternalGetIconInfo+0x174
fffff880`07be2b50 fffff800`030db453 : fffffa80`06e7e600 00000000`035be498 fffff880`07be2c18 00000000`00000028 : win32k!NtUserGetIconInfo+0x182
fffff880`07be2c00 00000000`7727192a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`035be478 fffff800`030d3810 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7727192a
fffff880`07be2e50 fffff880`07be2e78 : 00000000`00000000 fffff900`c060e010 00000000`00000000 00000000`00000202 : nt!KiCallUserMode
fffff880`07be2e58 00000000`00000000 : fffff900`c060e010 00000000`00000000 00000000`00000202 fffff880`07be3860 : 0xfffff880`07be2e78


STACK_COMMAND: kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32k
fffff96000037e94-fffff96000037e9b 8 bytes - win32k!GreSelectBrush+5c
[ 90 90 90 90 90 90 90 90:4c cf 6c 03 80 f8 ff ff ]
fffff9600003b684-fffff9600003b689 6 bytes - win32k!NtUserSwitchDesktop (+0x37f0)
[ 48 89 5c 24 08 57:ff 25 ce 62 0a 00 ]
fffff960000700bc-fffff960000700c3 8 bytes - win32k!CreateDesktopHeap+104 (+0x34a38)
[ 90 90 90 90 90 90 90 90:d8 d3 6c 03 80 f8 ff ff ]
fffff96000075aac-fffff96000075ab1 6 bytes - win32k!NtGdiOpenDCW (+0x59f0)
[ 48 8b c4 48 89 58:ff 25 56 68 06 00 ]
fffff9600007eeb8-fffff9600007eebf 8 bytes - win32k!NtGdiGetSystemPaletteUse (+0x940c)
[ 90 90 90 90 90 90 90 90:e0 d7 6c 03 80 f8 ff ff ]
fffff9600007f014-fffff9600007f017 4 bytes - win32k!NtUserSetWindowsHookEx (+0x15c)
[ 48 89 5c 24:ff 25 66 ce ]
fffff9600007f019 - win32k!NtUserSetWindowsHookEx+5 (+0x05)
[ 48:00 ]
fffff9600007f90c-fffff9600007f913 8 bytes - win32k!DestroyCacheDC+1d4 (+0x8f3)
[ 90 90 90 90 90 90 90 90:d4 d4 6c 03 80 f8 ff ff ]
fffff9600007ff78-fffff9600007ff7f 8 bytes - win32k!NtGdiPolyPolyDraw (+0x66c)
[ 90 90 90 90 90 90 90 90:04 d7 6c 03 80 f8 ff ff ]
fffff960000875c8-fffff960000875cd 6 bytes - win32k!NtGdiDeleteObjectApp (+0x7650)
[ 48 89 5c 24 08 57:ff 25 8e 55 10 00 ]
fffff96000089de8-fffff96000089def 8 bytes - win32k!bCaptureBitmapInfo+b8 (+0x2820)
[ 90 90 90 90 90 90 90 90:40 d5 6c 03 80 f8 ff ff ]
fffff960000950d8-fffff960000950df 8 bytes - win32k!NtUserThunkedMenuInfo+4 (+0xb2f0)
[ 90 90 90 90 90 90 90 90:38 f5 6c 03 80 f8 ff ff ]
fffff9600009d738-fffff9600009d73f 8 bytes - win32k!NtUserTrackMouseEvent (+0x8660)
[ 90 90 90 90 90 90 90 90:78 ed 6c 03 80 f8 ff ff ]
fffff960000a3f74-fffff960000a3f7b 8 bytes - win32k!NtUserGetIconInfo+1d4 (+0x683c)
[ 90 90 90 90 90 90 90 90:a4 dd 6c 03 80 f8 ff ff ]
fffff960000b28b8-fffff960000b28bf 8 bytes - win32k!UserGetAtomName+58 (+0xe944)
[ 90 90 90 90 90 90 90 90:30 d3 6c 03 80 f8 ff ff ]
fffff960000b74f4-fffff960000b74fb 8 bytes - win32k!PtiFromThreadId+dc (+0x4c3c)
[ 90 90 90 90 90 90 90 90:c8 dd 6c 03 80 f8 ff ff ]
fffff960000b7f30-fffff960000b7f35 6 bytes - win32k!NtGdiCreateCompatibleDC (+0xa3c)
[ e9 ff fa ff ff 90:ff 25 02 58 fe ff ]
fffff960000bacc8-fffff960000baccd 6 bytes - win32k!NtUserSystemParametersInfo (+0x2d98)
[ 44 89 4c 24 20 4c:ff 25 4a 21 14 00 ]
fffff960000d1a54-fffff960000d1a5b 8 bytes - win32k!ClearSendMessages+180 (+0x16d8c)
[ 90 90 90 90 90 90 90 90:28 d6 6c 03 80 f8 ff ff ]
Page 9917e not present in the dump file. Type ".hh dbgerr004" for details
fffff960000d1a5d-fffff960000d1a61 5 bytes - win32k!NtUserDestroyWindow+1 (+0x09)
[ f3 48 83 ec 20:25 5a e6 f9 ff ]
fffff960000d7480-fffff960000d7485 6 bytes - win32k!NtUserOpenDesktop (+0x5a23)
[ 48 89 5c 24 08 48:ff 25 26 d3 12 00 ]
fffff960000d79d8-fffff960000d79df 8 bytes - win32k!NtUserDragObject+154 (+0x558)
[ 90 90 90 90 90 90 90 90:ac f6 6c 03 80 f8 ff ff ]
fffff960000d9578-fffff960000d957d 6 bytes - win32k!NtUserSetWinEventHook (+0x1ba0)
[ 48 89 5c 24 08 48:ff 25 16 e9 f5 ff ]
fffff960000d98ec-fffff960000d98f3 8 bytes - win32k!NtUserGetGUIThreadInfo+d8 (+0x374)
[ 90 90 90 90 90 90 90 90:80 db 6c 03 80 f8 ff ff ]
fffff960000da640-fffff960000da645 6 bytes - win32k!NtUserGetClipboardData (+0xd54)
[ 48 89 5c 24 08 48:ff 25 72 48 fa ff ]
fffff960000da9a8-fffff960000da9ad 6 bytes - win32k!NtUserAttachThreadInput (+0x368)
[ 48 89 5c 24 08 48:ff 25 5a 69 00 00 ]
fffff960000db2b0-fffff960000db2b5 6 bytes - win32k!NtUserCallHwndParamLock (+0x908)
[ 48 89 5c 24 08 48:ff 25 02 76 fd ff ]
fffff960000dba0c-fffff960000dba11 6 bytes - win32k!NtUserGetAsyncKeyState (+0x75c)
[ 48 89 5c 24 08 48:ff 25 62 85 fc ff ]
fffff960000dc308-fffff960000dc30f 8 bytes - win32k!NtUserGetPriorityClipboardFormat+b0 (+0x8fc)
[ 90 90 90 90 90 90 90 90:b4 eb 6c 03 80 f8 ff ff ]
fffff960000dcb88-fffff960000dcb8d 6 bytes - win32k!NtUserRegisterHotKey (+0x880)
[ 48 8b c4 48 89 58:ff 25 8a 6b 0d 00 ]
fffff960000dd0ac-fffff960000dd0b1 6 bytes - win32k!NtUserSetClipboardViewer (+0x524)
[ 48 89 5c 24 08 57:ff 25 a2 49 ff ff ]
fffff960000dd4f0-fffff960000dd4f5 6 bytes - win32k!NtUserSetSysColors (+0x444)
[ 48 8b c4 48 89 58:ff 25 62 db 11 00 ]
fffff960000de848-fffff960000de84f 8 bytes - win32k!NtUserGetDCEx+168 (+0x1358)
[ 90 90 90 90 90 90 90 90:c4 ed 6c 03 80 f8 ff ff ]
fffff960000defd4-fffff960000defdb 8 bytes - win32k!NtUserSetWindowRgnEx+1cc (+0x78c)
[ 90 90 90 90 90 90 90 90:e0 f1 6c 03 80 f8 ff ff ]
fffff960000e0774-fffff960000e0779 6 bytes - win32k!NtUserBuildNameList (+0x17a0)
[ 48 89 5c 24 08 48:ff 25 72 91 ff ff ]
fffff960000e0c94-fffff960000e0c99 6 bytes - win32k!NtUserSendInput (+0x520)
[ 48 8b c4 48 89 58:ff 25 4e 91 fa ff ]
fffff960000e0e00-fffff960000e0e05 6 bytes - win32k!NtUserBlockInput (+0x16c)
[ 48 89 5c 24 08 48:ff 25 06 eb f9 ff ]
fffff960000e1308-fffff960000e130f 8 bytes - win32k!NtUserGetClassInfoEx (+0x508)
[ 90 90 90 90 90 90 90 90:ec dd 6c 03 80 f8 ff ff ]
fffff960000e1958-fffff960000e195f 8 bytes - win32k!NtUserGetProp+7c (+0x650)
[ 90 90 90 90 90 90 90 90:64 db 6c 03 80 f8 ff ff ]
fffff960000e30c0-fffff960000e30c5 6 bytes - win32k!NtUserGetKeyboardState (+0x1768)
[ 48 89 4c 24 08 53:ff 25 12 8b 11 00 ]
fffff960000e323c-fffff960000e3241 6 bytes - win32k!NtUserGetKeyState (+0x17c)
[ 48 89 5c 24 08 48:ff 25 b2 42 fd ff ]
fffff960000e7d64-fffff960000e7d69 6 bytes - win32k!NtUserRegisterRawInputDevices (+0x4b28)
[ 48 89 5c 24 10 56:ff 25 fa 50 11 00 ]
Page 99199 not present in the dump file. Type ".hh dbgerr004" for details
Page 99cb8 not present in the dump file. Type ".hh dbgerr004" for details
Page 9a3bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99dbe not present in the dump file. Type ".hh dbgerr004" for details
Page 991c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 98dcd not present in the dump file. Type ".hh dbgerr004" for details
Page 999e6 not present in the dump file. Type ".hh dbgerr004" for details
Page 997e7 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa06 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff09 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0b not present in the dump file. Type ".hh dbgerr004" for details
Page 6fd0c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc0d not present in the dump file. Type ".hh dbgerr004" for details
Page 7000e not present in the dump file. Type ".hh dbgerr004" for details
Page 90825 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fe26 not present in the dump file. Type ".hh dbgerr004" for details
Page 90a28 not present in the dump file. Type ".hh dbgerr004" for details
Page 90e2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9062f not present in the dump file. Type ".hh dbgerr004" for details
Page 90a30 not present in the dump file. Type ".hh dbgerr004" for details
Page 91431 not present in the dump file. Type ".hh dbgerr004" for details
Page 91632 not present in the dump file. Type ".hh dbgerr004" for details
Page 91333 not present in the dump file. Type ".hh dbgerr004" for details
fffff960000e9718-fffff960000e971d 6 bytes - win32k!NtUserAddClipboardFormatListener (+0x19b4)
[ 48 89 5c 24 08 48:ff 25 5a 68 f9 ff ]
fffff9600018cb5c-fffff9600018cb63 8 bytes - win32k!NtGdiD3dValidateTextureStageState+c (+0xa3444)
[ 90 90 90 90 90 90 90 90:18 ed 6c 03 80 f8 ff ff ]
Page 91d3e not present in the dump file. Type ".hh dbgerr004" for details
Page 9243f not present in the dump file. Type ".hh dbgerr004" for details
Page 97e42 not present in the dump file. Type ".hh dbgerr004" for details
Page 97d43 not present in the dump file. Type ".hh dbgerr004" for details
Page 98044 not present in the dump file. Type ".hh dbgerr004" for details
Page 98548 not present in the dump file. Type ".hh dbgerr004" for details
Page 98549 not present in the dump file. Type ".hh dbgerr004" for details
Page 9894c not present in the dump file. Type ".hh dbgerr004" for details
Page 9884d not present in the dump file. Type ".hh dbgerr004" for details
Page 98a4e not present in the dump file. Type ".hh dbgerr004" for details
Page 98757 not present in the dump file. Type ".hh dbgerr004" for details
fffff96000191098-fffff9600019109d 6 bytes - win32k!NtGdiAlphaBlend (+0x453c)
[ 4c 8b dc 45 89 4b:ff 25 1e 5f 06 00 ]
Page 98b66 not present in the dump file. Type ".hh dbgerr004" for details
Page 9916d not present in the dump file. Type ".hh dbgerr004" for details
Page 9926e not present in the dump file. Type ".hh dbgerr004" for details
Page 9958e not present in the dump file. Type ".hh dbgerr004" for details
Page 98f8f not present in the dump file. Type ".hh dbgerr004" for details
Page 98b95 not present in the dump file. Type ".hh dbgerr004" for details
Page 99398 not present in the dump file. Type ".hh dbgerr004" for details
Page 99099 not present in the dump file. Type ".hh dbgerr004" for details
Page 9989b not present in the dump file. Type ".hh dbgerr004" for details
fffff960001b3718-fffff960001b371f 8 bytes - win32k!GreGetRgnBox+4 (+0x22680)
[ 90 90 90 90 90 90 90 90:18 df 6c 03 80 f8 ff ff ]
fffff960001f6fbc-fffff960001f6fc3 8 bytes - win32k!XLATE::pfnXlateBetweenBitfields+60 (+0x438a4)
[ 90 90 90 90 90 90 90 90:28 f8 6c 03 80 f8 ff ff ]
fffff960001f76b8-fffff960001f76bd 6 bytes - win32k!NtGdiBitBltInternal (+0x6fc)
[ 48 8b c4 48 89 58:ff 25 6a 35 00 00 ]
fffff960001fac28-fffff960001fac2f 8 bytes - win32k!CaptureDriverInfo2W+318 (+0x3570)
[ 90 90 90 90 90 90 90 90:08 ee 6c 03 80 f8 ff ff ]
fffff960001fb058-fffff960001fb05f 8 bytes - win32k!NtGdiGetBitmapBits+d4 (+0x430)
[ 90 90 90 90 90 90 90 90:94 d2 6c 03 80 f8 ff ff ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
Page 994ac not present in the dump file. Type ".hh dbgerr004" for details
Page 99fba not present in the dump file. Type ".hh dbgerr004" for details
Page 9a1bc not present in the dump file. Type ".hh dbgerr004" for details
Page 9a2bd not present in the dump file. Type ".hh dbgerr004" for details
Page 99cbe not present in the dump file. Type ".hh dbgerr004" for details
Page 996bf not present in the dump file. Type ".hh dbgerr004" for details
Page 995c0 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c1 not present in the dump file. Type ".hh dbgerr004" for details
Page 992c2 not present in the dump file. Type ".hh dbgerr004" for details
Page 993c3 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c4 not present in the dump file. Type ".hh dbgerr004" for details
Page 990c5 not present in the dump file. Type ".hh dbgerr004" for details
Page 996c7 not present in the dump file. Type ".hh dbgerr004" for details
Page 991cb not present in the dump file. Type ".hh dbgerr004" for details
Page 99cd9 not present in the dump file. Type ".hh dbgerr004" for details
Page 99bda not present in the dump file. Type ".hh dbgerr004" for details
Page 99bdb not present in the dump file. Type ".hh dbgerr004" for details
Page 999dc not present in the dump file. Type ".hh dbgerr004" for details
Page 999dd not present in the dump file. Type ".hh dbgerr004" for details
Page 99bde not present in the dump file. Type ".hh dbgerr004" for details
Page 997df not present in the dump file. Type ".hh dbgerr004" for details
Page 99ced not present in the dump file. Type ".hh dbgerr004" for details
Page 997ef not present in the dump file. Type ".hh dbgerr004" for details
Page 994f0 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f1 not present in the dump file. Type ".hh dbgerr004" for details
Page 99ef4 not present in the dump file. Type ".hh dbgerr004" for details
Page 999f5 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f6 not present in the dump file. Type ".hh dbgerr004" for details
Page 994f7 not present in the dump file. Type ".hh dbgerr004" for details
Page 992f8 not present in the dump file. Type ".hh dbgerr004" for details
Page 996f9 not present in the dump file. Type ".hh dbgerr004" for details
Page 996fa not present in the dump file. Type ".hh dbgerr004" for details
Page 995fb not present in the dump file. Type ".hh dbgerr004" for details
Page 6f401 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc02 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f703 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb04 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f705 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f906 not present in the dump file. Type ".hh dbgerr004" for details
Page 6f407 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa08 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc12 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fc13 not present in the dump file. Type ".hh dbgerr004" for details
Page 6fb1c not present in the dump file. Type ".hh dbgerr004" for details
Page 6fa1d not present in the dump file. Type ".hh dbgerr004" for details
Page 6ff1f not present in the dump file. Type ".hh dbgerr004" for details
Page 6fe20 not present in the dump file. Type ".hh dbgerr004" for details
Page 8f721 not present in the dump file. Type ".hh dbgerr004" for details
Page 8fb22 not present in the dump file. Type ".hh dbgerr004" for details
Page 90324 not present in the dump file. Type ".hh dbgerr004" for details
Page 90b2c not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2d not present in the dump file. Type ".hh dbgerr004" for details
Page 90d2e not present in the dump file. Type ".hh dbgerr004" for details
Page 9052f not present in the dump file. Type ".hh dbgerr004" for details
Page 91233 not present in the dump file. Type ".hh dbgerr004" for details
Page 9243b not present in the dump file. Type ".hh dbgerr004" for details
Page 9213c not present in the dump file. Type ".hh dbgerr004" for details
Page 9223d not present in the dump file. Type ".hh dbgerr004" for details
Page 91c3e not present in the dump file. Type ".hh dbgerr004" for details
Page 92440 not present in the dump file. Type ".hh dbgerr004" for details
Page 9874d not present in the dump file. Type ".hh dbgerr004" for details
Page 9894e not present in the dump file. Type ".hh dbgerr004" for details
Page 9854f not present in the dump file. Type ".hh dbgerr004" for details
404 errors : !win32k (fffff96000037e94-fffff9600020c3b5)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: LARGE

FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE

Followup: memory_corruption
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000041, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: fffff880009e9180, The PRCB address of the hung processor.
Arg4: 0000000000000001, 0.

Debugging Details:
------------------

[/log]
Niemniej możecie na to spojrzeć i zasugerować co i jak ;)

EDIT:
Dobra, w wolnej chwili przetestuję pamięci Memtestem (już wypaliłem nawet płytkę / nie mam wolnego pena ;)).

raazor90
komentarz
komentarz

[quote name='Igorrodz' timestamp='1337381765' post='1503164'] CLOCK_WATCHDOG_TIMEOUT (101) [/quote] kręciłeś proca?

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz

Tak, podkręciłem szyną. Mam dokładnie takie ustawienia:
[url=http://obrazki.elektroda.net/23_1337430061.jpg][img]http://obrazki.elektroda.net/23_1337430061_thumb.jpg[/img][/url]

Co do samych pamięci i przetestowania ich - sprawne:
[url=http://obrazki.elektroda.net/22_1337430313.jpg][img]http://obrazki.elektroda.net/22_1337430313_thumb.jpg[/img][/url]

Sugerujesz, że 'przekręciłem' procesor?

raazor90
komentarz
komentarz

Dla mnie coś nie halo z prockiem, dałem wędkę łap ryby :PP

  • Dobra wypowiedź 1
Igorrodz
komentarz
komentarz

Heh, rozumiem. Zresztą... zresztą ten kastrat zaczyna mnie wnerwiać :zly:
Ani go porządnie odblokować ani porządnie podkręcić nie da się. Masakra :E

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.