malina80 utworzono 21 maja 2012 utworzono 21 maja 2012 Witam Od paru dni mam powracajace ciasteczko yieldmanager. Uzywam Explorera. Robilam full scan AVG i niestety nie pomoglo Moze to nieistotne ale miesiac temu mialam wirusa ktory calkowicie zainfekowal moje user account (zainfekowany winlogon.exe i extra proces crrss) nie wiem czy udalo mi sie to usunac antywirusem (niesadze) ale za pomoca msconfig uzywam general/selective startup i blokuje co nie trzeba. boje sie ze jak uzyje normal startup to proces crrssi winlogon powroca i znow zinfekuja moj nowy (dzialajacy) profil. Teraz proboje sie pozbyc tych ogloszen i z gory dziekuje za sprawdzenie logow [b]OTL[/b] [log]OTL logfile created on: 5/21/2012 3:51:55 PM - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\dorotat\Documents\downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 12.00 Gb Total Physical Memory | 9.73 Gb Available Physical Memory | 81.06% Memory free 23.99 Gb Paging File | 21.54 Gb Available in Paging File | 89.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 462.83 Gb Total Space | 350.44 Gb Free Space | 75.72% Space Free | Partition Type: NTFS Computer Name: XEON-DOROTA | User Name: dorotat | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 90 Days [color=#e56717]========== Processes (All) ==========[/color] PRC - File not found -- PRC - [2012/05/21 14:38:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\dorotat\Documents\downloads\OTL.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamgui.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011/03/28 09:18:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe PRC - [2010/10/29 15:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010/10/29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2010/09/26 18:51:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/03/04 02:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 02:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2009/07/14 02:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\notepad.exe PRC - [2009/06/25 02:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/04/23 20:37:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [color=#e56717]========== Modules (All) ==========[/color] MOD - [2012/05/21 14:38:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\dorotat\Documents\downloads\OTL.exe MOD - [2012/05/16 09:40:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll MOD - [2012/05/16 09:30:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/16 09:29:38 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll MOD - [2012/05/16 09:29:31 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll MOD - [2012/05/16 09:29:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/16 09:29:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/16 09:29:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/16 09:29:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/16 09:28:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/04/21 05:21:01 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll MOD - [2012/04/20 19:57:04 | 000,507,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgsrmx.dll MOD - [2012/04/20 19:56:38 | 000,936,528 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll MOD - [2012/04/17 09:13:57 | 000,053,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL MOD - [2012/04/17 09:13:49 | 003,781,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll MOD - [2012/04/17 09:13:42 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll MOD - [2012/04/17 09:13:42 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll MOD - [2012/04/17 09:09:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll MOD - [2012/04/17 09:09:07 | 001,101,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll MOD - [2012/04/17 09:09:07 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll MOD - [2012/04/17 09:09:07 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll MOD - [2012/04/17 09:09:07 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll MOD - [2012/04/13 17:40:00 | 001,390,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgssie.dll MOD - [2012/04/10 09:05:48 | 008,778,400 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_228.ocx MOD - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe MOD - [2012/04/04 15:56:38 | 002,165,320 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamnet.dll MOD - [2012/04/04 15:56:38 | 000,476,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbam.dll MOD - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamgui.exe MOD - [2012/03/27 05:19:36 | 000,122,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgpp.dll MOD - [2012/03/23 05:56:16 | 000,385,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgdecider.dll MOD - [2012/03/01 06:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2012/03/01 04:40:52 | 000,950,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgxpl.dll MOD - [2012/02/28 06:38:52 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2012/02/28 06:38:37 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2012/02/28 06:35:38 | 005,998,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll MOD - [2012/02/28 06:35:35 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll MOD - [2012/02/28 06:34:42 | 002,073,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2012/02/28 06:34:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll MOD - [2012/02/28 06:34:41 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2012/02/28 06:34:40 | 010,992,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2012/02/15 04:56:36 | 000,284,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avglogx.dll MOD - [2012/02/15 04:56:32 | 000,880,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll MOD - [2012/02/14 04:53:22 | 003,175,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avguires.dll MOD - [2012/02/14 04:53:00 | 000,366,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll MOD - [2012/02/14 04:53:00 | 000,158,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgse.dll MOD - [2012/02/14 04:52:58 | 000,889,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll MOD - [2012/02/14 04:52:58 | 000,129,376 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll MOD - [2012/02/14 04:52:56 | 001,049,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll MOD - [2012/02/14 04:52:56 | 000,853,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcslx.dll MOD - [2012/02/14 04:52:56 | 000,176,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avglngx.dll MOD - [2012/02/14 04:52:54 | 000,343,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidpmx.dll MOD - [2012/01/04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2012/01/04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2012/01/04 03:51:00 | 005,925,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MOD - [2012/01/04 03:50:59 | 000,364,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MOD - [2011/12/16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2011/11/17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2011/11/17 06:34:52 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2011/11/17 06:34:52 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2011/11/17 06:28:48 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2011/10/14 05:24:42 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll MOD - [2011/08/27 05:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2011/08/27 05:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2011/07/16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2011/07/16 05:24:22 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2011/06/16 05:33:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll MOD - [2011/05/24 11:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2011/05/24 11:40:05 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2011/05/24 11:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2011/05/17 09:27:52 | 000,413,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MOD - [2011/05/04 05:34:43 | 001,549,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tquery.dll MOD - [2011/03/03 06:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2011/02/03 00:25:32 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll MOD - [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe MOD - [2010/11/20 13:21:39 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2010/11/20 13:21:36 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2010/11/20 13:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2010/11/20 13:21:36 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2010/11/20 13:21:36 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2010/11/20 13:21:36 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2010/11/20 13:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2010/11/20 13:21:34 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll MOD - [2010/11/20 13:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2010/11/20 13:21:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2010/11/20 13:21:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\twext.dll MOD - [2010/11/20 13:21:30 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll MOD - [2010/11/20 13:21:27 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll MOD - [2010/11/20 13:21:27 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll MOD - [2010/11/20 13:21:27 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\syncui.dll MOD - [2010/11/20 13:21:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2010/11/20 13:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2010/11/20 13:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2010/11/20 13:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2010/11/20 13:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2010/11/20 13:21:06 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll MOD - [2010/11/20 13:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2010/11/20 13:21:03 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2010/11/20 13:21:03 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2010/11/20 13:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2010/11/20 13:20:55 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll MOD - [2010/11/20 13:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010/11/20 13:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2010/11/20 13:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll MOD - [2010/11/20 13:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2010/11/20 13:20:29 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll MOD - [2010/11/20 13:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2010/11/20 13:20:27 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NaturalLanguage6.dll MOD - [2010/11/20 13:19:56 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll MOD - [2010/11/20 13:19:56 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll MOD - [2010/11/20 13:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2010/11/20 13:19:55 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvfw32.dll MOD - [2010/11/20 13:19:52 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll MOD - [2010/11/20 13:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll MOD - [2010/11/20 13:19:45 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2010/11/20 13:19:45 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2010/11/20 13:19:39 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2010/11/20 13:19:23 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2010/11/20 13:19:22 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll MOD - [2010/11/20 13:19:18 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll MOD - [2010/11/20 13:19:18 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll MOD - [2010/11/20 13:19:03 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll MOD - [2010/11/20 13:19:01 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2010/11/20 13:18:38 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll MOD - [2010/11/20 13:18:26 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll MOD - [2010/11/20 13:18:25 | 001,828,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2010/11/20 13:18:25 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2010/11/20 13:18:24 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2010/11/20 13:18:24 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2010/11/20 13:18:23 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll MOD - [2010/11/20 13:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2010/11/20 13:18:09 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll MOD - [2010/11/20 13:18:09 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll MOD - [2010/11/20 13:18:05 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2010/11/20 13:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2010/11/20 13:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2010/11/20 13:18:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2010/11/20 13:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2010/11/20 13:16:50 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv MOD - [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2010/11/20 13:08:57 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2010/11/20 13:08:51 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2010/11/20 13:08:51 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010/11/05 02:58:19 | 000,297,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscoree.dll MOD - [2010/11/05 02:57:40 | 000,572,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll MOD - [2010/10/29 15:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe MOD - [2010/10/29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2010/09/27 01:41:00 | 009,830,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll MOD - [2010/09/22 19:04:20 | 000,061,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MOD - [2010/09/22 19:04:14 | 000,075,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll MOD - [2010/09/02 09:33:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll MOD - [2010/03/04 02:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MOD - [2010/03/04 02:08:36 | 000,163,328 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll MOD - [2010/03/04 02:08:30 | 001,046,528 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll MOD - [2010/01/11 04:46:32 | 000,882,608 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\w3dtk_wt.1.6.1555.dll MOD - [2010/01/11 04:46:32 | 000,759,728 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\whiptk_wt.7.12.601.dll MOD - [2010/01/11 04:46:32 | 000,043,952 | R--- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\EN-US\DWFShellExtensionRes.dll MOD - [2010/01/11 04:46:30 | 001,826,224 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\dwftk_wt.7.6.0.dll MOD - [2010/01/11 04:46:28 | 000,731,568 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\dwfcore_wt.1.6.0.dll MOD - [2010/01/11 04:46:24 | 001,891,248 | R--- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll MOD - [2009/07/14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009/07/14 02:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009/07/14 02:16:19 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009/07/14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll MOD - [2009/07/14 02:16:18 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WcnApi.dll MOD - [2009/07/14 02:16:17 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll MOD - [2009/07/14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009/07/14 02:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll MOD - [2009/07/14 02:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009/07/14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009/07/14 02:16:15 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll MOD - [2009/07/14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009/07/14 02:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll MOD - [2009/07/14 02:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009/07/14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009/07/14 02:16:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceTypes.dll MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009/07/14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009/07/14 02:16:12 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009/07/14 02:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll MOD - [2009/07/14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009/07/14 02:16:05 | 004,888,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NlsData0009.dll MOD - [2009/07/14 02:16:03 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkitemfactory.dll MOD - [2009/07/14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009/07/14 02:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll MOD - [2009/07/14 02:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2009/07/14 02:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimtf.dll MOD - [2009/07/14 02:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009/07/14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009/07/14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009/07/14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009/07/14 02:15:27 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll MOD - [2009/07/14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll MOD - [2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FirewallAPI.dll MOD - [2009/07/14 02:15:21 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fundisc.dll MOD - [2009/07/14 02:15:20 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fdWCN.dll MOD - [2009/07/14 02:15:20 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fdProxy.dll MOD - [2009/07/14 02:15:20 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fdWNet.dll MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009/07/14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll MOD - [2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll MOD - [2009/07/14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009/07/14 02:15:13 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dtsh.dll MOD - [2009/07/14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dfscli.dll MOD - [2009/07/14 02:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddraw.dll MOD - [2009/07/14 02:15:10 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddrawex.dll MOD - [2009/07/14 02:15:09 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dciman32.dll MOD - [2009/07/14 02:15:08 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dim700.dll MOD - [2009/07/14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll MOD - [2009/07/14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009/07/14 02:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009/07/14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009/07/14 02:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\notepad.exe MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009/07/14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll MOD - [2009/07/14 02:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009/07/14 02:08:30 | 002,628,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NlsLexicons0009.dll MOD - [2009/07/14 02:07:56 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netmsg.dll MOD - [2009/06/25 02:19:58 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\MFC71.dll MOD - [2009/06/25 02:19:58 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcp71.dll MOD - [2009/06/25 02:19:58 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcr71.dll MOD - [2009/06/25 02:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe MOD - [2009/06/25 02:19:46 | 000,074,984 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll MOD - [2009/04/23 20:37:52 | 000,446,464 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smwdmif.dll MOD - [2009/04/23 20:37:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe MOD - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe MOD - [2007/07/07 12:09:56 | 001,003,520 | ---- | M] (Robert McNeel &amp; Associates) -- C:\Program Files (x86)\Rhinoceros 4.0\System\RhinoShExt.dll MOD - [2007/05/10 23:18:44 | 000,685,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll MOD - [2007/05/10 22:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll MOD - [2006/09/15 13:58:44 | 000,934,400 | R--- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll MOD - [2006/09/14 23:46:46 | 000,208,896 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll MOD - [2006/09/14 23:20:38 | 000,346,112 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll MOD - [2006/09/14 23:20:38 | 000,212,992 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll MOD - [2006/08/02 07:52:46 | 000,126,976 | R--- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll MOD - [2003/10/17 14:44:08 | 000,057,344 | R--- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MFC71ENU.DLL [color=#e56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/05/04 14:51:27 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk2\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64) SRV:[b]64bit:[/b] - [2009/12/16 17:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:[b]64bit:[/b] - [2009/12/10 19:09:16 | 000,515,872 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV:[b]64bit:[/b] - [2009/11/24 22:02:28 | 002,341,224 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV:[b]64bit:[/b] - [2009/11/18 23:05:12 | 001,558,016 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV:[b]64bit:[/b] - [2009/10/27 14:49:32 | 006,807,656 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/04/10 09:05:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/03/28 09:18:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/09/26 18:51:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/04 02:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/12 19:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) [color=#e56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:[b]64bit:[/b] - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:[b]64bit:[/b] - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:[b]64bit:[/b] - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/09/27 16:42:10 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:[b]64bit:[/b] - [2010/09/27 16:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:[b]64bit:[/b] - [2010/03/04 01:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/02/10 18:37:06 | 000,103,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp) DRV:[b]64bit:[/b] - [2010/02/09 14:06:54 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/04/23 20:41:06 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:[b]64bit:[/b] - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:[b]64bit:[/b] - [2009/03/13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:[b]64bit:[/b] - [2009/03/13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:[b]64bit:[/b] - [2008/06/04 19:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV) DRV:[b]64bit:[/b] - [2007/07/23 15:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#e56717]========== Standard Registry (SafeList) ==========[/color] [color=#e56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&amp;FORM=IE8SRC"]http://www.bing.com/...ms}&amp;FORM=IE8SRC[/url] IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&amp;rls=com.microsoft:{language}:{referrer:source?}&amp;ie={inputEncoding}&amp;oe={outputEncoding}&amp;sourceid=ie7"]http://www.google.co...g}&amp;sourceid=ie7[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&amp;FORM=IE8SRC"]http://www.bing.com/...ms}&amp;FORM=IE8SRC[/url] IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&amp;rls=com.microsoft:{language}:{referrer:source?}&amp;ie={inputEncoding}&amp;oe={outputEncoding}&amp;sourceid=ie7"]http://www.google.co...g}&amp;sourceid=ie7[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-953094559-3865728012-856239985-1189\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www1.euro.dell.com/content/default.aspx?c=uk&amp;l=en&amp;s=gen"]http://www1.euro.del...c=uk&amp;l=en&amp;s=gen[/url] IE - HKU\S-1-5-21-953094559-3865728012-856239985-1189\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-953094559-3865728012-856239985-1189\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-953094559-3865728012-856239985-1189\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&amp;src=IE-SearchBox&amp;FORM=IE8SRC"]http://www.bing.com/...Box&amp;FORM=IE8SRC[/url] IE - HKU\S-1-5-21-953094559-3865728012-856239985-1189\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&amp;rls=com.microsoft:{language}:{referrer:source?}&amp;ie={inputEncoding}&amp;oe={outputEncoding}&amp;sourceid=ie7&amp;rlz=1I7GGIE_enGB443"]http://www.google.co...1I7GGIE_enGB443[/url] IE - HKU\S-1-5-21-953094559-3865728012-856239985-1189\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#e56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/16 09:49:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 09:16:36 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/04/18 09:08:07 | 000,001,389 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 176.9.75.3 [url="http://www.google-analytics.com"]www.google-analytics.com[/url]. O1 - Hosts: 176.9.75.3 ad-emea.doubleclick.net. O1 - Hosts: 176.9.75.3 [url="http://www.statcounter.com"]www.statcounter.com[/url]. O1 - Hosts: 108.163.215.51 [url="http://www.google-analytics.com"]www.google-analytics.com[/url]. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 [url="http://www.statcounter.com"]www.statcounter.com[/url]. O2:[b]64bit:[/b] - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-953094559-3865728012-856239985-1189\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-953094559-3865728012-856239985-1189\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes&#39; Anti-Malware] C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&amp;ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Add to Google Photos Screensa&amp;ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:[b]64bit:[/b] - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} [url="https://www.promapserver.co.uk/controls/latest/promap.cab"]https://www.promapse...test/promap.cab[/url] (Promap Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.ad...Plus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.waterslade.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75129511-49D6-466C-95F7-AAE568A0BE56}: NameServer = 10.12.63.100,8.8.8.8,8.8.8.8,8.8.8.8,10.12.63.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA62DD81-1AEC-45B4-A9A8-23BBE1B4475F}: DhcpNameServer = 10.12.63.100 O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\crrss.exe) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:[b]64bit:[/b] - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/11/09 10:33:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: [b]Akamai NetSession Interface[/b] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b]crrss[/b] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b]Gadu-Gadu 10[/b] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b]nwiz[/b] - hkey= - key= - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () MsConfig:64bit - StartUpReg: [b]winlogon[/b] - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] mcmscsvc - Service SafeBootMin:[b]64bit:[/b] MCODS - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] mcmscsvc - Service SafeBootNet:[b]64bit:[/b] MCODS - Service SafeBootNet:[b]64bit:[/b] MpfService - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#e56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2012/05/21 15:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2012/05/21 15:41:50 | 000,000,000 | ---D | C] -- C:\rsit [2012/05/21 15:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012/05/21 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Malwarebytes [2012/05/21 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes&#39; Anti-Malware [2012/05/21 13:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/21 13:25:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/05/21 13:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware [2012/05/18 16:35:04 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012/05/18 16:34:40 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Notepad++ [2012/05/18 14:28:48 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Waterslade [2012/05/18 13:58:51 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\toolbar1 [2012/05/18 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\Picasa [2012/05/18 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\old desktop [2012/05/18 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\lisps [2012/05/18 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\dt [2012/05/18 13:58:32 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\downloads [2012/05/18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Desktop\desktop [2012/05/18 13:57:56 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\company software [2012/05/18 13:57:18 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Google [2012/05/18 13:56:54 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\Autodesk [2012/05/18 13:54:07 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Autodesk [2012/05/18 13:54:07 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Autodesk [2012/05/18 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Adobe [2012/05/18 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Adobe [2012/05/18 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Intel Corporation [2012/05/18 13:53:21 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Wave Systems Corp [2012/05/18 13:53:21 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Broadcom [2012/05/18 13:53:19 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\AVG2012 [2012/05/18 13:52:46 | 000,000,000 | R--D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/05/18 13:52:46 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Searches [2012/05/18 13:52:46 | 000,000,000 | R--D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/05/18 13:52:46 | 000,000,000 | -H-D | C] -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/05/18 13:52:35 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Identities [2012/05/18 13:52:34 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Contacts [2012/05/18 13:52:23 | 000,000,000 | --SD | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Videos [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Saved Games [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Pictures [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Music [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Links [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Favorites [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Downloads [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Documents [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Desktop [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\AppData\Local\Temporary Internet Files [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Templates [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Start Menu [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\SendTo [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Recent [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\PrintHood [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\NetHood [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Documents\My Videos [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Documents\My Pictures [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Documents\My Music [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\My Documents [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Local Settings [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\AppData\Local\History [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Cookies [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Application Data [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\AppData\Local\Application Data [2012/05/18 13:52:23 | 000,000,000 | -H-D | C] -- C:\Users\dorotat\AppData [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\Visual Studio 2008 [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Temp [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Microsoft Help [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Microsoft [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Media Center Programs [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Macromedia [2012/05/16 09:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/04/20 14:48:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/04/19 04:50:26 | 000,028,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys [2012/04/18 16:44:20 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012/04/18 16:39:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/04/18 16:39:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/04/18 16:39:00 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/04/18 16:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/04/18 16:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012/04/18 16:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/04/18 16:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/04/18 14:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10 [2012/04/16 16:50:58 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/04/16 15:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012/04/16 15:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2012/04/16 10:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2012/04/16 10:49:36 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012/04/16 10:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012/04/16 10:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/04/16 10:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/03/19 05:17:26 | 000,383,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2012/03/05 10:12:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/02/22 05:25:32 | 000,289,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#e56717]========== Files - Modified Within 90 Days ==========[/color] [2012/05/21 15:53:52 | 001,310,720 | -HS- | M] () -- C:\Users\dorotat\NTUSER.DAT [2012/05/21 15:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/21 15:41:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/21 15:28:25 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/21 15:28:25 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/21 15:27:16 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/21 15:27:16 | 000,664,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/21 15:27:16 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/21 15:21:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/21 15:21:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012/05/21 15:21:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/21 15:21:03 | 1071,816,702 | -HS- | M] () -- C:\hiberfil.sys [2012/05/21 15:20:05 | 002,071,684 | -H-- | M] () -- C:\Users\dorotat\AppData\Local\IconCache.db [2012/05/21 13:25:15 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/21 12:20:30 | 000,001,482 | ---- | M] () -- C:\Users\dorotat\Desktop\Internet Explorer.lnk [2012/05/21 10:28:09 | 000,001,064 | ---- | M] () -- C:\Users\dorotat\Desktop\Run [email="Ultr@VNC"]Ultr@VNC[/email] VIEWER.lnk [2012/05/21 09:34:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/05/21 09:19:32 | 098,714,532 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/05/18 16:35:52 | 000,524,288 | -HS- | M] () -- C:\Users\dorotat\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012/05/18 16:35:52 | 000,524,288 | -HS- | M] () -- C:\Users\dorotat\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012/05/18 16:35:52 | 000,065,536 | -HS- | M] () -- C:\Users\dorotat\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012/05/18 14:19:08 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI [2012/05/18 14:01:54 | 000,034,814 | ---- | M] () -- C:\Users\dorotat\AppData\Local\dt.dat [2012/05/18 14:00:30 | 000,001,911 | ---- | M] () -- C:\Users\dorotat\Desktop\proj (Officeserver) - Shortcut.lnk [2012/05/18 14:00:22 | 000,001,929 | ---- | M] () -- C:\Users\dorotat\Desktop\Archive (OFFICESERVER) - Shortcut.lnk [2012/05/18 14:00:12 | 000,002,049 | ---- | M] () -- C:\Users\dorotat\Desktop\163 - backup dated 17-04-12.lnk [2012/05/18 13:57:07 | 000,001,476 | ---- | M] () -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/18 13:56:31 | 000,001,090 | ---- | M] () -- C:\Users\dorotat\Desktop\Documents.lnk [2012/05/18 13:54:10 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk [2012/05/18 13:53:07 | 000,094,424 | ---- | M] () -- C:\Users\dorotat\AppData\Local\GDIPFONTCACHEV1.DAT [2012/05/18 13:52:23 | 000,000,020 | -HS- | M] () -- C:\Users\dorotat\ntuser.ini [2012/05/18 13:42:43 | 000,002,412 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/05/16 09:49:26 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/05/16 09:23:53 | 000,358,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/10 18:16:35 | 000,193,495 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/05/01 03:00:46 | 000,788,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys [2012/04/18 16:39:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/04/18 16:39:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/04/18 09:08:07 | 000,001,389 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/04/17 09:12:02 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2012/04/16 10:50:37 | 002,066,521 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/03/20 13:50:18 | 000,251,528 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012/03/20 12:58:58 | 000,951,871 | ---- | M] () -- C:\Users\dorotat\Documents\no claim discount_dorota_tatera.pdf [2012/03/20 11:14:32 | 000,081,024 | ---- | M] () -- C:\Users\dorotat\Desktop\blank.dwg [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2012/03/16 18:13:45 | 000,001,492 | ---- | M] () -- C:\user.js [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#e56717]========== Files Created - No Company Name ==========[/color] [2012/05/21 13:25:15 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/21 12:20:30 | 000,001,482 | ---- | C] () -- C:\Users\dorotat\Desktop\Internet Explorer.lnk [2012/05/21 10:28:09 | 000,001,064 | ---- | C] () -- C:\Users\dorotat\Desktop\Run [email="Ultr@VNC"]Ultr@VNC[/email] VIEWER.lnk [2012/05/21 09:19:32 | 098,714,532 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/05/18 16:35:49 | 002,071,684 | -H-- | C] () -- C:\Users\dorotat\AppData\Local\IconCache.db [2012/05/18 14:01:54 | 000,034,814 | ---- | C] () -- C:\Users\dorotat\AppData\Local\dt.dat [2012/05/18 14:00:30 | 000,001,911 | ---- | C] () -- C:\Users\dorotat\Desktop\proj (Officeserver) - Shortcut.lnk [2012/05/18 14:00:22 | 000,001,929 | ---- | C] () -- C:\Users\dorotat\Desktop\Archive (OFFICESERVER) - Shortcut.lnk [2012/05/18 14:00:12 | 000,002,049 | ---- | C] () -- C:\Users\dorotat\Desktop\163 - backup dated 17-04-12.lnk [2012/05/18 13:58:51 | 000,951,871 | ---- | C] () -- C:\Users\dorotat\Documents\no claim discount_dorota_tatera.pdf [2012/05/18 13:58:51 | 000,173,835 | ---- | C] () -- C:\Users\dorotat\Documents\chodziez.JPG [2012/05/18 13:58:51 | 000,023,278 | ---- | C] () -- C:\Users\dorotat\Documents\sudoku.jpg [2012/05/18 13:58:20 | 000,133,420 | ---- | C] () -- C:\Users\dorotat\Desktop\ARROWS_GALLERY.dwg [2012/05/18 13:58:20 | 000,081,024 | ---- | C] () -- C:\Users\dorotat\Desktop\blank.dwg [2012/05/18 13:58:20 | 000,045,056 | ---- | C] () -- C:\Users\dorotat\Desktop\CONTKEY1.dwg [2012/05/18 13:57:07 | 000,001,476 | ---- | C] () -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/18 13:56:31 | 000,001,090 | ---- | C] () -- C:\Users\dorotat\Desktop\Documents.lnk [2012/05/18 13:53:07 | 000,094,424 | ---- | C] () -- C:\Users\dorotat\AppData\Local\GDIPFONTCACHEV1.DAT [2012/05/18 13:53:00 | 000,001,448 | ---- | C] () -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/05/18 13:52:55 | 000,001,482 | ---- | C] () -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/05/18 13:52:23 | 001,310,720 | -HS- | C] () -- C:\Users\dorotat\NTUSER.DAT [2012/05/18 13:52:23 | 000,524,288 | -HS- | C] () -- C:\Users\dorotat\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012/05/18 13:52:23 | 000,524,288 | -HS- | C] () -- C:\Users\dorotat\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012/05/18 13:52:23 | 000,065,536 | -HS- | C] () -- C:\Users\dorotat\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012/05/18 13:52:23 | 000,000,290 | ---- | C] () -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/05/18 13:52:23 | 000,000,272 | ---- | C] () -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012/05/18 13:52:23 | 000,000,020 | -HS- | C] () -- C:\Users\dorotat\ntuser.ini [2012/05/10 18:16:35 | 000,193,495 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/04/18 16:39:22 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/04/18 16:39:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/04/18 16:39:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/04/17 09:23:04 | 000,002,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk [2012/04/17 09:23:04 | 000,002,213 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2012/04/17 09:23:04 | 000,002,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012/04/17 09:23:04 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012/04/17 09:12:02 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2012/04/16 12:18:06 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk [2012/04/16 12:10:06 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/04/16 10:49:38 | 002,066,521 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/04/10 09:05:51 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/16 18:13:44 | 000,001,492 | ---- | C] () -- C:\user.js [2011/05/04 14:47:59 | 000,788,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/09 11:53:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/11/09 10:19:53 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/09/02 09:35:40 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll [color=#e56717]========== LOP Check ==========[/color] [2012/05/18 13:54:57 | 000,000,000 | ---D | M] -- C:\Users\dorotat\AppData\Roaming\Autodesk [2012/05/18 13:53:19 | 000,000,000 | ---D | M] -- C:\Users\dorotat\AppData\Roaming\AVG2012 [2012/05/18 13:53:21 | 000,000,000 | ---D | M] -- C:\Users\dorotat\AppData\Roaming\Broadcom [2012/05/18 16:42:10 | 000,000,000 | ---D | M] -- C:\Users\dorotat\AppData\Roaming\Notepad++ [2012/05/18 14:28:48 | 000,000,000 | ---D | M] -- C:\Users\dorotat\AppData\Roaming\Waterslade [2012/05/18 13:53:21 | 000,000,000 | ---D | M] -- C:\Users\dorotat\AppData\Roaming\Wave Systems Corp [2012/05/21 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ad-Aware Antivirus [2012/05/18 13:05:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2012 [2010/10/19 12:53:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Broadcom [2012/05/18 16:40:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++ [2010/10/19 12:53:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wave Systems Corp [2012/03/05 10:11:58 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#e56717]========== Purity Check ==========[/color] [color=#e56717]========== Custom Scans ==========[/color] [color=#a23bec]< %systemdrive%\*.* >[/color] [2010/09/02 12:20:52 | 000,003,044 | RH-- | M] () -- C:\dell.sdr [2012/05/21 15:21:03 | 1071,816,702 | -HS- | M] () -- C:\hiberfil.sys [2010/11/26 10:56:51 | 000,001,179 | ---- | M] () -- C:\installer_utilities_log.txt [2006/12/02 05:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2012/05/21 15:21:03 | 4292,403,198 | -HS- | M] () -- C:\pagefile.sys [2012/03/16 18:13:45 | 000,001,492 | ---- | M] () -- C:\user.js [color=#a23bec]< MD5 for: AGP440.SYS >[/color] [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys [color=#a23bec]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [color=#a23bec]< MD5 for: BEEP.SYS >[/color] [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#a23bec]< MD5 for: CDROM.SYS >[/color] [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys [2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys [2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys [color=#a23bec]< MD5 for: NDIS.SYS >[/color] [2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys [2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys [2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#a23bec]< MD5 for: WINLOGON.EXE >[/color] [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\Chameleon\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010/09/02 12:20:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/09/02 12:20:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#e56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >[/log] RSIT [log] Logfile of random&#39;s system information tool 1.09 (written by random/random) Run by dorotat at 2012-05-21 15:48:17 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 359 GB (76%) free of 474 GB Total RAM: 12286 MB (81% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:48:23, on 21/05/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\dorotat\Documents\downloads\RSIT.exe C:\Program Files (x86)\trend micro\dorotat.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www1.euro.dell.com/content/default.aspx?c=uk&amp;l=en&amp;s=gen"]http://www1.euro.del...c=uk&amp;l=en&amp;s=gen[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\crrss.exe, O1 - Hosts: ::1 localhost O1 - Hosts: 176.9.75.3 [url="http://www.google-analytics.com"]www.google-analytics.com[/url]. O1 - Hosts: 176.9.75.3 ad-emea.doubleclick.net. O1 - Hosts: 176.9.75.3 [url="http://www.statcounter.com"]www.statcounter.com[/url]. O1 - Hosts: 108.163.215.51 [url="http://www.google-analytics.com"]www.google-analytics.com[/url]. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 [url="http://www.statcounter.com"]www.statcounter.com[/url]. O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes&#39; Anti-Malware] "C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamgui.exe" /starttray O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User &#39;LOCAL SERVICE&#39;) O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User &#39;LOCAL SERVICE&#39;) O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User &#39;NETWORK SERVICE&#39;) O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User &#39;NETWORK SERVICE&#39;) O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe O8 - Extra context menu item: Add to Google Photos Screensa&amp;ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} (Promap Control) - [url="https://www.promapserver.co.uk/controls/latest/promap.cab"]https://www.promapse...test/promap.cab[/url] O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.ad...Plus/1.6/gp.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.waterslade.com O17 - HKLM\System\CCS\Services\Tcpip\..\{75129511-49D6-466C-95F7-AAE568A0BE56}: NameServer = 10.12.63.100,8.8.8.8,8.8.8.8,8.8.8.8,10.12.63.100 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.waterslade.com O17 - HKLM\System\CS1\Services\Tcpip\..\{75129511-49D6-466C-95F7-AAE568A0BE56}: NameServer = 10.12.63.100,8.8.8.8,8.8.8.8,8.8.8.8,10.12.63.100 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.waterslade.com O17 - HKLM\System\CS2\Services\Tcpip\..\{75129511-49D6-466C-95F7-AAE568A0BE56}: NameServer = 10.12.63.100,8.8.8.8,8.8.8.8,8.8.8.8,10.12.63.100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing) O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12828 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}] AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-04-20 936528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2012-04-13 1390672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-03 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064] "IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-03-04 284696] "PDVDDXSrv"=C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-06-25 140520] "SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-04-23 1314816] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992] "AVG_TRAY"=C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2012-04-05 2587008] "Malwarebytes&#39; Anti-Malware"=C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamgui.exe [2012-04-04 462408] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Dell ControlPoint System Manager.lnk - C:\Program Files (x86)\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE TdmNotify.lnk - C:\Program Files (x86)\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 wvauth [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=0 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* .scr - open - C:\Windows\system32\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 3 months====== 2012-05-21 15:41:50 ----D---- C:\rsit 2012-05-21 15:41:50 ----D---- C:\Program Files (x86)\trend micro 2012-05-21 15:19:44 ----D---- C:\ProgramData\GFI Software 2012-05-21 13:25:21 ----D---- C:\Users\dorotat\AppData\Roaming\Malwarebytes 2012-05-21 13:25:14 ----D---- C:\ProgramData\Malwarebytes 2012-05-21 13:25:13 ----D---- C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware 2012-05-18 16:34:40 ----D---- C:\Users\dorotat\AppData\Roaming\Notepad++ 2012-05-18 14:28:48 ----D---- C:\Users\dorotat\AppData\Roaming\Waterslade 2012-05-18 13:54:07 ----D---- C:\Users\dorotat\AppData\Roaming\Autodesk 2012-05-18 13:53:26 ----D---- C:\Users\dorotat\AppData\Roaming\Adobe 2012-05-18 13:53:24 ----D---- C:\Users\dorotat\AppData\Roaming\Intel Corporation 2012-05-18 13:53:21 ----D---- C:\Users\dorotat\AppData\Roaming\Wave Systems Corp 2012-05-18 13:53:21 ----D---- C:\Users\dorotat\AppData\Roaming\Broadcom 2012-05-18 13:53:19 ----D---- C:\Users\dorotat\AppData\Roaming\AVG2012 2012-05-18 13:52:35 ----D---- C:\Users\dorotat\AppData\Roaming\Identities 2012-05-18 13:52:23 ----SD---- C:\Users\dorotat\AppData\Roaming\Microsoft 2012-05-18 13:52:23 ----D---- C:\Users\dorotat\AppData\Roaming\Media Center Programs 2012-05-18 13:52:23 ----D---- C:\Users\dorotat\AppData\Roaming\Macromedia 2012-05-15 09:18:08 ----A---- C:\Windows\SysWOW64\DWrite.dll 2012-05-15 09:18:02 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-15 09:18:02 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2012-04-20 14:48:15 ----D---- C:\Windows\Sun 2012-04-18 16:44:20 ----D---- C:\sh4ldr 2012-04-18 16:43:18 ----D---- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-04-18 16:39:25 ----HD---- C:\ProgramData\Common Files 2012-04-18 16:39:19 ----D---- C:\Windows\SysWOW64\drivers\AVG 2012-04-18 16:39:00 ----HD---- C:\$AVG 2012-04-18 16:39:00 ----D---- C:\ProgramData\AVG2012 2012-04-18 16:38:18 ----D---- C:\Program Files (x86)\AVG 2012-04-18 16:34:58 ----D---- C:\ProgramData\MFAData 2012-04-18 14:10:33 ----D---- C:\ProgramData\Gadu-Gadu 10 2012-04-17 09:09:12 ----A---- C:\Windows\SysWOW64\wintrust.dll 2012-04-17 09:09:12 ----A---- C:\Windows\SysWOW64\imagehlp.dll 2012-04-17 09:09:11 ----A---- C:\Windows\SysWOW64\wmi.dll 2012-04-16 16:50:58 ----D---- C:\Windows\pss 2012-04-16 15:49:46 ----D---- C:\Program Files (x86)\Notepad++ 2012-04-16 11:45:59 ----A---- C:\Windows\ntbtlog.txt 2012-04-16 10:51:13 ----D---- C:\Program Files (x86)\PC Tools 2012-04-16 10:49:36 ----D---- C:\Program Files (x86)\Common Files\PC Tools 2012-04-16 10:49:13 ----AD---- C:\ProgramData\TEMP 2012-04-16 10:49:12 ----D---- C:\ProgramData\PC Tools 2012-04-16 09:14:29 ----A---- C:\Windows\SysWOW64\mshtml.dll 2012-04-16 09:14:28 ----A---- C:\Windows\SysWOW64\ieframe.dll 2012-04-16 09:14:26 ----A---- C:\Windows\SysWOW64\wininet.dll 2012-04-16 09:14:26 ----A---- C:\Windows\SysWOW64\urlmon.dll 2012-04-16 09:14:26 ----A---- C:\Windows\SysWOW64\iertutil.dll 2012-04-16 09:14:25 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2012-04-16 09:14:25 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2012-04-16 09:14:25 ----A---- C:\Windows\SysWOW64\ieui.dll 2012-04-16 09:14:23 ----A---- C:\Windows\SysWOW64\url.dll 2012-04-16 09:14:23 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2012-04-10 09:05:48 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-03-22 20:12:12 ----A---- C:\Windows\SysWOW64\GPhotos.scr 2012-03-16 18:13:44 ----A---- C:\user.js 2012-03-13 22:00:49 ----A---- C:\Windows\SysWOW64\rdpcore.dll ======List of files/folders modified in the last 3 months====== 2012-05-21 15:41:50 ----RD---- C:\Program Files (x86) 2012-05-21 15:27:16 ----D---- C:\Windows\System32 2012-05-21 15:27:16 ----D---- C:\Windows\inf 2012-05-21 15:24:11 ----D---- C:\Windows 2012-05-21 15:24:11 ----D---- C:\Program Files (x86)\Nitro PDF 2012-05-21 15:23:45 ----SHD---- C:\Windows\Installer 2012-05-21 15:23:45 ----D---- C:\ProgramData\Google 2012-05-21 15:23:45 ----D---- C:\Program Files (x86)\Google 2012-05-21 15:23:24 ----D---- C:\Windows\Temp 2012-05-21 15:21:10 ----D---- C:\ProgramData\NVIDIA 2012-05-21 15:19:46 ----HD---- C:\ProgramData 2012-05-21 15:19:44 ----D---- C:\Windows\SysWOW64\drivers 2012-05-21 15:19:44 ----D---- C:\Windows\SysWOW64 2012-05-21 15:15:52 ----RD---- C:\Program Files 2012-05-21 14:23:39 ----SHD---- C:\System Volume Information 2012-05-21 09:28:09 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2012-05-18 17:26:38 ----D---- C:\Windows\Prefetch 2012-05-18 14:19:08 ----A---- C:\Windows\ODBC.INI 2012-05-18 13:52:33 ----SHD---- C:\$Recycle.Bin 2012-05-18 13:52:23 ----RD---- C:\Users 2012-05-18 13:20:20 ----D---- C:\ProgramData\Microsoft 2012-05-16 13:53:51 ----RSD---- C:\Windows\assembly 2012-05-16 13:53:51 ----D---- C:\Windows\Microsoft.NET 2012-05-16 09:23:55 ----D---- C:\Windows\winsxs 2012-05-14 14:22:49 ----D---- C:\Windows\Logs 2012-05-01 03:00:46 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI 2012-04-18 16:43:17 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-04-17 12:34:46 ----D---- C:\Program Files (x86)\Common Files 2012-04-17 09:18:17 ----D---- C:\Windows\SysWOW64\migration 2012-04-17 09:18:17 ----D---- C:\Program Files (x86)\Internet Explorer 2012-04-17 09:17:15 ----D---- C:\ProgramData\FLEXnet 2012-04-17 09:15:04 ----D---- C:\ProgramData\Microsoft Help 2012-04-10 09:05:51 ----D---- C:\Windows\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [] R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [] R0 PBADRV;PBADRV; C:\Windows\system32\DRIVERS\PBADRV.sys [] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [] R2 aksfridge;Sentinel HASP Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [] R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [] R3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [] R3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [] R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [] R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfiltera.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [] S3 akshhl;SafeNet Inc. Sentinel HASP Key; C:\Windows\system32\DRIVERS\akshhl.sys [] S3 Blfp;Broadcom Advanced Server Program Driver; C:\Windows\system32\DRIVERS\basp.sys [] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 dcpsysmgrsvc;Dell ControlPoint System Manager; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 515872] R2 hasplms;Sentinel HASP License Manager; C:\Windows\system32\hasplms.exe -run [] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-26 236136] R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2009-11-24 2341224] R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-03-28 654848] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-04 1431888] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-01 182768] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2009-11-18 1558016] S3 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-01-16 74392] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit; C:\Program Files\Autodesk2\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 tcsd_win32.exe;NTRU TSS v1.2.1.29 TCS; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-11-12 1273856] -----------------EOF-----------------[/log]
Gość komentarz 22 maja 2012 komentarz 22 maja 2012 uruchom OTL i w oknie [b]Własne opcje skanowania/skrypt [/b]wklej: [code]:Files C:\sh4ldr :OTL O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-953094559-3865728012-856239985-1189\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\crrss.exe) - File not found @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 :Commands [resethosts] [emptytemp][/code] Kliknij w [b][color=#0000ff]Wykonaj skrypt[/color][/b] Po usuwaniu OTL wygeneruje raport. Zapisz go i przedstaw. Wykonaj nowy skan OTL i daj raport.
malina80 komentarz 22 maja 2012 Autor komentarz 22 maja 2012 (edytowane) OK a wiec poszlo tak: log pojawil sie zaraz po restarcie oto on : [log]All processes killed ========== FILES ========== C:\sh4ldr folder moved successfully. ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-953094559-3865728012-856239985-1189\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\crrss.exe deleted successfully. ADS C:\ProgramData\TEMP:430C6D84 deleted successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 57482 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: dorotat ->Temp folder emptied: 65229393 bytes ->Temporary Internet Files folder emptied: 49087441 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 57076 bytes User: Public User: User ->Temp folder emptied: 2739700 bytes ->Temporary Internet Files folder emptied: 6667539 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 470 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1713691 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 375988708 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 478.00 mb OTL by OldTimer - Version 3.2.43.1 log created on 05222012_091015 Files\Folders moved on Reboot... File\Folder C:\Users\dorotat\AppData\Local\Temp\AHI600D.tmp not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\D663.tmp not found! C:\Users\dorotat\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\dorotat\AppData\Local\Temp\IMGC9B4.tmp not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\ogs3 not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\RED36F08.ac$ not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\UNDB595A.ac$ not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\~DF04BCE087A38EE74E.TMP not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\~DF164F14AA0689DFA7.TMP not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\~DF2FCC376A309034A5.TMP not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\~DF32AFADD7EFC94494.TMP not found! File\Folder C:\Users\dorotat\AppData\Local\Temp\~DF5ADACB68EC1BCDDE.TMP not found! C:\Users\dorotat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFUZX3GR\index[1].php moved successfully. C:\Users\dorotat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFUZX3GR\st[1].txt moved successfully. C:\Users\dorotat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PV4A0E8\fastbutton[1].txt moved successfully. C:\Users\dorotat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PV4A0E8\index[3].php moved successfully. C:\Users\dorotat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JYWBY2F\bv[1].htm moved successfully. C:\Users\dorotat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15KWRBD0\bv[1].htm moved successfully. C:\Users\dorotat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15KWRBD0\st[1].txt moved successfully. C:\Users\dorotat\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot. Registry entries deleted on Reboot...[/log] a oto log z OTL [log] OTL logfile created on: 5/22/2012 9:17:20 AM - Run 3 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\dorotat\Documents\downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 12.00 Gb Total Physical Memory | 10.15 Gb Available Physical Memory | 84.59% Memory free 23.99 Gb Paging File | 22.07 Gb Available in Paging File | 91.99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 462.83 Gb Total Space | 346.96 Gb Free Space | 74.97% Space Free | Partition Type: NTFS Computer Name: XEON-DOROTA | User Name: dorotat | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#e56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2012/05/21 14:38:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\dorotat\Documents\downloads\OTL.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011/03/28 09:18:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2010/09/26 18:51:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/03/04 02:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 02:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2009/06/25 02:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [color=#e56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/16 09:40:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll MOD - [2012/05/16 09:30:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3aa966e818d35f094e23bbbdcf1b4297\System.Web.ni.dll MOD - [2012/05/16 09:30:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/16 09:29:38 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll MOD - [2012/05/16 09:29:31 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll MOD - [2012/05/16 09:29:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/16 09:29:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/16 09:29:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/16 09:29:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/16 09:28:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll [color=#e56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/05/04 14:51:27 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk2\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64) SRV:[b]64bit:[/b] - [2009/12/16 17:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:[b]64bit:[/b] - [2009/12/10 19:09:16 | 000,515,872 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV:[b]64bit:[/b] - [2009/11/24 22:02:28 | 002,341,224 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV:[b]64bit:[/b] - [2009/11/18 23:05:12 | 001,558,016 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV:[b]64bit:[/b] - [2009/10/27 14:49:32 | 006,807,656 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/04/10 09:05:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/03/28 09:18:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/09/26 18:51:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/04 02:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/12 19:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) [color=#e56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:[b]64bit:[/b] - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:[b]64bit:[/b] - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:[b]64bit:[/b] - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/09/27 16:42:10 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:[b]64bit:[/b] - [2010/09/27 16:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:[b]64bit:[/b] - [2010/03/04 01:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/02/10 18:37:06 | 000,103,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp) DRV:[b]64bit:[/b] - [2010/02/09 14:06:54 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/04/23 20:41:06 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:[b]64bit:[/b] - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:[b]64bit:[/b] - [2009/03/13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:[b]64bit:[/b] - [2009/03/13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:[b]64bit:[/b] - [2008/06/04 19:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV) DRV:[b]64bit:[/b] - [2007/07/23 15:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#e56717]========== Standard Registry (SafeList) ==========[/color] [color=#e56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.co...g}&sourceid=ie7[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.co...g}&sourceid=ie7[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen"]http://www1.euro.del...c=uk&l=en&s=gen[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url] IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_enGB443"]http://www.google.co...1I7GGIE_enGB443[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#e56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/16 09:49:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 09:16:36 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/05/22 09:10:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:[b]64bit:[/b] - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} [url="https://www.promapserver.co.uk/controls/latest/promap.cab"]https://www.promapse...test/promap.cab[/url] (Promap Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.ad...Plus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.waterslade.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75129511-49D6-466C-95F7-AAE568A0BE56}: NameServer = 10.12.63.100,8.8.8.8,8.8.8.8,8.8.8.8,10.12.63.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA62DD81-1AEC-45B4-A9A8-23BBE1B4475F}: DhcpNameServer = 10.12.63.100 O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:[b]64bit:[/b] - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/11/09 10:33:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#e56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/05/22 09:10:15 | 000,000,000 | ---D | C] -- C:\_OTL [2012/05/21 15:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2012/05/21 15:41:50 | 000,000,000 | ---D | C] -- C:\rsit [2012/05/21 15:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012/05/21 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Malwarebytes [2012/05/21 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/21 13:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/21 13:25:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/05/21 13:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/05/18 16:35:04 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012/05/18 16:34:40 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Notepad++ [2012/05/18 14:28:48 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Waterslade [2012/05/18 13:58:51 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\toolbar1 [2012/05/18 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\Picasa [2012/05/18 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\old desktop [2012/05/18 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\lisps [2012/05/18 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\dt [2012/05/18 13:58:32 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\downloads [2012/05/18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Desktop\desktop [2012/05/18 13:57:56 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\company software [2012/05/18 13:57:18 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Google [2012/05/18 13:56:54 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\Autodesk [2012/05/18 13:54:07 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Autodesk [2012/05/18 13:54:07 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Autodesk [2012/05/18 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Adobe [2012/05/18 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Adobe [2012/05/18 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Intel Corporation [2012/05/18 13:53:21 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Wave Systems Corp [2012/05/18 13:53:21 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Broadcom [2012/05/18 13:53:19 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\AVG2012 [2012/05/18 13:52:46 | 000,000,000 | R--D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/05/18 13:52:46 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Searches [2012/05/18 13:52:46 | 000,000,000 | R--D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/05/18 13:52:46 | 000,000,000 | -H-D | C] -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/05/18 13:52:35 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Identities [2012/05/18 13:52:34 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Contacts [2012/05/18 13:52:23 | 000,000,000 | --SD | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Videos [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Saved Games [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Pictures [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Music [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Links [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Favorites [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Downloads [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Documents [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\Desktop [2012/05/18 13:52:23 | 000,000,000 | R--D | C] -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\AppData\Local\Temporary Internet Files [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Templates [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Start Menu [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\SendTo [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Recent [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\PrintHood [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\NetHood [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Documents\My Videos [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Documents\My Pictures [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Documents\My Music [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\My Documents [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Local Settings [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\AppData\Local\History [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Cookies [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\Application Data [2012/05/18 13:52:23 | 000,000,000 | -HSD | C] -- C:\Users\dorotat\AppData\Local\Application Data [2012/05/18 13:52:23 | 000,000,000 | -H-D | C] -- C:\Users\dorotat\AppData [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\Documents\Visual Studio 2008 [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Temp [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Microsoft Help [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Local\Microsoft [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Media Center Programs [2012/05/18 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\dorotat\AppData\Roaming\Macromedia [2012/05/16 09:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/05/15 09:18:08 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/05/15 09:18:06 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/05/15 09:18:02 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/05/15 09:18:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [color=#e56717]========== Files - Modified Within 30 Days ==========[/color] [2012/05/22 09:14:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/22 09:14:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/22 09:14:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/22 09:14:36 | 1071,816,702 | -HS- | M] () -- C:\hiberfil.sys [2012/05/22 09:10:16 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/05/22 09:02:16 | 098,799,698 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/05/22 08:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/21 15:28:25 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/21 15:28:25 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/21 15:27:16 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/21 15:27:16 | 000,664,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/21 15:27:16 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/21 13:25:15 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/21 12:20:30 | 000,001,482 | ---- | M] () -- C:\Users\dorotat\Desktop\Internet Explorer.lnk [2012/05/21 10:28:09 | 000,001,064 | ---- | M] () -- C:\Users\dorotat\Desktop\Run [email="Ultr@VNC"]Ultr@VNC[/email] VIEWER.lnk [2012/05/21 09:34:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/05/18 14:19:08 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI [2012/05/18 14:01:54 | 000,034,814 | ---- | M] () -- C:\Users\dorotat\AppData\Local\dt.dat [2012/05/18 14:00:30 | 000,001,911 | ---- | M] () -- C:\Users\dorotat\Desktop\proj (Officeserver) - Shortcut.lnk [2012/05/18 14:00:22 | 000,001,929 | ---- | M] () -- C:\Users\dorotat\Desktop\Archive (OFFICESERVER) - Shortcut.lnk [2012/05/18 14:00:12 | 000,002,049 | ---- | M] () -- C:\Users\dorotat\Desktop\163 - backup dated 17-04-12.lnk [2012/05/18 13:57:07 | 000,001,476 | ---- | M] () -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/18 13:56:31 | 000,001,090 | ---- | M] () -- C:\Users\dorotat\Desktop\Documents.lnk [2012/05/18 13:54:10 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk [2012/05/18 13:42:43 | 000,002,412 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/05/16 09:49:26 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/05/16 09:23:53 | 000,358,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/10 18:16:35 | 000,193,495 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/05/01 03:00:46 | 000,788,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [color=#e56717]========== Files Created - No Company Name ==========[/color] [2012/05/21 13:25:15 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/21 12:20:30 | 000,001,482 | ---- | C] () -- C:\Users\dorotat\Desktop\Internet Explorer.lnk [2012/05/21 10:28:09 | 000,001,064 | ---- | C] () -- C:\Users\dorotat\Desktop\Run [email="Ultr@VNC"]Ultr@VNC[/email] VIEWER.lnk [2012/05/18 14:01:54 | 000,034,814 | ---- | C] () -- C:\Users\dorotat\AppData\Local\dt.dat [2012/05/18 14:00:30 | 000,001,911 | ---- | C] () -- C:\Users\dorotat\Desktop\proj (Officeserver) - Shortcut.lnk [2012/05/18 14:00:22 | 000,001,929 | ---- | C] () -- C:\Users\dorotat\Desktop\Archive (OFFICESERVER) - Shortcut.lnk [2012/05/18 14:00:12 | 000,002,049 | ---- | C] () -- C:\Users\dorotat\Desktop\163 - backup dated 17-04-12.lnk [2012/05/18 13:58:51 | 000,951,871 | ---- | C] () -- C:\Users\dorotat\Documents\no claim discount.pdf [2012/05/18 13:58:51 | 000,173,835 | ---- | C] () -- C:\Users\dorotat\Documents\chodziez.JPG [2012/05/18 13:58:51 | 000,023,278 | ---- | C] () -- C:\Users\dorotat\Documents\sudoku.jpg [2012/05/18 13:58:20 | 000,133,420 | ---- | C] () -- C:\Users\dorotat\Desktop\ARROWS_GALLERY.dwg [2012/05/18 13:58:20 | 000,081,024 | ---- | C] () -- C:\Users\dorotat\Desktop\blank.dwg [2012/05/18 13:58:20 | 000,045,056 | ---- | C] () -- C:\Users\dorotat\Desktop\CONTKEY1.dwg [2012/05/18 13:57:07 | 000,001,476 | ---- | C] () -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/18 13:56:31 | 000,001,090 | ---- | C] () -- C:\Users\dorotat\Desktop\Documents.lnk [2012/05/18 13:53:00 | 000,001,448 | ---- | C] () -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/05/18 13:52:55 | 000,001,482 | ---- | C] () -- C:\Users\dorotat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/05/18 13:52:23 | 000,000,290 | ---- | C] () -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/05/18 13:52:23 | 000,000,272 | ---- | C] () -- C:\Users\dorotat\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011/05/04 14:47:59 | 000,788,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/09 11:53:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/11/09 10:19:53 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/09/02 09:35:40 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll < End of report >[/log] po Run Fixie komputer sie uruchamial ciut wolniej niz normalnie -(20 sek) moze to ladujacy sie OTL. Za niedlugo zrobie drugi restart zeby zobaczyc co jest grane. Sprawdzilam IE i na razie po otworzeniu 20 tabow nie ma ani jednego popupa Bardzo prosze o potwierdzenie ze moje logi wygladaja "normalnie" Ogromne dzieki za pomoc
Gość komentarz 22 maja 2012 komentarz 22 maja 2012 (edytowane) [quote]Bardzo prosze o potwierdzenie ze moje logi wygladaja &quot;normalnie&quot;[/quote] Potwierdzam. Logi wygladają normalnie. [quote]po Run Fixie komputer sie uruchamial ciut wolniej niz normalnie -(20 sek) moze to ladujacy sie OTL. [/quote] Masz w Autostarcie AVG i Malwarebyt&#39;s. Jeśli zainstalowałaś Malwarebts pełną wersje to trochę się dubluje z opcjami w AVG. Ja polecam jako skaner dodatkowy MBAM free. Jest w zupełności wystarczający. [code]O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes&#39; Anti-Malware] C:\Program Files (x86)\Malwarebytes&#39; Anti-Malware\mbamgui.exe (Malwarebytes Corporation)[/code] Proponuje pobrać Autruns i w zakładce [b]Logon[/b] odznaczyć Intela. [url="http://technet.microsoft.com/en-us/sysinternals/bb963902%3C/p%3E"]http://technet.micro...ls/bb963902</p>[/url] 1. uruchom OTL i kliknij [b]Sprzątanie[/b]. To usunie program i kwarantannę. 2. Wyczyśc foldery Przywracania systemu. Instrukcja [url="http://www.fixitpc.pl/topic/5-dezynfekcja-kroki-finalizujace-temat/page__p__42415#entry42415%3C/p%3E"]http://www.fixitpc.p...#entry42415</p>[/url] 3. Zaktualizuj Internet Explorer</p> [code]Internet Explorer (Version = 8.0.7601.17514)[/code] [url="http://windows.microsoft.com/pl-PL/internet-explorer/products/ie/home"]http://windows.micro...roducts/ie/home[/url]
malina80 komentarz 22 maja 2012 Autor komentarz 22 maja 2012 wszystkie kroki po kolei wykonane, tylko antywirusy zrobie pozniej... System dziala jak nowy a nawet o wiele szybciej bardzo dziekuje MAGIC!!!
Gość komentarz 22 maja 2012 komentarz 22 maja 2012 [quote]MAGIC!!! [/quote] nom Odinstaluj jeszcze RSIT.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.