x-kom hosting

Facebook nie działa na żadnej przeglądarce, inne strony działają.

Davids
utworzono
utworzono

Witam, otóż mam problem, bo od 2 dni nie działa mi Facebook, każda inna strona działa wręcz perfekcyjnie, jednak FB w ogołe się nie otwiera. Próbowałem usuwać ciasteczka, skanowałem komputer ESET'em i Malwarebytes, i fb dalej nie działa, patrzyłem do pliku Hosts w C/Windows/System32/Drivers/Etc i tam też nic nie ma... Nie wiem co robić... 

Witek_21
komentarz
komentarz

Może coś blokuje... Wyłącz firewalla i antyvira i zobacz czy strona się załaduje. Jeśli to nie pomoże, to wrzuć logi z OTL, według wzoru z podwieszonego tematu.

Davids
komentarz
komentarz

Powiem tak że skanowałem jeszcze raz komputer programem Malwarebytes, skanowało ponad 3 godziny i po 3 godzinach wyszedł jeden plik o nazwie Troyan.Agent. Jednak jak go usunąłem, to on powrócił, a strona Facebooka dalej jak nie działała tak nie działa, co zrobić, żeby usunąć ten wirus ? i co zrobić, żeby ten FB mi działał, próbowałem wyłączać firewalla i antywirusa i dalej strona nie działa, jedynie przez servery proxy fb wchodzi, ale tylko do czasu logowania, bo potem FB blokuje dalsze wejście.

Natsuki Kuga
komentarz
komentarz

Podaj dokładną nazwę i lokalizację wykrytej infekcji, zapoznaj się z przyklejonymi działu i pokaż zestaw odpowiednich logów.

Davids
komentarz
komentarz

tutaj tekst loga [log]

OTL logfile created on: 13/01/2013 20:45:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 59.43% Memory free
6.49 Gb Paging File | 4.88 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 115.65 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 87.76 Gb Free Space | 59.91% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 76.77 Gb Free Space | 52.41% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 89.32 Gb Free Space | 91.47% Space Free | Partition Type: NTFS
Drive G: | 112.70 Gb Total Space | 96.84 Gb Free Space | 85.92% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe
PRC - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
PRC - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
PRC - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2008/11/14 14:35:28 | 001,453,992 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSC.exe
PRC - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
MOD - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
MOD - [2012/12/26 17:29:49 | 016,185,832 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.dll
MOD - [2012/12/14 16:49:28 | 002,171,240 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MOD - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MOD - [2012/12/14 16:49:28 | 000,508,264 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MOD - [2012/12/12 19:14:55 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MOD - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MOD - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
MOD - [2011/09/08 18:34:10 | 000,732,672 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll
MOD - [2011/09/08 18:08:24 | 004,064,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdva.dll
MOD - [2011/09/08 18:05:44 | 004,289,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdag.dll
MOD - [2011/09/08 17:51:44 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiu9pag.dll
MOD - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe
MOD - [2011/08/02 08:33:20 | 004,159,808 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\Engine.dll
MOD - [2011/08/02 08:33:06 | 003,578,176 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTCommonRes.dll
MOD - [2011/07/12 15:20:44 | 000,316,736 | ---- | M] (DT Soft Ltd.) -- F:\Programy\DAEMON Tools Lite\imgengine.dll
MOD - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
MOD - [2009/11/30 08:21:33 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ed3da6921170384d1995a17680a0f290\mscorlib.ni.dll
MOD - [2009/11/29 20:08:33 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\e375d8f69eb222534a004d83773f3346\System.Messaging.ni.dll
MOD - [2009/11/29 19:08:27 | 001,914,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\b2450e07682acbbb19148a594bc44cc1\System.Workflow.Runtime.ni.dll
MOD - [2009/11/29 19:08:26 | 004,514,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5e95cb2b98a303d404dfaaf11d524f57\System.Workflow.ComponentModel.ni.dll
MOD - [2009/11/29 19:08:22 | 002,995,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\58a99e17be0d550ce7af458b6d63fe6e\System.Workflow.Activities.ni.dll
MOD - [2009/11/29 19:08:15 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c72de283250173a384b38432b42fd77\PresentationFramework.Classic.ni.dll
MOD - [2009/11/29 19:08:09 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a93f978561ac14b93b72f3f3d68caf41\PresentationFramework.ni.dll
MOD - [2009/11/29 19:07:56 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2fd63ca914cb61bd282da04a4872d5be\PresentationCore.ni.dll
MOD - [2009/11/29 19:07:43 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7ff93f074ac9aca0fbb7ac0c5a46ed2\WindowsBase.ni.dll
MOD - [2009/11/29 19:07:07 | 010,578,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\1364f3d4f45f439ab9e3a7b5a5f90aeb\System.Design.ni.dll
MOD - [2009/11/29 19:06:58 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b21985ab80345667293196dadaa3b7c9\System.EnterpriseServices.ni.dll
MOD - [2009/11/29 19:06:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\e72985719bc2cb674d42d61f67135760\System.Transactions.ni.dll
MOD - [2009/11/29 19:06:45 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c266417c7473eb4dc8989bab7e525df3\System.Drawing.ni.dll
MOD - [2009/11/29 19:06:29 | 000,676,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\403d8b5e40c442720079ac468fcfebf7\System.Security.ni.dll
MOD - [2009/11/29 19:06:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0ab77212f0501a793c454a1ae58f24fd\System.Xml.ni.dll
MOD - [2009/11/29 19:06:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\604f8dbf0bc680cd035d4c17ec2ddaea\System.Configuration.ni.dll
MOD - [2009/11/29 19:06:19 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\8c28500b713e22a32c5a9bfaa626c6aa\System.ni.dll
MOD - [2009/11/25 07:27:51 | 001,152,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2009/11/25 07:27:09 | 005,817,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MOD - [2009/11/25 07:26:17 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2009/11/25 07:26:17 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2009/11/25 07:22:56 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2009/11/25 07:22:53 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2009/11/25 07:22:07 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll
MOD - [2009/11/25 07:21:59 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2009/11/25 07:21:51 | 001,124,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/11/25 07:21:51 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/11/25 07:20:53 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2009/11/25 07:17:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2009/11/25 07:15:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
MOD - [2009/11/25 07:15:36 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2009/11/25 07:15:36 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16400_none_ebf9dccf6c73e561\comctl32.dll
MOD - [2009/11/25 07:15:36 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
MOD - [2009/11/10 11:09:24 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/11/10 10:19:56 | 001,228,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\resources\en-US\res_msgr.dll
MOD - [2009/07/14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll
MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2009/07/14 02:16:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll
MOD - [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009/07/14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll
MOD - [2009/07/14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2009/07/14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2009/07/14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/07/14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2009/07/14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/14 02:16:18 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
MOD - [2009/07/14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2009/07/14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2009/07/14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009/07/14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2009/07/14 02:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2009/07/14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009/07/14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2009/07/14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2009/07/14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2009/07/14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2009/07/14 02:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll
MOD - [2009/07/14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2009/07/14 02:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009/07/14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009/07/14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2009/07/14 02:16:12 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll
MOD - [2009/07/14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009/07/14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009/07/14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll
MOD - [2009/07/14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2009/07/14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009/07/14 02:16:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qmgrprxy.dll
MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009/07/14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009/07/14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2009/07/14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll
MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009/07/14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll
MOD - [2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2009/07/14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2009/07/14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009/07/14 02:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2009/07/14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009/07/14 02:15:43 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctfui.dll
MOD - [2009/07/14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll
MOD - [2009/07/14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2009/07/14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/14 02:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2009/07/14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2009/07/14 02:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2009/07/14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll
MOD - [2009/07/14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2009/07/14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009/07/14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll
MOD - [2009/07/14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll
MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009/07/14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009/07/14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009/07/14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009/07/14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll
MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009/07/14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll
MOD - [2009/07/14 02:15:08 | 001,826,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll
MOD - [2009/07/14 02:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2009/07/14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009/07/14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll
MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 02:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009/07/14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2009/07/14 02:15:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll
MOD - [2009/07/14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2009/07/14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2009/07/14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2009/07/14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2009/07/14 02:14:51 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009/07/14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2009/07/14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2009/07/14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009/07/14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2009/07/14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll
MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009/06/10 22:23:23 | 000,278,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscoree.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
MOD - [2009/06/10 22:23:08 | 000,074,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
MOD - [2009/06/10 22:23:05 | 000,363,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MOD - [2009/06/10 22:14:57 | 000,778,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PresentationNative_v0300.dll
MOD - [2009/06/10 22:14:52 | 001,736,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
MOD - [2008/11/14 14:35:34 | 000,036,776 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCWorkflows.dll
MOD - [2008/11/14 14:35:32 | 000,029,608 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCUtil.dll
MOD - [2008/11/14 14:35:32 | 000,019,880 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCUpdates.dll
MOD - [2008/11/14 14:35:30 | 000,021,416 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCSocial.dll
MOD - [2008/11/14 14:35:28 | 001,453,992 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSC.exe
MOD - [2008/11/14 14:35:28 | 000,015,784 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCData.dll
MOD - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
MOD - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011/09/08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009/04/17 09:47:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:[b]64bit:[/b] - [2009/04/12 02:26:35 | 000,578,878 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\Shahed.exe -- (.EsetTrialReset)
SRV:[b]64bit:[/b] - [2009/03/19 11:48:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/12 19:14:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/21 20:40:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/10/20 16:48:16 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011/09/08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/09/08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:[b]64bit:[/b] - [2011/08/17 10:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2011/06/06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2010/04/09 08:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2010/04/07 10:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:[b]64bit:[/b] - [2010/03/25 03:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:[b]64bit:[/b] - [2009/10/21 21:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:[b]64bit:[/b] - [2009/10/21 21:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:[b]64bit:[/b] - [2009/10/07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2009/09/30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009/09/24 07:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:[b]64bit:[/b] - [2009/09/22 16:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009/08/21 13:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:[b]64bit:[/b] - [2009/08/21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:[b]64bit:[/b] - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2009/07/04 18:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:[b]64bit:[/b] - [2009/07/02 07:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:[b]64bit:[/b] - [2009/07/01 17:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:[b]64bit:[/b] - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:[b]64bit:[/b] - [2009/06/25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:[b]64bit:[/b] - [2009/06/25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:[b]64bit:[/b] - [2009/06/13 01:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:[b]64bit:[/b] - [2009/06/13 01:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/12 13:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:[b]64bit:[/b] - [2009/05/05 05:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
DRV:[b]64bit:[/b] - [2009/05/05 05:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
DRV:[b]64bit:[/b] - [2009/04/16 11:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:[b]64bit:[/b] - [2009/03/19 11:46:04 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,164,936 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2009/03/19 11:44:36 | 000,134,024 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2009/03/19 11:41:42 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - [2009/02/11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2008/10/09 14:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:[b]64bit:[/b] - [2008/07/09 15:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:[b]64bit:[/b] - [2008/05/15 22:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:[b]64bit:[/b] - [2008/04/15 15:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64)
DRV:[b]64bit:[/b] - [2008/04/15 15:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64)
DRV:[b]64bit:[/b] - [2008/01/18 05:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:[b]64bit:[/b] - [2008/01/03 19:13:48 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC230NC.SYS -- (SPC230NC)
DRV:[b]64bit:[/b] - [2007/11/13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680)
DRV:[b]64bit:[/b] - [2007/10/03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:[b]64bit:[/b] - [2007/10/03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:[b]64bit:[/b] - [2007/10/03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:[b]64bit:[/b] - [2007/09/26 15:32:52 | 000,009,472 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV:[b]64bit:[/b] - [2007/06/01 10:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:[b]64bit:[/b] - [2007/05/11 18:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2007/04/11 22:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:[b]64bit:[/b] - [2007/04/11 22:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV:[b]64bit:[/b] - [2007/04/11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
DRV:[b]64bit:[/b] - [2007/02/01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r)
DRV:[b]64bit:[/b] - [2007/01/24 17:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:[b]64bit:[/b] - [2006/11/10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114)
DRV:[b]64bit:[/b] - [2006/11/02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124)
DRV:[b]64bit:[/b] - [2006/11/01 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2006/09/20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:[b]64bit:[/b] - [2006/09/18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv)
DRV:[b]64bit:[/b] - [2005/09/23 00:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=4637160c-2373-11e1-b02c-00158315a310&q={searchTerms}
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{EF40BF94-9292-4001-BB9B-719C402D3AF2}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120104,0,0,0,0
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.41108.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\David\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/01/25 21:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 20:40:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/04 20:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/10/06 14:53:05 | 000,000,000 | ---D | M]

[2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}
[2012/06/27 20:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/10 23:57:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/21 20:40:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/04 20:51:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/07/15 12:37:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/15 12:37:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/11 23:00:46 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [ares] "F:\Programy\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 File not found
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Gadu-Gadu 10] F:\Programy\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RGSC] D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [WeatherBugAlert] C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\mtbjfghn.xbe ()
O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Desktop [2013/01/13 20:42:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\NTUSER.DAT ()
O4 - Startup: C:\Users\David\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\David\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\ntuser.ini ()
O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.2.132 62.179.2.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{819D1C69-4F04-42F6-AC7B-4697F4CAEE0E}: DhcpNameServer = 62.179.2.132 62.179.2.133
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell\AutoRun\command - "" = K:\iStudio.exe
O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell - "" = AutoRun
O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- C:\Conduit
[2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- \Conduit
[2012/12/25 19:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [cswos.com]
[2012/12/03 19:13:34 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/03 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/11/29 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012/11/22 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/11/22 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/11/22 07:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 07:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/21 21:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inixsoft

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2013/01/13 20:44:36 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 20:44:36 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 20:41:33 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/13 20:41:33 | 000,630,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/13 20:41:33 | 000,112,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/13 20:39:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/13 20:37:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/13 20:37:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/13 16:32:45 | 000,000,192 | ---- | M] () -- C:\Windows\winamp.ini
[2013/01/13 16:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/13 15:45:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/01/12 11:56:35 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/25 19:16:01 | 000,000,913 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk
[2012/12/25 13:07:27 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/03 19:13:34 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/02 19:23:45 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/11/29 20:51:13 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/22 07:00:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/01/12 11:56:35 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/11 22:10:16 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk
[2012/12/25 19:16:01 | 000,000,913 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk
[2012/12/02 19:23:45 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/11/29 20:51:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/29 20:51:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/23 16:31:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/04/19 18:20:53 | 000,921,632 | ---- | C] () -- \SPC230NC.DAT
[2012/02/18 16:09:47 | 000,000,842 | ---- | C] () -- C:\Windows\SysWow64\SPC230NC.INI
[2012/02/18 16:09:24 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011/11/30 14:56:57 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini
[2011/11/30 14:51:55 | 000,000,968 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/06 16:20:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2005/09/22 20:09:38 | 000,894,976 | ---- | C] () -- \msdia80.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/05/08 16:13:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo
[2011/10/20 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/11/30 07:49:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Diskeeper Corporation
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2012/09/16 10:54:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS
[2011/12/12 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core
[2011/12/12 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
[2009/11/15 00:05:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/07 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gadu-Gadu 10
[2012/03/31 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Local Settings
[2009/11/29 19:53:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\Messenger Plus!
[2012/11/25 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin
[2012/02/20 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/11/29 20:56:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Stardock
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/03/11 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\Telefónica
[2012/11/26 17:10:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/10/27 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Trusteer
[2012/11/29 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ubisoft
[2011/10/09 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uniblue
[2012/01/25 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\W3i
[2012/01/25 21:45:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}
[2012/03/31 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
[2009/12/01 03:04:50 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
[2011/12/31 13:40:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
[2011/10/06 14:52:26 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Application Data
[2011/10/06 19:55:08 | 000,000,000 | R--D | M] -- C:\Users\David\Contacts
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Cookies
[2013/01/13 20:42:56 | 000,000,000 | R--D | M] -- C:\Users\David\Desktop
[2013/01/10 20:21:05 | 000,000,000 | R--D | M] -- C:\Users\David\Documents
[2012/10/02 17:56:34 | 000,000,000 | R--D | M] -- C:\Users\David\Downloads
[2011/11/30 14:58:20 | 000,000,000 | R--D | M] -- C:\Users\David\Favorites
[2012/09/24 11:05:13 | 000,000,000 | --SD | M] -- C:\Users\David\Gry
[2011/10/20 19:07:10 | 000,000,000 | -H-D | M] -- C:\Users\David\InstallAnywhere
[2012/12/23 13:46:26 | 000,000,000 | R--D | M] -- C:\Users\David\Links
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Local Settings
[2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Music
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\My Documents
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\NetHood
[2012/09/24 11:03:35 | 000,000,000 | R--D | M] -- C:\Users\David\Pictures
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\PrintHood
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Recent
[2011/10/07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\David\Saved Games
[2011/11/16 21:07:08 | 000,000,000 | R--D | M] -- C:\Users\David\Searches
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\SendTo
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Start Menu
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Templates
[2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Videos
[2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2013/01/12 11:56:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011/10/20 19:38:06 | 000,000,000 | --SD | M] -- C:\Users\Public\Documents
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/11/29 19:03:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Music
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Pictures
[2011/10/24 15:50:51 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Videos

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< Quote >[/color]
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/09 20:15:13 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 20:15:14 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/04 21:03:47 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[color=#A23BEC]< >[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2005/09/22 20:09:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2013/01/13 20:36:59 | 3487,752,192 | -HS- | M] () -- C:\pagefile.sys
[2011/12/29 12:05:03 | 000,017,498 | ---- | M] () -- C:\shared.log
[2012/12/25 13:07:27 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_e8ae2662e553ad0f\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.20551_none_16adec2ff16ac3e3\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a5210cb0540e395e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2009/11/25 07:16:35 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=91543759D93F9EF026458DA5DA3452CC -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.20493_none_bc1b19d4d69ff9fe\cdrom.sys
[2009/11/25 07:16:35 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/11/25 07:16:35 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_98e633ec9740bcb1\cdrom.sys
[2009/11/25 07:16:35 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16397_none_bb957e31bd7ebf90\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009/11/25 07:15:36 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=467D2C33B82990603E9E90FE96B034C3 -- C:\Windows\SysNative\drivers\ndis.sys
[2009/11/25 07:15:36 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=467D2C33B82990603E9E90FE96B034C3 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16400_none_040d9d423583b2ab\ndis.sys
[2009/11/25 07:15:36 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=613D1170CE8E0EA30EB83F3004C09016 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.20496_none_043bea974ee4e8d1\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/11/25 07:25:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\SysNative\winlogon.exe
[2009/11/25 07:25:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe
[2009/11/25 07:25:51 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F

< End of report >
[/log]

 

A ten wirus jest w HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|41064

 

Co dalej robić ? 

Natsuki Kuga
komentarz
komentarz

1. Do OTL wklej:
[spoiler]
:OTL
IE - HKLM\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2481033
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2481033
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2481033
O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\mtbjfghn.xbe ()
O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Desktop [2013/01/13 20:42:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\NTUSER.DAT ()
O4 - Startup: C:\Users\David\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\David\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\ntuser.ini ()
O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat
@Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F

:Files
C:\Program Files (x86)\Ashampoo_PO
C:\Conduit
[/spoiler]
Wykonaj skrypt, pokaż raport.

2. Użyj AdwCleaner z opcji Delete. Pokaż raport.

3. Do OTL wklej:
[spoiler]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inixsoft\*.*
C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}\*.*
C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\*.*
C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}\*.*
C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\*.*
[/spoiler]
Skanuj, pokaż log (wraz z Extras!).

Pokaż też log z RSIT (instrukcja w przyklejonych).

Davids
komentarz
komentarz

1. [log]

OTL logfile created on: 14/01/2013 18:57:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 61.07% Memory free
6.49 Gb Paging File | 4.96 Gb Available in Paging File | 76.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 115.62 Gb Free Space | 59.23% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 87.76 Gb Free Space | 59.91% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 76.77 Gb Free Space | 52.41% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 89.32 Gb Free Space | 91.47% Space Free | Partition Type: NTFS
Drive G: | 112.70 Gb Total Space | 96.84 Gb Free Space | 85.92% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe
PRC - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
PRC - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
PRC - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
MOD - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
MOD - [2012/12/26 17:29:49 | 016,185,832 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.dll
MOD - [2012/12/14 16:49:28 | 002,171,240 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MOD - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MOD - [2012/12/14 16:49:28 | 000,508,264 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MOD - [2012/12/12 19:14:55 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MOD - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MOD - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
MOD - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe
MOD - [2011/08/02 08:33:20 | 004,159,808 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\Engine.dll
MOD - [2011/08/02 08:33:06 | 003,578,176 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTCommonRes.dll
MOD - [2011/07/12 15:20:44 | 000,316,736 | ---- | M] (DT Soft Ltd.) -- F:\Programy\DAEMON Tools Lite\imgengine.dll
MOD - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
MOD - [2009/11/25 07:27:51 | 001,152,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2009/11/25 07:26:17 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2009/11/25 07:26:17 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2009/11/25 07:22:56 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2009/11/25 07:22:53 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2009/11/25 07:22:07 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll
MOD - [2009/11/25 07:21:59 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2009/11/25 07:21:51 | 001,124,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/11/25 07:21:51 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/11/25 07:20:53 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2009/11/25 07:17:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2009/11/25 07:15:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
MOD - [2009/11/25 07:15:36 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2009/11/25 07:15:36 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16400_none_ebf9dccf6c73e561\comctl32.dll
MOD - [2009/11/25 07:15:36 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
MOD - [2009/11/10 11:09:24 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/11/10 10:19:56 | 001,228,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\resources\en-US\res_msgr.dll
MOD - [2009/07/14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll
MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2009/07/14 02:16:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll
MOD - [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009/07/14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll
MOD - [2009/07/14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2009/07/14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2009/07/14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/07/14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2009/07/14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/14 02:16:18 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
MOD - [2009/07/14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2009/07/14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2009/07/14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009/07/14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2009/07/14 02:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2009/07/14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009/07/14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2009/07/14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2009/07/14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2009/07/14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2009/07/14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2009/07/14 02:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009/07/14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009/07/14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2009/07/14 02:16:12 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll
MOD - [2009/07/14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009/07/14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009/07/14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll
MOD - [2009/07/14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2009/07/14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009/07/14 02:16:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qmgrprxy.dll
MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009/07/14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009/07/14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2009/07/14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll
MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009/07/14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll
MOD - [2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2009/07/14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2009/07/14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009/07/14 02:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2009/07/14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009/07/14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll
MOD - [2009/07/14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2009/07/14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/14 02:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2009/07/14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2009/07/14 02:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2009/07/14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll
MOD - [2009/07/14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2009/07/14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009/07/14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll
MOD - [2009/07/14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll
MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009/07/14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009/07/14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009/07/14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009/07/14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll
MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009/07/14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll
MOD - [2009/07/14 02:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2009/07/14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 02:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009/07/14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2009/07/14 02:15:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll
MOD - [2009/07/14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2009/07/14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2009/07/14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2009/07/14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009/07/14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2009/07/14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2009/07/14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009/07/14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2009/07/14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll
MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
MOD - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
MOD - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011/09/08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009/04/17 09:47:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:[b]64bit:[/b] - [2009/04/12 02:26:35 | 000,578,878 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\Shahed.exe -- (.EsetTrialReset)
SRV:[b]64bit:[/b] - [2009/03/19 11:48:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/12 19:14:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/21 20:40:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/10/20 16:48:16 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011/09/08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/09/08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:[b]64bit:[/b] - [2011/08/17 10:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2011/06/06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2010/04/09 08:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2010/04/07 10:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:[b]64bit:[/b] - [2010/03/25 03:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:[b]64bit:[/b] - [2009/10/21 21:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:[b]64bit:[/b] - [2009/10/21 21:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:[b]64bit:[/b] - [2009/10/07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2009/09/30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009/09/24 07:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:[b]64bit:[/b] - [2009/09/22 16:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009/08/21 13:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:[b]64bit:[/b] - [2009/08/21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:[b]64bit:[/b] - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2009/07/04 18:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:[b]64bit:[/b] - [2009/07/02 07:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:[b]64bit:[/b] - [2009/07/01 17:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:[b]64bit:[/b] - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:[b]64bit:[/b] - [2009/06/25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:[b]64bit:[/b] - [2009/06/25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:[b]64bit:[/b] - [2009/06/13 01:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:[b]64bit:[/b] - [2009/06/13 01:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/12 13:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:[b]64bit:[/b] - [2009/05/05 05:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
DRV:[b]64bit:[/b] - [2009/05/05 05:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
DRV:[b]64bit:[/b] - [2009/04/16 11:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:[b]64bit:[/b] - [2009/03/19 11:46:04 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,164,936 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2009/03/19 11:44:36 | 000,134,024 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2009/03/19 11:41:42 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - [2009/02/11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2008/10/09 14:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:[b]64bit:[/b] - [2008/07/09 15:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:[b]64bit:[/b] - [2008/05/15 22:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:[b]64bit:[/b] - [2008/04/15 15:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64)
DRV:[b]64bit:[/b] - [2008/04/15 15:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64)
DRV:[b]64bit:[/b] - [2008/01/18 05:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:[b]64bit:[/b] - [2008/01/03 19:13:48 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC230NC.SYS -- (SPC230NC)
DRV:[b]64bit:[/b] - [2007/11/13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680)
DRV:[b]64bit:[/b] - [2007/10/03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:[b]64bit:[/b] - [2007/10/03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:[b]64bit:[/b] - [2007/10/03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:[b]64bit:[/b] - [2007/09/26 15:32:52 | 000,009,472 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV:[b]64bit:[/b] - [2007/06/01 10:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:[b]64bit:[/b] - [2007/05/11 18:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2007/04/11 22:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:[b]64bit:[/b] - [2007/04/11 22:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV:[b]64bit:[/b] - [2007/04/11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
DRV:[b]64bit:[/b] - [2007/02/01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r)
DRV:[b]64bit:[/b] - [2007/01/24 17:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:[b]64bit:[/b] - [2006/11/10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114)
DRV:[b]64bit:[/b] - [2006/11/02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124)
DRV:[b]64bit:[/b] - [2006/11/01 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2006/09/20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:[b]64bit:[/b] - [2006/09/18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv)
DRV:[b]64bit:[/b] - [2005/09/23 00:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=4637160c-2373-11e1-b02c-00158315a310&q={searchTerms}
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{EF40BF94-9292-4001-BB9B-719C402D3AF2}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120104,0,0,0,0
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.41108.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\David\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/01/25 21:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 20:40:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/04 20:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/10/06 14:53:05 | 000,000,000 | ---D | M]

[2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}
[2012/06/27 20:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/10 23:57:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/21 20:40:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/04 20:51:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/07/15 12:37:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/15 12:37:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/11 23:00:46 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [ares] "F:\Programy\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 File not found
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Gadu-Gadu 10] F:\Programy\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RGSC] D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [WeatherBugAlert] C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\mtbjfghn.xbe ()
O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Desktop [2013/01/14 18:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\NTUSER.DAT ()
O4 - Startup: C:\Users\David\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\David\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\ntuser.ini ()
O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.2.132 62.179.2.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{819D1C69-4F04-42F6-AC7B-4697F4CAEE0E}: DhcpNameServer = 62.179.2.132 62.179.2.133
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell\AutoRun\command - "" = K:\iStudio.exe
O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell - "" = AutoRun
O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- C:\Conduit
[2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- \Conduit
[2012/12/25 19:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [cswos.com]
[2012/12/03 19:13:34 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/03 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/11/29 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012/11/22 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/11/22 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/11/22 07:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 07:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/21 21:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inixsoft

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2013/01/14 19:05:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/14 18:56:48 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 18:56:48 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 18:53:38 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/14 18:53:38 | 000,630,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/14 18:53:38 | 000,112,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/14 18:49:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/14 18:49:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/13 20:39:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/13 16:32:45 | 000,000,192 | ---- | M] () -- C:\Windows\winamp.ini
[2013/01/13 15:45:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/01/12 11:56:35 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/25 19:16:01 | 000,000,913 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk
[2012/12/25 13:07:27 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/03 19:13:34 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/02 19:23:45 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/11/29 20:51:13 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/22 07:00:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/01/12 11:56:35 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/11 22:10:16 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk
[2012/12/25 19:16:01 | 000,000,913 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk
[2012/12/02 19:23:45 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/11/29 20:51:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/29 20:51:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/23 16:31:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/04/19 18:20:53 | 000,921,632 | ---- | C] () -- \SPC230NC.DAT
[2012/02/18 16:09:47 | 000,000,842 | ---- | C] () -- C:\Windows\SysWow64\SPC230NC.INI
[2012/02/18 16:09:24 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011/11/30 14:56:57 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini
[2011/11/30 14:51:55 | 000,000,968 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/06 16:20:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2005/09/22 20:09:38 | 000,894,976 | ---- | C] () -- \msdia80.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/05/08 16:13:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo
[2011/10/20 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/11/30 07:49:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Diskeeper Corporation
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2012/09/16 10:54:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS
[2011/12/12 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core
[2011/12/12 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
[2009/11/15 00:05:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/07 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gadu-Gadu 10
[2012/03/31 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Local Settings
[2009/11/29 19:53:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\Messenger Plus!
[2012/11/25 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin
[2012/02/20 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/11/29 20:56:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Stardock
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/03/11 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\Telefónica
[2012/11/26 17:10:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/10/27 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Trusteer
[2012/11/29 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ubisoft
[2011/10/09 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uniblue
[2012/01/25 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\W3i
[2012/01/25 21:45:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}
[2012/03/31 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
[2009/12/01 03:04:50 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
[2011/12/31 13:40:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
[2011/10/06 14:52:26 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Application Data
[2011/10/06 19:55:08 | 000,000,000 | R--D | M] -- C:\Users\David\Contacts
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Cookies
[2013/01/14 19:05:59 | 000,000,000 | R--D | M] -- C:\Users\David\Desktop
[2013/01/10 20:21:05 | 000,000,000 | R--D | M] -- C:\Users\David\Documents
[2012/10/02 17:56:34 | 000,000,000 | R--D | M] -- C:\Users\David\Downloads
[2011/11/30 14:58:20 | 000,000,000 | R--D | M] -- C:\Users\David\Favorites
[2012/09/24 11:05:13 | 000,000,000 | --SD | M] -- C:\Users\David\Gry
[2011/10/20 19:07:10 | 000,000,000 | -H-D | M] -- C:\Users\David\InstallAnywhere
[2012/12/23 13:46:26 | 000,000,000 | R--D | M] -- C:\Users\David\Links
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Local Settings
[2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Music
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\My Documents
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\NetHood
[2012/09/24 11:03:35 | 000,000,000 | R--D | M] -- C:\Users\David\Pictures
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\PrintHood
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Recent
[2011/10/07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\David\Saved Games
[2011/11/16 21:07:08 | 000,000,000 | R--D | M] -- C:\Users\David\Searches
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\SendTo
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Start Menu
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Templates
[2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Videos
[2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2013/01/12 11:56:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011/10/20 19:38:06 | 000,000,000 | --SD | M] -- C:\Users\Public\Documents
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/11/29 19:03:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Music
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Pictures
[2011/10/24 15:50:51 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Videos

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< :OTL >[/color]
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/09 20:15:13 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 20:15:14 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/04 21:03:47 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[color=#A23BEC]< IE - HKLM\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color]

[color=#A23BEC]< IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2481033 >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2481033 >[/color]
Invalid Switch: search.condui...&ctid=CT2481033

[color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/...q={searchTerms} >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2481033 >[/color]

[color=#A23BEC]< O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color]

[color=#A23BEC]< O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color]

[color=#A23BEC]< O3 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 10 11:53:24 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 08 16:13:37 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 06 16:21:10 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 20 16:47:38 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 30 07:49:13 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 16 10:54:51 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 12 21:40:10 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 12 21:40:09 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 15 00:05:20 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 07 17:26:52 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 10 11:46:47 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 09 22:41:21 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\hpzinstall.log () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 31 19:02:06 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 16 16:35:18 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 29 19:39:11 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 29 19:53:37 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M] >[/color]
Invalid Switch: 17 19:40:12 | 000,000,000 | --SD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 24 13:50:00 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 27 20:32:23 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\mtbjfghn.xbe () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 16 16:03:37 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 21 11:09:12 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 25 21:44:43 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 25 20:28:45 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 22 07:00:09 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 20 16:39:48 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 29 20:56:06 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 04 20:52:05 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 25 21:44:49 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 11 15:08:43 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 26 17:10:54 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 27 12:55:50 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 29 21:04:08 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 09 21:09:20 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 29 19:15:41 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 25 21:44:46 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 09 03:34:50 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] >[/color]
Invalid Switch: 25 21:45:10 | 000,000,000 | -H-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 31 19:08:37 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] >[/color]
Invalid Switch: 01 03:04:50 | 000,000,000 | -H-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] >[/color]
Invalid Switch: 31 13:40:00 | 000,000,000 | -H-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -H-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 06 19:55:08 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Desktop [2013/01/13 20:42:56 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 13 20:42:56 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 10 20:21:05 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 02 17:56:34 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 30 14:58:20 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M] >[/color]
Invalid Switch: 24 11:05:13 | 000,000,000 | --SD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] >[/color]
Invalid Switch: 20 19:07:10 | 000,000,000 | -H-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 23 13:46:26 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 15 15:37:20 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\ntuser.dat.LOG1 () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\ntuser.dat.LOG2 () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\ntuser.ini () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 24 11:03:35 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 07 16:37:15 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 16 21:07:08 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 15 15:37:20 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] >[/color]
Invalid Switch: 14 04:20:08 | 000,000,000 | -H-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () >[/color]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | ---D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color]
Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] >[/color]
Invalid Switch: 12 11:56:35 | 000,000,000 | RH-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M] >[/color]
Invalid Switch: 20 19:38:06 | 000,000,000 | --SD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 14 05:54:24 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] >[/color]
Invalid Switch: 14 03:34:59 | 000,000,000 | RH-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] >[/color]
Invalid Switch: 29 19:03:42 | 000,000,000 | RH-D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] >[/color]
Invalid Switch: 01 03:07:11 | 000,000,000 | --SD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M] >[/color]
Invalid Switch: 01 03:07:11 | 000,000,000 | --SD | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M] >[/color]
Invalid Switch: 24 15:50:51 | 000,000,000 | R--D | M]

[color=#A23BEC]< O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M] >[/color]
Invalid Switch: 01 03:07:11 | 000,000,000 | --SD | M]

[color=#A23BEC]< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat >[/color]

[color=#A23BEC]< @Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F >[/color]

[color=#A23BEC]< @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< :Files >[/color]

[color=#A23BEC]< C:\Program Files (x86)\Ashampoo_PO >[/color]

[color=#A23BEC]< C:\Conduit >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F

< End of report >
[/log]

 

2. [log]

# AdwCleaner v2.105 - Logfile created 01/14/2013 at 19:09:41
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ashampoo_PO
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\Free Offers from Freeze.com
Deleted on reboot : C:\Program Files (x86)\StartSearch plugin
Deleted on reboot : C:\Users\David\AppData\Local\TempDir
Deleted on reboot : C:\Users\David\AppData\LocalLow\Ashampoo_PO
Deleted on reboot : C:\Users\David\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\David\AppData\LocalLow\PriceGong
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Ashampoo_PO
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Ashampoo_PO
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481033
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E84FA5-206A-4513-AC27-F8FA09480D78}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E84FA5-206A-4513-AC27-F8FA09480D78}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AF7557E-7BA9-4223-ACA8-2BC02795D4D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A45746AB-1BF7-4CAB-9DF6-5558C31F7342}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_PO Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481033 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\esltif73.default\prefs.js

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Users\David\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4980 octets] - [14/01/2013 19:09:41]

########## EOF - C:\AdwCleaner[S1].txt - [5040 octets] ##########
[/log]

 

3. [log]

OTL logfile created on: 14/01/2013 20:38:27 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.42% Memory free
6.49 Gb Paging File | 4.85 Gb Available in Paging File | 74.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 115.65 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 87.76 Gb Free Space | 59.91% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 76.77 Gb Free Space | 52.41% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 89.32 Gb Free Space | 91.47% Space Free | Partition Type: NTFS
Drive G: | 112.70 Gb Total Space | 96.84 Gb Free Space | 85.92% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe
PRC - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
PRC - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
PRC - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
MOD - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
MOD - [2012/12/26 17:29:49 | 016,185,832 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.dll
MOD - [2012/12/14 16:49:28 | 002,171,240 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MOD - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MOD - [2012/12/14 16:49:28 | 000,508,264 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MOD - [2012/12/12 19:14:55 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MOD - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MOD - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
MOD - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe
MOD - [2011/08/02 08:33:20 | 004,159,808 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\Engine.dll
MOD - [2011/08/02 08:33:06 | 003,578,176 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTCommonRes.dll
MOD - [2011/07/12 15:20:44 | 000,316,736 | ---- | M] (DT Soft Ltd.) -- F:\Programy\DAEMON Tools Lite\imgengine.dll
MOD - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
MOD - [2009/11/25 07:27:51 | 001,152,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2009/11/25 07:26:17 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2009/11/25 07:26:17 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2009/11/25 07:22:56 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2009/11/25 07:22:53 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2009/11/25 07:21:59 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2009/11/25 07:21:51 | 001,124,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/11/25 07:21:51 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/11/25 07:20:53 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2009/11/25 07:17:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2009/11/25 07:15:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
MOD - [2009/11/25 07:15:36 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2009/11/25 07:15:36 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16400_none_ebf9dccf6c73e561\comctl32.dll
MOD - [2009/11/25 07:15:36 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
MOD - [2009/11/10 11:09:24 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/11/10 10:19:56 | 001,228,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\resources\en-US\res_msgr.dll
MOD - [2009/07/14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll
MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2009/07/14 02:16:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll
MOD - [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009/07/14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009/07/14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2009/07/14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2009/07/14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2009/07/14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2009/07/14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009/07/14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009/07/14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2009/07/14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2009/07/14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2009/07/14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2009/07/14 02:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009/07/14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009/07/14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2009/07/14 02:16:12 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll
MOD - [2009/07/14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009/07/14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009/07/14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll
MOD - [2009/07/14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2009/07/14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009/07/14 02:16:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qmgrprxy.dll
MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009/07/14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009/07/14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll
MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll
MOD - [2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2009/07/14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2009/07/14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009/07/14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009/07/14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll
MOD - [2009/07/14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2009/07/14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2009/07/14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll
MOD - [2009/07/14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009/07/14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009/07/14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll
MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009/07/14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll
MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 02:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009/07/14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2009/07/14 02:15:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll
MOD - [2009/07/14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2009/07/14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2009/07/14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009/07/14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2009/07/14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2009/07/14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009/07/14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2009/07/14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll
MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
MOD - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
MOD - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011/09/08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009/04/17 09:47:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:[b]64bit:[/b] - [2009/04/12 02:26:35 | 000,578,878 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\Shahed.exe -- (.EsetTrialReset)
SRV:[b]64bit:[/b] - [2009/03/19 11:48:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/12 19:14:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/21 20:40:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/10/20 16:48:16 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011/09/08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/09/08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:[b]64bit:[/b] - [2011/08/17 10:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2011/06/06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2010/04/09 08:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2010/04/07 10:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:[b]64bit:[/b] - [2010/03/25 03:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:[b]64bit:[/b] - [2009/10/21 21:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:[b]64bit:[/b] - [2009/10/21 21:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:[b]64bit:[/b] - [2009/10/07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2009/09/30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009/09/24 07:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:[b]64bit:[/b] - [2009/09/22 16:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009/08/21 13:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:[b]64bit:[/b] - [2009/08/21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:[b]64bit:[/b] - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2009/07/04 18:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:[b]64bit:[/b] - [2009/07/02 07:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:[b]64bit:[/b] - [2009/07/01 17:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:[b]64bit:[/b] - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:[b]64bit:[/b] - [2009/06/25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:[b]64bit:[/b] - [2009/06/25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:[b]64bit:[/b] - [2009/06/13 01:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:[b]64bit:[/b] - [2009/06/13 01:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/12 13:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:[b]64bit:[/b] - [2009/05/05 05:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
DRV:[b]64bit:[/b] - [2009/05/05 05:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
DRV:[b]64bit:[/b] - [2009/04/16 11:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:[b]64bit:[/b] - [2009/03/19 11:46:04 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,164,936 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2009/03/19 11:44:36 | 000,134,024 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2009/03/19 11:41:42 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - [2009/02/11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2008/10/09 14:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:[b]64bit:[/b] - [2008/07/09 15:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:[b]64bit:[/b] - [2008/05/15 22:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:[b]64bit:[/b] - [2008/04/15 15:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64)
DRV:[b]64bit:[/b] - [2008/04/15 15:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64)
DRV:[b]64bit:[/b] - [2008/01/18 05:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:[b]64bit:[/b] - [2008/01/03 19:13:48 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC230NC.SYS -- (SPC230NC)
DRV:[b]64bit:[/b] - [2007/11/13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680)
DRV:[b]64bit:[/b] - [2007/10/03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:[b]64bit:[/b] - [2007/10/03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:[b]64bit:[/b] - [2007/10/03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:[b]64bit:[/b] - [2007/09/26 15:32:52 | 000,009,472 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV:[b]64bit:[/b] - [2007/06/01 10:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:[b]64bit:[/b] - [2007/05/11 18:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2007/04/11 22:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:[b]64bit:[/b] - [2007/04/11 22:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV:[b]64bit:[/b] - [2007/04/11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
DRV:[b]64bit:[/b] - [2007/02/01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r)
DRV:[b]64bit:[/b] - [2007/01/24 17:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
DRV:[b]64bit:[/b] - [2006/11/10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114)
DRV:[b]64bit:[/b] - [2006/11/02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124)
DRV:[b]64bit:[/b] - [2006/11/01 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2006/09/20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:[b]64bit:[/b] - [2006/09/18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv)
DRV:[b]64bit:[/b] - [2005/09/23 00:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=4637160c-2373-11e1-b02c-00158315a310&q={searchTerms}
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{EF40BF94-9292-4001-BB9B-719C402D3AF2}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120104,0,0,0,0
IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.41108.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\David\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/01/25 21:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 20:40:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/14 19:09:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/10/06 14:53:05 | 000,000,000 | ---D | M]

[2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}
[2012/06/27 20:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/10 23:57:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/21 20:40:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/04 20:51:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/15 12:37:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/15 12:37:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/11 23:00:46 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [ares] "F:\Programy\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 File not found
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Gadu-Gadu 10] F:\Programy\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RGSC] D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [WeatherBugAlert] C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\mtbjfghn.xbe ()
O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt ()
O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Desktop [2013/01/14 19:05:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\NTUSER.DAT ()
O4 - Startup: C:\Users\David\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\David\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\David\ntuser.ini ()
O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.2.132 62.179.2.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{819D1C69-4F04-42F6-AC7B-4697F4CAEE0E}: DhcpNameServer = 62.179.2.132 62.179.2.133
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell\AutoRun\command - "" = K:\iStudio.exe
O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell - "" = AutoRun
O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- C:\Conduit
[2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- \Conduit
[2012/12/25 19:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [cswos.com]
[2012/12/03 19:13:34 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/03 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/11/29 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012/11/22 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/11/22 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/11/22 07:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 07:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/21 21:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inixsoft

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2013/01/14 20:39:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 20:38:47 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 20:38:47 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 20:35:40 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/14 20:35:40 | 000,630,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/14 20:35:40 | 000,112,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/14 20:31:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/14 20:31:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/14 19:05:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/13 16:32:45 | 000,000,192 | ---- | M] () -- C:\Windows\winamp.ini
[2013/01/13 15:45:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/01/12 11:56:35 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/25 19:16:01 | 000,000,913 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk
[2012/12/25 13:07:27 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/03 19:13:34 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/02 19:23:45 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/11/29 20:51:13 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/22 07:00:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/01/12 11:56:35 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/11 22:10:16 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk
[2012/12/25 19:16:01 | 000,000,913 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk
[2012/12/02 19:23:45 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/11/29 20:51:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/29 20:51:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/23 16:31:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/04/19 18:20:53 | 000,921,632 | ---- | C] () -- \SPC230NC.DAT
[2012/02/18 16:09:47 | 000,000,842 | ---- | C] () -- C:\Windows\SysWow64\SPC230NC.INI
[2012/02/18 16:09:24 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011/11/30 14:56:57 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini
[2011/11/30 14:51:55 | 000,000,968 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/06 16:20:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2005/09/22 20:09:38 | 000,894,976 | ---- | C] () -- \msdia80.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/05/08 16:13:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo
[2011/10/20 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/11/30 07:49:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Diskeeper Corporation
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2012/09/16 10:54:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS
[2011/12/12 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core
[2011/12/12 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
[2009/11/15 00:05:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/07 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gadu-Gadu 10
[2012/03/31 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Local Settings
[2009/11/29 19:53:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\Messenger Plus!
[2012/11/25 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin
[2012/02/20 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/11/29 20:56:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Stardock
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/03/11 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\Telefónica
[2012/11/26 17:10:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/10/27 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Trusteer
[2012/11/29 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ubisoft
[2011/10/09 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uniblue
[2012/01/25 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\W3i
[2012/01/25 21:45:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}
[2012/03/31 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
[2009/12/01 03:04:50 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
[2011/12/31 13:40:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
[2011/10/06 14:52:26 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Application Data
[2011/10/06 19:55:08 | 000,000,000 | R--D | M] -- C:\Users\David\Contacts
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Cookies
[2013/01/14 19:05:59 | 000,000,000 | R--D | M] -- C:\Users\David\Desktop
[2013/01/10 20:21:05 | 000,000,000 | R--D | M] -- C:\Users\David\Documents
[2012/10/02 17:56:34 | 000,000,000 | R--D | M] -- C:\Users\David\Downloads
[2011/11/30 14:58:20 | 000,000,000 | R--D | M] -- C:\Users\David\Favorites
[2012/09/24 11:05:13 | 000,000,000 | --SD | M] -- C:\Users\David\Gry
[2011/10/20 19:07:10 | 000,000,000 | -H-D | M] -- C:\Users\David\InstallAnywhere
[2012/12/23 13:46:26 | 000,000,000 | R--D | M] -- C:\Users\David\Links
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Local Settings
[2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Music
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\My Documents
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\NetHood
[2012/09/24 11:03:35 | 000,000,000 | R--D | M] -- C:\Users\David\Pictures
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\PrintHood
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Recent
[2011/10/07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\David\Saved Games
[2011/11/16 21:07:08 | 000,000,000 | R--D | M] -- C:\Users\David\Searches
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\SendTo
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Start Menu
[2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Templates
[2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Videos
[2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2013/01/12 11:56:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011/10/20 19:38:06 | 000,000,000 | --SD | M] -- C:\Users\Public\Documents
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/11/29 19:03:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Music
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Pictures
[2011/10/24 15:50:51 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Videos

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F

< End of report >
[/log] i

RSIT

log:

[log]

Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2013-01-14 20:52:42
Microsoft Windows 7 Extreme Edition R1 - x64
System drive C: has 118 GB (59%) free of 200 GB
Total RAM: 3326 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:53:01, on 14/01/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Philips\SPC230NC\Monitor.exe
C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
F:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
F:\Programy\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\David\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\David.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WeatherBugAlert] "C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe" /st
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RGSC] D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
O4 - HKCU\..\Run: [Gadu-Gadu 10] "F:\Programy\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ares] "F:\Programy\Ares\Ares.exe" -h
O4 - HKLM\..\Policies\Explorer\Run: [41064] C:\PROGRA~3\LOCALS~1\Temp\msygea.bat
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TrayMin230.lnk = C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Trial Reset (.EsetTrialReset) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\Shahed.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TGCM_ImportWiFiSvc - Unknown owner - C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10303 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\esltif73.default

"crossriderapp1950@crossrider.com"=C:\Users\David\AppData\Local\RewardsArcadeSuite\1950\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files (x86)\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.41108.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
nprpjplug.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-04 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6EF6C45-5E8D-4c3b-B580-A5073261A381}]
RewardsArcadeSuite - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll [2011-11-03 528216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-04 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=F:\Programy\Winamp\winampa.exe [2004-12-20 33792]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-09-08 343168]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-02 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"41064"=C:\PROGRA~3\LOCALS~1\Temp\msygea.bat []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherBugAlert"=C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe [2010-02-22 442368]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"RGSC"=D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"Messenger (Yahoo!)"=C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216]
"InstallIQUpdater"=C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [2011-10-11 1179648]
"HUAWEI 3G Data Card MTS"=C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe [2008-01-27 344064]
"Gadu-Gadu 10"=F:\Programy\Gadu-Gadu 10\gg.exe [2011-07-04 13374048]
"DriverScanner"=C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe delay 20000 []
"DAEMON Tools Lite"=F:\Programy\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"ares"=F:\Programy\Ares\Ares.exe -h []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TrayMin230.lnk - C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll [2008-05-15 65536]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-14 20:52:47 ----D---- C:\Program Files (x86)\trend micro
2013-01-14 20:52:42 ----D---- C:\rsit
2013-01-14 19:09:41 ----A---- C:\AdwCleaner[S1].txt
2013-01-10 20:31:32 ----D---- C:\Conduit

======List of files/folders modified in the last 1 month======

2013-01-14 20:52:54 ----D---- C:\Windows\Temp
2013-01-14 20:52:47 ----RD---- C:\Program Files (x86)
2013-01-14 20:35:40 ----D---- C:\Windows\System32
2013-01-14 20:35:40 ----D---- C:\Windows\inf
2013-01-14 19:12:02 ----D---- C:\Windows
2013-01-13 16:32:45 ----A---- C:\Windows\winamp.ini
2013-01-13 15:45:15 ----A---- C:\Windows\NeroDigital.ini
2013-01-13 15:12:42 ----D---- C:\Windows\Logs
2013-01-13 14:20:01 ----D---- C:\Windows\SoftwareDistribution
2013-01-13 14:19:37 ----D---- C:\Users\David\AppData\Roaming\uTorrent
2013-01-12 11:57:23 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-11 22:16:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-01-11 22:10:16 ----D---- C:\Windows\pss
2013-01-07 12:59:30 ----D---- C:\Users\David\AppData\Roaming\DAEMON Tools Lite
2012-12-29 18:34:12 ----D---- C:\Windows\SysWOW64\drivers
2012-12-28 21:17:52 ----D---- C:\Users\David\AppData\Roaming\Gadu-Gadu 10
2012-12-28 11:07:47 ----SHD---- C:\System Volume Information
2012-12-27 11:41:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-12-27 10:05:32 ----SHD---- C:\Windows\Installer
2012-12-27 10:05:32 ----HD---- C:\ProgramData
2012-12-27 09:36:07 ----D---- C:\Users\David\AppData\Roaming\Sports Interactive
2012-12-26 17:30:03 ----D---- C:\Program Files (x86)\Opera
2012-12-26 14:39:33 ----D---- C:\Users\David\AppData\Roaming\Skype
2012-12-25 19:14:08 ----D---- C:\Windows\Prefetch
2012-12-25 19:11:47 ----D---- C:\Program Files (x86)\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 johci;JMicron 1394 Filter Driver; C:\Windows\system32\DRIVERS\johci.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys []
R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\DRIVERS\SiRemFil.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys []
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys []
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R2 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
R3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 PAEAFLT.sys;USB Composite Device; C:\Windows\system32\DRIVERS\PAEAFLT.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SPC230NC;Philips SPC230NC Webcam; C:\Windows\system32\DRIVERS\SPC230NC.SYS []
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys []
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys []
S3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
S3 hptmv;hptmv; C:\Windows\system32\DRIVERS\hptmv.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTVE.sys []
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTXPE.sys []
S3 iaStor;iaStor; C:\Windows\system32\DRIVERS\iaStor.sys []
S3 ioatdma;Intel(R) QuickData Technology device; C:\Windows\System32\Drivers\qd260x64.sys []
S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd162x64.sys []
S3 ioatdma2;Intel(R) QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd262x64.sys []
S3 iSSetup;iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys []
S3 iteraid;iteraid; C:\Windows\system32\DRIVERS\iteraid.sys []
S3 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys []
S3 MegaSR1;MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys []
S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys []
S3 nvamacpi;nvamacpi; C:\Windows\system32\DRIVERS\NVAMACPI.sys []
S3 nvrd64;nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys []
S3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys []
S3 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys []
S3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys []
S3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sdx64.sys []
S3 Pnp680;Pnp680; C:\Windows\system32\DRIVERS\pnp680.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys []
S3 rimspci;rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys []
S3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys []
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []
S3 risdpcie;risdpcie; C:\Windows\system32\DRIVERS\risdpe64.sys []
S3 rismxdp;rismxdp; C:\Windows\system32\DRIVERS\rixdpx64.sys []
S3 rixdpcie;rixdpcie; C:\Windows\system32\DRIVERS\rixdpe64.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 SI3112r;SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys []
S3 SI3114;SI3114; C:\Windows\system32\DRIVERS\SI3114.sys []
S3 SI3114r;SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys []
S3 SI3124;SI3124; C:\Windows\system32\DRIVERS\SI3124.sys []
S3 Si3124r5;Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys []
S3 SI3132;SI3132; C:\Windows\system32\DRIVERS\SI3132.sys []
S3 Si3531;Si3531; C:\Windows\system32\DRIVERS\Si3531.sys []
S3 SISAGP;SiS AGP Filter; C:\Windows\system32\DRIVERS\SISAGPX.sys []
S3 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys []
S3 viaagp1;VIA AGP Filter; C:\Windows\system32\DRIVERS\viaagp1.sys []
S3 viamrx64;viamrx64; C:\Windows\system32\DRIVERS\viamrx64.sys []
S3 ViBusX64;ViBusX64; C:\Windows\system32\DRIVERS\ViBusX64.sys []
S3 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys []
S3 ViPrtX64;ViPrtX64; C:\Windows\system32\DRIVERS\ViPrtX64.sys []
S3 vm3dmp;vm3dmp; C:\Windows\system32\DRIVERS\vm3dmp.sys []
S3 VMAUDIO;VMware VMaudio (VMAUDIO) (WDM); C:\Windows\system32\drivers\vmaudio.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys []
S3 vmmouse;VMware Pointing Device; C:\Windows\system32\DRIVERS\vmmouse.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2009-04-17 1995544]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-03-19 731840]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-11-29 75136]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc; C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [2010-08-02 199600]
S2 .EsetTrialReset;Trial Reset; C:\Program Files\ESET\ESET Smart Security\Shahed.exe [2009-04-12 578878]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-03-19 23296]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------
[/log]

 

info:

[log]

info.txt logfile of random's system information tool 1.09 2013-01-14 20:53:03

======Uninstall list======

-->C:\ProgramData\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}\UMPSetup.exe
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent-->"F:\Programy\uTorrent\uTorrent.exe" /UNINSTALL
3 USB Modem-->C:\PROGRA~2\HUAWEI~1\HUAWEI~1\Uninstall.exe
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Assassin's Creed Revelations-->"C:\Program Files (x86)\InstallShield Installation Information\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}\setup.exe" -runfromtemp -l0x0015 -removeonly
Carambis Driver Updater-->C:\Program Files (x86)\Carambis\Driver Updater\uninstall.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}
Combined Community Codec Pack 2011-11-11-->"C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe"
Connection Manager-->"C:\Program Files (x86)\O2\Connection Manager\Uninstall.exe"
Cortona® VRML Client-->C:\PROGRA~2\PARALL~1\CORTON~1\UNWISE32.EXE C:\PROGRA~2\PARALL~1\CORTON~1\Install.log
Counter-Strike 1.6 [cswos.com]-->"D:\Counter-Strike 1.6 [cswos.com]\unins000.exe"
DAEMON Tools Lite-->F:\Programy\DAEMON Tools Lite\uninst.exe
Deluxe Ski Jump 4-->"D:\Deluxe Ski Jump 4\Uninstall\unins000.exe"
Football Manager 2012-->"D:\Football Manager 2012\unins000.exe"
Free 3GP Video Converter version 5.0.1.1123-->C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
Gadu-Gadu 10-->F:\Programy\Gadu-Gadu 10\Uninstall.exe
Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HUAWEI DataCard Driver 4.05.00.00-->C:\Program Files (x86)\HUAWEI Modem Driver\uninst.exe
IconPackager-->"C:\ProgramData\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}\IconPackager.exe" REMOVE=TRUE MODIFY=FALSE
IconPackager-->C:\ProgramData\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}\IconPackager.exe
InstallIQ Updater-->MsiExec.exe /X{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
KalOnline-->C:\Program Files (x86)\InstallShield Installation Information\{B9174A04-C46A-4142-9D70-7D4E24FB0BF6}\setup.exe -runfromtemp -l0x0015 -removeonly
KalOnline-->C:\Program Files (x86)\InstallShield Installation Information\{CCE4507E-7D40-4AEB-84FC-A63C35666A94}\setup.exe -runfromtemp -l0x0009 -removeonly
K-Lite Mega Codec Pack 5.5.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Macromedia Flash Player 8-->MsiExec.exe /X{0A28C610-EE06-4A33-BB56-A2155B524916}
Malwarebytes Anti-Malware wersja 1.70.0.1100-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Service Pack 1 Redistributable-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MojDzwonek.com - konwerter dzwonków TrueTone-->"F:\Programy\Dzwonki\uninstall.exe"
Mozilla Firefox 14.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT Redists-->MsiExec.exe /I{0F733E11-408E-11E1-B5FE-F04DA23A5C58}
NapiProjekt (2.0.0.2151)-->"C:\Program Files (x86)\NapiProjekt\unins000.exe"
Nero 8 Lite 8.3.2.1-->"C:\Program Files (x86)\Nero\unins000.exe"
Niezbêdnik CD-->C:\Windows\unins000.exe
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Opera 12.12-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
Pazera Free 3GP to AVI Converter 1.4-->"C:\Program Files (x86)\pazera-software\3GP_to_AVI_Converter\unins000.exe"
Philips SPC230NC Webcam-->C:\Program Files (x86)\InstallShield Installation Information\{52480FEE-7C32-47B7-95BF-D24374FBB54C}\setup.exe -runfromtemp -l0x0009 -removeonly
PunkBuster Services-->C:\Users\David\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe -u
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053}
The Sims™ 3 Ambitions-->"C:\Program Files (x86)\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\Sims3EP02Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Diesel Stuff-->"C:\Program Files (x86)\InstallShield Installation Information\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}\Sims3SP07Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Generations-->"C:\Program Files (x86)\InstallShield Installation Information\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}\Sims3EP04Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Late Night-->"C:\Program Files (x86)\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\Sims3EP03Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Pets-->"C:\Program Files (x86)\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-8A496462F106}\Sims3EP05Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Seasons-->"C:\Program Files (x86)\InstallShield Installation Information\{3DE92282-CB49-434F-81BF-94E5B380E889}\Sims3EP08Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Showtime-->"C:\Program Files (x86)\InstallShield Installation Information\{3BBFD444-5FAB-49F6-98B1-A1954E831399}\Sims3EP06Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0015 -removeonly
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Ultimate Media Player-->"C:\ProgramData\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}\UMPSetup.exe" REMOVE=TRUE MODIFY=FALSE
UltraISO Premium V9.35-->"C:\Program Files (x86)\UltraISO\unins000.exe"
Universal Extractor 1.6-->"C:\Program Files (x86)\Universal Extractor\unins000.exe"
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}
Vegas Pro 11.0-->MsiExec.exe /X{0BF3B440-408E-11E1-BA79-F04DA23A5C58}
WeatherBug Alert-->MsiExec.exe /X{7426428E-71D4-452C-BA13-B14E5EB52859}
Winamp (remove only)-->"F:\Programy\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG

======System event log======

Computer Name: David-PC
Event Code: 7000
Message: The Trial Reset service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 92738
Source Name: Service Control Manager
Time Written: 20120425143852.526034-000
Event Type: Error
User:

Computer Name: David-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Trial Reset service to connect.
Record Number: 92737
Source Name: Service Control Manager
Time Written: 20120425143852.526034-000
Event Type: Error
User:

Computer Name: David-PC
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 92616
Source Name: volsnap
Time Written: 20120424155952.567644-000
Event Type: Error
User:

Computer Name: David-PC
Event Code: 7000
Message: The Trial Reset service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 92553
Source Name: Service Control Manager
Time Written: 20120424153709.598430-000
Event Type: Error
User:

Computer Name: David-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Trial Reset service to connect.
Record Number: 92552
Source Name: Service Control Manager
Time Written: 20120424153709.598430-000
Event Type: Error
User:

=====Application event log=====

Computer Name: David-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
17 user registry handles leaked from \Registry\User\S-1-5-21-2465994285-61389061-1913302713-1005:
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\Root
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\CA
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\Disallowed
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\trust

Record Number: 4528
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20111024091819.129430-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: David-PC
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 4523
Source Name: Microsoft-Windows-CAPI2
Time Written: 20111024082143.599989-000
Event Type: Error
User:

Computer Name: David-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
9 user registry handles leaked from \Registry\User\S-1-5-21-2465994285-61389061-1913302713-1005:
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Internet Explorer\IETld
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies
Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Record Number: 4493
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20111023213852.785435-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: David-PC
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 4474
Source Name: Microsoft-Windows-CAPI2
Time Written: 20111023190800.029808-000
Event Type: Error
User:

Computer Name: David-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
11 user registry handles leaked from \Registry\User\S-1-5-21-2465994285-61389061-1913302713-1005:
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\Root
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\CA
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\trust

Record Number: 4445
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20111023151300.345176-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: amit-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 938
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211192526.921875-000
Event Type: Audit Success
User:

Computer Name: amit-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: AMIT-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x204
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 937
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211192526.921875-000
Event Type: Audit Success
User:

Computer Name: amit-PC
Event Code: 4738
Message: A user account was changed.

Subject:
Security ID: S-1-5-21-765963876-391559905-182306359-500
Account Name: Administrator
Account Domain: amit-PC
Logon ID: 0x18f4b

Target Account:
Security ID: S-1-5-21-765963876-391559905-182306359-500
Account Name: Administrator
Account Domain: amit-PC

Changed Attributes:
SAM Account Name: -
Display Name: -
User Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: -
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: 0x210
New UAC Value: 0x211
User Account Control:
Account Disabled
User Parameters: -
SID History: -
Logon Hours: -

Additional Information:
Privileges: -
Record Number: 936
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211192520.359375-000
Event Type: Audit Success
User:

Computer Name: amit-PC
Event Code: 4725
Message: A user account was disabled.

Subject:
Security ID: S-1-5-21-765963876-391559905-182306359-500
Account Name: Administrator
Account Domain: amit-PC
Logon ID: 0x18f4b

Target Account:
Security ID: S-1-5-21-765963876-391559905-182306359-500
Account Name: Administrator
Account Domain: amit-PC
Record Number: 935
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211192520.359375-000
Event Type: Audit Success
User:

Computer Name: amit-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-765963876-391559905-182306359-500
Account Name: Administrator
Domain Name: amit-PC
Logon ID: 0x18f4b
Record Number: 934
Source Name: Microsoft-Windows-Eventlog
Time Written: 20091211192508.593750-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files (x86)\Universal Extractor;C:\Program Files (x86)\Universal Extractor\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"RGSCLauncher"=D:\GTA CZTERY\Rockstar Games Social Club
"RGSC"=D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------
[/log]



To ktokolwiek jest w stanie mi pomóc ? 

Natsuki Kuga
komentarz
komentarz

Skrypt do OTL został wykonany niepoprawnie - miałeś kliknąć [b]Wykonaj skrypt,[/b] a nie [b]Skanuj.[/b] Powtórz ten krok, potem wygeneruj nowy zestaw logów i go zaprezentuj.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.