Davids utworzono 12 stycznia 2013 utworzono 12 stycznia 2013 Witam, otóż mam problem, bo od 2 dni nie działa mi Facebook, każda inna strona działa wręcz perfekcyjnie, jednak FB w ogołe się nie otwiera. Próbowałem usuwać ciasteczka, skanowałem komputer ESET'em i Malwarebytes, i fb dalej nie działa, patrzyłem do pliku Hosts w C/Windows/System32/Drivers/Etc i tam też nic nie ma... Nie wiem co robić...
Witek_21 komentarz 12 stycznia 2013 komentarz 12 stycznia 2013 Może coś blokuje... Wyłącz firewalla i antyvira i zobacz czy strona się załaduje. Jeśli to nie pomoże, to wrzuć logi z OTL, według wzoru z podwieszonego tematu.
Davids komentarz 13 stycznia 2013 Autor komentarz 13 stycznia 2013 Powiem tak że skanowałem jeszcze raz komputer programem Malwarebytes, skanowało ponad 3 godziny i po 3 godzinach wyszedł jeden plik o nazwie Troyan.Agent. Jednak jak go usunąłem, to on powrócił, a strona Facebooka dalej jak nie działała tak nie działa, co zrobić, żeby usunąć ten wirus ? i co zrobić, żeby ten FB mi działał, próbowałem wyłączać firewalla i antywirusa i dalej strona nie działa, jedynie przez servery proxy fb wchodzi, ale tylko do czasu logowania, bo potem FB blokuje dalsze wejście.
Natsuki Kuga komentarz 13 stycznia 2013 komentarz 13 stycznia 2013 Podaj dokładną nazwę i lokalizację wykrytej infekcji, zapoznaj się z przyklejonymi działu i pokaż zestaw odpowiednich logów.
Davids komentarz 13 stycznia 2013 Autor komentarz 13 stycznia 2013 tutaj tekst loga [log] OTL logfile created on: 13/01/2013 20:45:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 59.43% Memory free 6.49 Gb Paging File | 4.88 Gb Available in Paging File | 75.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195.21 Gb Total Space | 115.65 Gb Free Space | 59.24% Space Free | Partition Type: NTFS Drive D: | 146.48 Gb Total Space | 87.76 Gb Free Space | 59.91% Space Free | Partition Type: NTFS Drive E: | 146.48 Gb Total Space | 76.77 Gb Free Space | 52.41% Space Free | Partition Type: NTFS Drive F: | 97.65 Gb Total Space | 89.32 Gb Free Space | 91.47% Space Free | Partition Type: NTFS Drive G: | 112.70 Gb Total Space | 96.84 Gb Free Space | 85.92% Space Free | Partition Type: NTFS Computer Name: DAVID-PC | User Name: David | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe PRC - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe PRC - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe PRC - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe PRC - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe PRC - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe PRC - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2008/11/14 14:35:28 | 001,453,992 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSC.exe PRC - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe PRC - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe MOD - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe MOD - [2012/12/26 17:29:49 | 016,185,832 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.dll MOD - [2012/12/14 16:49:28 | 002,171,240 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll MOD - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe MOD - [2012/12/14 16:49:28 | 000,508,264 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll MOD - [2012/12/12 19:14:55 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe MOD - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe MOD - [2011/09/08 18:34:10 | 000,732,672 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll MOD - [2011/09/08 18:08:24 | 004,064,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdva.dll MOD - [2011/09/08 18:05:44 | 004,289,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdag.dll MOD - [2011/09/08 17:51:44 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiu9pag.dll MOD - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe MOD - [2011/08/02 08:33:20 | 004,159,808 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\Engine.dll MOD - [2011/08/02 08:33:06 | 003,578,176 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTCommonRes.dll MOD - [2011/07/12 15:20:44 | 000,316,736 | ---- | M] (DT Soft Ltd.) -- F:\Programy\DAEMON Tools Lite\imgengine.dll MOD - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe MOD - [2009/11/30 08:21:33 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ed3da6921170384d1995a17680a0f290\mscorlib.ni.dll MOD - [2009/11/29 20:08:33 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\e375d8f69eb222534a004d83773f3346\System.Messaging.ni.dll MOD - [2009/11/29 19:08:27 | 001,914,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\b2450e07682acbbb19148a594bc44cc1\System.Workflow.Runtime.ni.dll MOD - [2009/11/29 19:08:26 | 004,514,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5e95cb2b98a303d404dfaaf11d524f57\System.Workflow.ComponentModel.ni.dll MOD - [2009/11/29 19:08:22 | 002,995,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\58a99e17be0d550ce7af458b6d63fe6e\System.Workflow.Activities.ni.dll MOD - [2009/11/29 19:08:15 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c72de283250173a384b38432b42fd77\PresentationFramework.Classic.ni.dll MOD - [2009/11/29 19:08:09 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a93f978561ac14b93b72f3f3d68caf41\PresentationFramework.ni.dll MOD - [2009/11/29 19:07:56 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2fd63ca914cb61bd282da04a4872d5be\PresentationCore.ni.dll MOD - [2009/11/29 19:07:43 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7ff93f074ac9aca0fbb7ac0c5a46ed2\WindowsBase.ni.dll MOD - [2009/11/29 19:07:07 | 010,578,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\1364f3d4f45f439ab9e3a7b5a5f90aeb\System.Design.ni.dll MOD - [2009/11/29 19:06:58 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b21985ab80345667293196dadaa3b7c9\System.EnterpriseServices.ni.dll MOD - [2009/11/29 19:06:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\e72985719bc2cb674d42d61f67135760\System.Transactions.ni.dll MOD - [2009/11/29 19:06:45 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c266417c7473eb4dc8989bab7e525df3\System.Drawing.ni.dll MOD - [2009/11/29 19:06:29 | 000,676,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\403d8b5e40c442720079ac468fcfebf7\System.Security.ni.dll MOD - [2009/11/29 19:06:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0ab77212f0501a793c454a1ae58f24fd\System.Xml.ni.dll MOD - [2009/11/29 19:06:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\604f8dbf0bc680cd035d4c17ec2ddaea\System.Configuration.ni.dll MOD - [2009/11/29 19:06:19 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\8c28500b713e22a32c5a9bfaa626c6aa\System.ni.dll MOD - [2009/11/25 07:27:51 | 001,152,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009/11/25 07:27:09 | 005,817,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MOD - [2009/11/25 07:26:17 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009/11/25 07:26:17 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009/11/25 07:22:56 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009/11/25 07:22:53 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2009/11/25 07:22:07 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll MOD - [2009/11/25 07:21:59 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009/11/25 07:21:51 | 001,124,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009/11/25 07:21:51 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009/11/25 07:20:53 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009/11/25 07:17:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2009/11/25 07:15:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll MOD - [2009/11/25 07:15:36 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009/11/25 07:15:36 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16400_none_ebf9dccf6c73e561\comctl32.dll MOD - [2009/11/25 07:15:36 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe MOD - [2009/11/10 11:09:24 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2009/11/10 10:19:56 | 001,228,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\resources\en-US\res_msgr.dll MOD - [2009/07/14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2009/07/14 02:16:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll MOD - [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009/07/14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll MOD - [2009/07/14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009/07/14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2009/07/14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2009/07/14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2009/07/14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009/07/14 02:16:18 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll MOD - [2009/07/14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2009/07/14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009/07/14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009/07/14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009/07/14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll MOD - [2009/07/14 02:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll MOD - [2009/07/14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009/07/14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2009/07/14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009/07/14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009/07/14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009/07/14 02:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll MOD - [2009/07/14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll MOD - [2009/07/14 02:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009/07/14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009/07/14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009/07/14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009/07/14 02:16:12 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll MOD - [2009/07/14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009/07/14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009/07/14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll MOD - [2009/07/14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll MOD - [2009/07/14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009/07/14 02:16:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qmgrprxy.dll MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009/07/14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009/07/14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll MOD - [2009/07/14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009/07/14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll MOD - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009/07/14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2009/07/14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009/07/14 02:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2009/07/14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009/07/14 02:15:43 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctfui.dll MOD - [2009/07/14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2009/07/14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2009/07/14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009/07/14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009/07/14 02:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2009/07/14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2009/07/14 02:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2009/07/14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll MOD - [2009/07/14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2009/07/14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009/07/14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll MOD - [2009/07/14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009/07/14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009/07/14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll MOD - [2009/07/14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009/07/14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009/07/14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll MOD - [2009/07/14 02:15:08 | 001,826,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2009/07/14 02:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll MOD - [2009/07/14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll MOD - [2009/07/14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009/07/14 02:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009/07/14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009/07/14 02:15:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll MOD - [2009/07/14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2009/07/14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009/07/14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009/07/14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009/07/14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2009/07/14 02:14:51 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009/07/14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009/07/14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009/07/14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009/07/14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009/07/14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009/07/14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll MOD - [2009/06/10 22:23:23 | 000,278,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscoree.dll MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll MOD - [2009/06/10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll MOD - [2009/06/10 22:23:08 | 000,074,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll MOD - [2009/06/10 22:23:05 | 000,363,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MOD - [2009/06/10 22:14:57 | 000,778,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PresentationNative_v0300.dll MOD - [2009/06/10 22:14:52 | 001,736,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll MOD - [2008/11/14 14:35:34 | 000,036,776 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCWorkflows.dll MOD - [2008/11/14 14:35:32 | 000,029,608 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCUtil.dll MOD - [2008/11/14 14:35:32 | 000,019,880 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCUpdates.dll MOD - [2008/11/14 14:35:30 | 000,021,416 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCSocial.dll MOD - [2008/11/14 14:35:28 | 001,453,992 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSC.exe MOD - [2008/11/14 14:35:28 | 000,015,784 | R--- | M] (Take-Two Interactive Software, Inc.) -- D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0\RGSCData.dll MOD - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe MOD - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll MOD - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/09/08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009/04/17 09:47:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV:[b]64bit:[/b] - [2009/04/12 02:26:35 | 000,578,878 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\Shahed.exe -- (.EsetTrialReset) SRV:[b]64bit:[/b] - [2009/03/19 11:48:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/12 19:14:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/21 20:40:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011/10/20 16:48:16 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011/09/08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/09/08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:[b]64bit:[/b] - [2011/08/17 10:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:[b]64bit:[/b] - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:[b]64bit:[/b] - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2011/06/06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2010/04/09 08:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2010/04/07 10:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:[b]64bit:[/b] - [2010/03/25 03:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:[b]64bit:[/b] - [2009/10/21 21:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse) DRV:[b]64bit:[/b] - [2009/10/21 21:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp) DRV:[b]64bit:[/b] - [2009/10/07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - [2009/09/30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009/09/24 07:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup) DRV:[b]64bit:[/b] - [2009/09/22 16:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2009/08/21 13:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:[b]64bit:[/b] - [2009/08/21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:[b]64bit:[/b] - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009/07/04 18:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:[b]64bit:[/b] - [2009/07/02 07:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:[b]64bit:[/b] - [2009/07/01 17:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:[b]64bit:[/b] - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2009/06/25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2009/06/25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:[b]64bit:[/b] - [2009/06/13 01:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) DRV:[b]64bit:[/b] - [2009/06/13 01:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/05/12 13:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR) DRV:[b]64bit:[/b] - [2009/05/05 05:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64) DRV:[b]64bit:[/b] - [2009/05/05 05:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64) DRV:[b]64bit:[/b] - [2009/04/16 11:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1) DRV:[b]64bit:[/b] - [2009/03/19 11:46:04 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,164,936 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:[b]64bit:[/b] - [2009/03/19 11:44:36 | 000,134,024 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2009/03/19 11:41:42 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon) DRV:[b]64bit:[/b] - [2009/02/11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2008/10/09 14:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:[b]64bit:[/b] - [2008/07/09 15:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64) DRV:[b]64bit:[/b] - [2008/05/15 22:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:[b]64bit:[/b] - [2008/04/15 15:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64) DRV:[b]64bit:[/b] - [2008/04/15 15:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64) DRV:[b]64bit:[/b] - [2008/01/18 05:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) DRV:[b]64bit:[/b] - [2008/01/03 19:13:48 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC230NC.SYS -- (SPC230NC) DRV:[b]64bit:[/b] - [2007/11/13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680) DRV:[b]64bit:[/b] - [2007/10/03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:[b]64bit:[/b] - [2007/10/03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:[b]64bit:[/b] - [2007/10/03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132) DRV:[b]64bit:[/b] - [2007/09/26 15:32:52 | 000,009,472 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAEAFLT.sys -- (PAEAFLT.sys) DRV:[b]64bit:[/b] - [2007/06/01 10:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531) DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2007/05/11 18:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2007/04/11 22:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) DRV:[b]64bit:[/b] - [2007/04/11 22:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) DRV:[b]64bit:[/b] - [2007/04/11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r) DRV:[b]64bit:[/b] - [2007/02/01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r) DRV:[b]64bit:[/b] - [2007/01/24 17:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP) DRV:[b]64bit:[/b] - [2006/11/10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114) DRV:[b]64bit:[/b] - [2006/11/02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124) DRV:[b]64bit:[/b] - [2006/11/01 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2006/09/20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:[b]64bit:[/b] - [2006/09/18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv) DRV:[b]64bit:[/b] - [2005/09/23 00:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=4637160c-2373-11e1-b02c-00158315a310&q={searchTerms} IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{EF40BF94-9292-4001-BB9B-719C402D3AF2}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120104,0,0,0,0 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.41108.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\David\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/01/25 21:44:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 20:40:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/04 20:51:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/10/06 14:53:05 | 000,000,000 | ---D | M] [2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions [2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} [2012/06/27 20:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/10 23:57:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/07/21 20:40:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/04 20:51:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2012/07/15 12:37:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/15 12:37:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/01/11 23:00:46 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps) O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) O4:[b]64bit:[/b] - HKLM..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [ares] "F:\Programy\Ares\Ares.exe" -h File not found O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Gadu-Gadu 10] F:\Programy\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RGSC] D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [WeatherBugAlert] C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\hpzinstall.log () O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\mtbjfghn.xbe () O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt () O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt () O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt () O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Desktop [2013/01/13 20:42:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\NTUSER.DAT () O4 - Startup: C:\Users\David\ntuser.dat.LOG1 () O4 - Startup: C:\Users\David\ntuser.dat.LOG2 () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\ntuser.ini () O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.2.132 62.179.2.133 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{819D1C69-4F04-42F6-AC7B-4697F4CAEE0E}: DhcpNameServer = 62.179.2.132 62.179.2.133 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell\AutoRun\command - "" = K:\iStudio.exe O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell - "" = AutoRun O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- C:\Conduit [2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- \Conduit [2012/12/25 19:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [cswos.com] [2012/12/03 19:13:34 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012/12/03 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012/11/29 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012/11/22 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012/11/22 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/11/22 07:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/11/22 07:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/11/21 21:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/11/21 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inixsoft [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2013/01/13 20:44:36 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/13 20:44:36 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/13 20:41:33 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/13 20:41:33 | 000,630,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/13 20:41:33 | 000,112,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/13 20:39:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/13 20:37:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/13 20:37:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/13 16:32:45 | 000,000,192 | ---- | M] () -- C:\Windows\winamp.ini [2013/01/13 16:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/13 15:45:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013/01/12 11:56:35 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/25 19:16:01 | 000,000,913 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk [2012/12/25 13:07:27 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/03 19:13:34 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012/12/02 19:23:45 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2012/11/29 20:51:13 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/22 07:00:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/12 11:56:35 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/11 22:10:16 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk [2012/12/25 19:16:01 | 000,000,913 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk [2012/12/02 19:23:45 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012/11/29 20:51:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 20:51:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/05/23 16:31:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012/04/19 18:20:53 | 000,921,632 | ---- | C] () -- \SPC230NC.DAT [2012/02/18 16:09:47 | 000,000,842 | ---- | C] () -- C:\Windows\SysWow64\SPC230NC.INI [2012/02/18 16:09:24 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011/11/30 14:56:57 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini [2011/11/30 14:51:55 | 000,000,968 | ---- | C] () -- C:\Windows\unins000.dat [2011/10/06 16:20:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2005/09/22 20:09:38 | 000,894,976 | ---- | C] () -- \msdia80.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2012/05/08 16:13:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo [2011/10/20 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009/11/30 07:49:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Diskeeper Corporation [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS [2011/12/12 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core [2011/12/12 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts [2009/11/15 00:05:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2011/12/07 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gadu-Gadu 10 [2012/03/31 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Local Settings [2009/11/29 19:53:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\Messenger Plus! [2012/11/25 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin [2012/02/20 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony [2009/11/29 20:56:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Stardock [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2012/03/11 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\Telefónica [2012/11/26 17:10:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2011/10/27 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Trusteer [2012/11/29 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ubisoft [2011/10/09 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uniblue [2012/01/25 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\W3i [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Application Data [2011/10/06 19:55:08 | 000,000,000 | R--D | M] -- C:\Users\David\Contacts [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Cookies [2013/01/13 20:42:56 | 000,000,000 | R--D | M] -- C:\Users\David\Desktop [2013/01/10 20:21:05 | 000,000,000 | R--D | M] -- C:\Users\David\Documents [2012/10/02 17:56:34 | 000,000,000 | R--D | M] -- C:\Users\David\Downloads [2011/11/30 14:58:20 | 000,000,000 | R--D | M] -- C:\Users\David\Favorites [2012/09/24 11:05:13 | 000,000,000 | --SD | M] -- C:\Users\David\Gry [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] -- C:\Users\David\InstallAnywhere [2012/12/23 13:46:26 | 000,000,000 | R--D | M] -- C:\Users\David\Links [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Local Settings [2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Music [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\NetHood [2012/09/24 11:03:35 | 000,000,000 | R--D | M] -- C:\Users\David\Pictures [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Recent [2011/10/07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\David\Saved Games [2011/11/16 21:07:08 | 000,000,000 | R--D | M] -- C:\Users\David\Searches [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Templates [2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Videos [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2011/10/20 19:38:06 | 000,000,000 | --SD | M] -- C:\Users\Public\Documents [2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Pictures [2011/10/24 15:50:51 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Videos [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< Quote >[/color] [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 06:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/10/09 20:15:13 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011/10/09 20:15:14 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012/04/04 21:03:47 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [color=#A23BEC]< >[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2005/09/22 20:09:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2013/01/13 20:36:59 | 3487,752,192 | -HS- | M] () -- C:\pagefile.sys [2011/12/29 12:05:03 | 000,017,498 | ---- | M] () -- C:\shared.log [2012/12/25 13:07:27 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_e8ae2662e553ad0f\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.20551_none_16adec2ff16ac3e3\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a5210cb0540e395e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [2009/11/25 07:16:35 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=91543759D93F9EF026458DA5DA3452CC -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.20493_none_bc1b19d4d69ff9fe\cdrom.sys [2009/11/25 07:16:35 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\SysNative\drivers\cdrom.sys [2009/11/25 07:16:35 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_98e633ec9740bcb1\cdrom.sys [2009/11/25 07:16:35 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16397_none_bb957e31bd7ebf90\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009/11/25 07:15:36 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=467D2C33B82990603E9E90FE96B034C3 -- C:\Windows\SysNative\drivers\ndis.sys [2009/11/25 07:15:36 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=467D2C33B82990603E9E90FE96B034C3 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16400_none_040d9d423583b2ab\ndis.sys [2009/11/25 07:15:36 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=613D1170CE8E0EA30EB83F3004C09016 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.20496_none_043bea974ee4e8d1\ndis.sys [2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/11/25 07:25:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\SysNative\winlogon.exe [2009/11/25 07:25:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe [2009/11/25 07:25:51 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F < End of report > [/log] A ten wirus jest w HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|41064 Co dalej robić ?
Natsuki Kuga komentarz 14 stycznia 2013 komentarz 14 stycznia 2013 1. Do OTL wklej: [spoiler] :OTL IE - HKLM\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2481033 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2481033 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/...q={searchTerms} IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2481033 O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\hpzinstall.log () O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\mtbjfghn.xbe () O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt () O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt () O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt () O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Desktop [2013/01/13 20:42:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\NTUSER.DAT () O4 - Startup: C:\Users\David\ntuser.dat.LOG1 () O4 - Startup: C:\Users\David\ntuser.dat.LOG2 () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\ntuser.ini () O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat @Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F :Files C:\Program Files (x86)\Ashampoo_PO C:\Conduit [/spoiler]Wykonaj skrypt, pokaż raport.2. Użyj AdwCleaner z opcji Delete. Pokaż raport.3. Do OTL wklej: [spoiler] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inixsoft\*.* C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}\*.* C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\*.* C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}\*.* C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\*.* [/spoiler]Skanuj, pokaż log (wraz z Extras!). Pokaż też log z RSIT (instrukcja w przyklejonych).
Davids komentarz 15 stycznia 2013 Autor komentarz 15 stycznia 2013 1. [log] OTL logfile created on: 14/01/2013 18:57:12 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 61.07% Memory free 6.49 Gb Paging File | 4.96 Gb Available in Paging File | 76.34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195.21 Gb Total Space | 115.62 Gb Free Space | 59.23% Space Free | Partition Type: NTFS Drive D: | 146.48 Gb Total Space | 87.76 Gb Free Space | 59.91% Space Free | Partition Type: NTFS Drive E: | 146.48 Gb Total Space | 76.77 Gb Free Space | 52.41% Space Free | Partition Type: NTFS Drive F: | 97.65 Gb Total Space | 89.32 Gb Free Space | 91.47% Space Free | Partition Type: NTFS Drive G: | 112.70 Gb Total Space | 96.84 Gb Free Space | 85.92% Space Free | Partition Type: NTFS Computer Name: DAVID-PC | User Name: David | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe PRC - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe PRC - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe PRC - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe PRC - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe PRC - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe PRC - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe PRC - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe MOD - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe MOD - [2012/12/26 17:29:49 | 016,185,832 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.dll MOD - [2012/12/14 16:49:28 | 002,171,240 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll MOD - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe MOD - [2012/12/14 16:49:28 | 000,508,264 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll MOD - [2012/12/12 19:14:55 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe MOD - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe MOD - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe MOD - [2011/08/02 08:33:20 | 004,159,808 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\Engine.dll MOD - [2011/08/02 08:33:06 | 003,578,176 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTCommonRes.dll MOD - [2011/07/12 15:20:44 | 000,316,736 | ---- | M] (DT Soft Ltd.) -- F:\Programy\DAEMON Tools Lite\imgengine.dll MOD - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe MOD - [2009/11/25 07:27:51 | 001,152,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009/11/25 07:26:17 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009/11/25 07:26:17 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009/11/25 07:22:56 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009/11/25 07:22:53 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2009/11/25 07:22:07 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll MOD - [2009/11/25 07:21:59 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009/11/25 07:21:51 | 001,124,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009/11/25 07:21:51 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009/11/25 07:20:53 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009/11/25 07:17:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2009/11/25 07:15:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll MOD - [2009/11/25 07:15:36 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009/11/25 07:15:36 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16400_none_ebf9dccf6c73e561\comctl32.dll MOD - [2009/11/25 07:15:36 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe MOD - [2009/11/10 11:09:24 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2009/11/10 10:19:56 | 001,228,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\resources\en-US\res_msgr.dll MOD - [2009/07/14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2009/07/14 02:16:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll MOD - [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009/07/14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll MOD - [2009/07/14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009/07/14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2009/07/14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2009/07/14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2009/07/14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009/07/14 02:16:18 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll MOD - [2009/07/14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2009/07/14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009/07/14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009/07/14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009/07/14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll MOD - [2009/07/14 02:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll MOD - [2009/07/14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009/07/14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2009/07/14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009/07/14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009/07/14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009/07/14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll MOD - [2009/07/14 02:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009/07/14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009/07/14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009/07/14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009/07/14 02:16:12 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll MOD - [2009/07/14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009/07/14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009/07/14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll MOD - [2009/07/14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll MOD - [2009/07/14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009/07/14 02:16:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qmgrprxy.dll MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009/07/14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009/07/14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll MOD - [2009/07/14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009/07/14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll MOD - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009/07/14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2009/07/14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009/07/14 02:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2009/07/14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009/07/14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2009/07/14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2009/07/14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009/07/14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009/07/14 02:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2009/07/14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2009/07/14 02:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2009/07/14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll MOD - [2009/07/14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2009/07/14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009/07/14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll MOD - [2009/07/14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009/07/14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009/07/14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll MOD - [2009/07/14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009/07/14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009/07/14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll MOD - [2009/07/14 02:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll MOD - [2009/07/14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009/07/14 02:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009/07/14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009/07/14 02:15:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll MOD - [2009/07/14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2009/07/14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009/07/14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009/07/14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009/07/14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009/07/14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009/07/14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009/07/14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009/07/14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009/07/14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009/07/14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll MOD - [2009/06/10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll MOD - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe MOD - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll MOD - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/09/08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009/04/17 09:47:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV:[b]64bit:[/b] - [2009/04/12 02:26:35 | 000,578,878 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\Shahed.exe -- (.EsetTrialReset) SRV:[b]64bit:[/b] - [2009/03/19 11:48:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/12 19:14:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/21 20:40:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011/10/20 16:48:16 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011/09/08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/09/08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:[b]64bit:[/b] - [2011/08/17 10:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:[b]64bit:[/b] - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:[b]64bit:[/b] - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2011/06/06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2010/04/09 08:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2010/04/07 10:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:[b]64bit:[/b] - [2010/03/25 03:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:[b]64bit:[/b] - [2009/10/21 21:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse) DRV:[b]64bit:[/b] - [2009/10/21 21:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp) DRV:[b]64bit:[/b] - [2009/10/07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - [2009/09/30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009/09/24 07:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup) DRV:[b]64bit:[/b] - [2009/09/22 16:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2009/08/21 13:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:[b]64bit:[/b] - [2009/08/21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:[b]64bit:[/b] - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009/07/04 18:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:[b]64bit:[/b] - [2009/07/02 07:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:[b]64bit:[/b] - [2009/07/01 17:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:[b]64bit:[/b] - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2009/06/25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2009/06/25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:[b]64bit:[/b] - [2009/06/13 01:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) DRV:[b]64bit:[/b] - [2009/06/13 01:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/05/12 13:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR) DRV:[b]64bit:[/b] - [2009/05/05 05:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64) DRV:[b]64bit:[/b] - [2009/05/05 05:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64) DRV:[b]64bit:[/b] - [2009/04/16 11:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1) DRV:[b]64bit:[/b] - [2009/03/19 11:46:04 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,164,936 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:[b]64bit:[/b] - [2009/03/19 11:44:36 | 000,134,024 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2009/03/19 11:41:42 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon) DRV:[b]64bit:[/b] - [2009/02/11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2008/10/09 14:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:[b]64bit:[/b] - [2008/07/09 15:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64) DRV:[b]64bit:[/b] - [2008/05/15 22:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:[b]64bit:[/b] - [2008/04/15 15:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64) DRV:[b]64bit:[/b] - [2008/04/15 15:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64) DRV:[b]64bit:[/b] - [2008/01/18 05:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) DRV:[b]64bit:[/b] - [2008/01/03 19:13:48 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC230NC.SYS -- (SPC230NC) DRV:[b]64bit:[/b] - [2007/11/13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680) DRV:[b]64bit:[/b] - [2007/10/03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:[b]64bit:[/b] - [2007/10/03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:[b]64bit:[/b] - [2007/10/03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132) DRV:[b]64bit:[/b] - [2007/09/26 15:32:52 | 000,009,472 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAEAFLT.sys -- (PAEAFLT.sys) DRV:[b]64bit:[/b] - [2007/06/01 10:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531) DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2007/05/11 18:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2007/04/11 22:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) DRV:[b]64bit:[/b] - [2007/04/11 22:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) DRV:[b]64bit:[/b] - [2007/04/11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r) DRV:[b]64bit:[/b] - [2007/02/01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r) DRV:[b]64bit:[/b] - [2007/01/24 17:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP) DRV:[b]64bit:[/b] - [2006/11/10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114) DRV:[b]64bit:[/b] - [2006/11/02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124) DRV:[b]64bit:[/b] - [2006/11/01 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2006/09/20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:[b]64bit:[/b] - [2006/09/18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv) DRV:[b]64bit:[/b] - [2005/09/23 00:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=4637160c-2373-11e1-b02c-00158315a310&q={searchTerms} IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{EF40BF94-9292-4001-BB9B-719C402D3AF2}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120104,0,0,0,0 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.41108.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\David\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/01/25 21:44:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 20:40:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/04 20:51:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/10/06 14:53:05 | 000,000,000 | ---D | M] [2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions [2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} [2012/06/27 20:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/10 23:57:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/07/21 20:40:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/04 20:51:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2012/07/15 12:37:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/15 12:37:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/01/11 23:00:46 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps) O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) O4:[b]64bit:[/b] - HKLM..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [ares] "F:\Programy\Ares\Ares.exe" -h File not found O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Gadu-Gadu 10] F:\Programy\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RGSC] D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [WeatherBugAlert] C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\hpzinstall.log () O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\mtbjfghn.xbe () O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt () O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt () O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt () O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Desktop [2013/01/14 18:54:18 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\NTUSER.DAT () O4 - Startup: C:\Users\David\ntuser.dat.LOG1 () O4 - Startup: C:\Users\David\ntuser.dat.LOG2 () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\ntuser.ini () O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.2.132 62.179.2.133 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{819D1C69-4F04-42F6-AC7B-4697F4CAEE0E}: DhcpNameServer = 62.179.2.132 62.179.2.133 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell\AutoRun\command - "" = K:\iStudio.exe O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell - "" = AutoRun O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- C:\Conduit [2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- \Conduit [2012/12/25 19:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [cswos.com] [2012/12/03 19:13:34 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012/12/03 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012/11/29 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012/11/22 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012/11/22 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/11/22 07:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/11/22 07:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/11/21 21:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/11/21 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inixsoft [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2013/01/14 19:05:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/14 18:56:48 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 18:56:48 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 18:53:38 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/14 18:53:38 | 000,630,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/14 18:53:38 | 000,112,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/14 18:49:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/14 18:49:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/13 20:39:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/13 16:32:45 | 000,000,192 | ---- | M] () -- C:\Windows\winamp.ini [2013/01/13 15:45:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013/01/12 11:56:35 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/25 19:16:01 | 000,000,913 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk [2012/12/25 13:07:27 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/03 19:13:34 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012/12/02 19:23:45 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2012/11/29 20:51:13 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/22 07:00:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/12 11:56:35 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/11 22:10:16 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk [2012/12/25 19:16:01 | 000,000,913 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk [2012/12/02 19:23:45 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012/11/29 20:51:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 20:51:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/05/23 16:31:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012/04/19 18:20:53 | 000,921,632 | ---- | C] () -- \SPC230NC.DAT [2012/02/18 16:09:47 | 000,000,842 | ---- | C] () -- C:\Windows\SysWow64\SPC230NC.INI [2012/02/18 16:09:24 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011/11/30 14:56:57 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini [2011/11/30 14:51:55 | 000,000,968 | ---- | C] () -- C:\Windows\unins000.dat [2011/10/06 16:20:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2005/09/22 20:09:38 | 000,894,976 | ---- | C] () -- \msdia80.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2012/05/08 16:13:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo [2011/10/20 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009/11/30 07:49:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Diskeeper Corporation [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS [2011/12/12 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core [2011/12/12 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts [2009/11/15 00:05:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2011/12/07 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gadu-Gadu 10 [2012/03/31 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Local Settings [2009/11/29 19:53:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\Messenger Plus! [2012/11/25 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin [2012/02/20 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony [2009/11/29 20:56:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Stardock [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2012/03/11 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\Telefónica [2012/11/26 17:10:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2011/10/27 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Trusteer [2012/11/29 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ubisoft [2011/10/09 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uniblue [2012/01/25 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\W3i [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Application Data [2011/10/06 19:55:08 | 000,000,000 | R--D | M] -- C:\Users\David\Contacts [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Cookies [2013/01/14 19:05:59 | 000,000,000 | R--D | M] -- C:\Users\David\Desktop [2013/01/10 20:21:05 | 000,000,000 | R--D | M] -- C:\Users\David\Documents [2012/10/02 17:56:34 | 000,000,000 | R--D | M] -- C:\Users\David\Downloads [2011/11/30 14:58:20 | 000,000,000 | R--D | M] -- C:\Users\David\Favorites [2012/09/24 11:05:13 | 000,000,000 | --SD | M] -- C:\Users\David\Gry [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] -- C:\Users\David\InstallAnywhere [2012/12/23 13:46:26 | 000,000,000 | R--D | M] -- C:\Users\David\Links [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Local Settings [2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Music [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\NetHood [2012/09/24 11:03:35 | 000,000,000 | R--D | M] -- C:\Users\David\Pictures [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Recent [2011/10/07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\David\Saved Games [2011/11/16 21:07:08 | 000,000,000 | R--D | M] -- C:\Users\David\Searches [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Templates [2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Videos [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2011/10/20 19:38:06 | 000,000,000 | --SD | M] -- C:\Users\Public\Documents [2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Pictures [2011/10/24 15:50:51 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Videos [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< :OTL >[/color] [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 06:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/10/09 20:15:13 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011/10/09 20:15:14 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012/04/04 21:03:47 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [color=#A23BEC]< IE - HKLM\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color] [color=#A23BEC]< IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2481033 >[/color] [color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2481033 >[/color] Invalid Switch: search.condui...&ctid=CT2481033 [color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color] [color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} >[/color] [color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/...q={searchTerms} >[/color] [color=#A23BEC]< IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2481033 >[/color] [color=#A23BEC]< O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color] [color=#A23BEC]< O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color] [color=#A23BEC]< O3 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files (x86)\Ashampoo_PO\prxtbAsh0.dll (Conduit Ltd.) >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 10 11:53:24 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 08 16:13:37 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 06 16:21:10 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 20 16:47:38 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 30 07:49:13 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 16 10:54:51 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 12 21:40:10 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 12 21:40:09 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 15 00:05:20 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 07 17:26:52 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 10 11:46:47 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 09 22:41:21 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\hpzinstall.log () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 31 19:02:06 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 16 16:35:18 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 29 19:39:11 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 29 19:53:37 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M] >[/color] Invalid Switch: 17 19:40:12 | 000,000,000 | --SD | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 24 13:50:00 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 27 20:32:23 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\mtbjfghn.xbe () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 16 16:03:37 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 21 11:09:12 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 25 21:44:43 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 25 20:28:45 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 22 07:00:09 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 20 16:39:48 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 29 20:56:06 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 04 20:52:05 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 25 21:44:49 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 11 15:08:43 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 26 17:10:54 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 27 12:55:50 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 29 21:04:08 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 09 21:09:20 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 29 19:15:41 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 25 21:44:46 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 09 03:34:50 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] >[/color] Invalid Switch: 25 21:45:10 | 000,000,000 | -H-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 31 19:08:37 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] >[/color] Invalid Switch: 01 03:04:50 | 000,000,000 | -H-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] >[/color] Invalid Switch: 31 13:40:00 | 000,000,000 | -H-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -H-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 06 19:55:08 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Desktop [2013/01/13 20:42:56 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 13 20:42:56 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 10 20:21:05 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 02 17:56:34 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 30 14:58:20 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M] >[/color] Invalid Switch: 24 11:05:13 | 000,000,000 | --SD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] >[/color] Invalid Switch: 20 19:07:10 | 000,000,000 | -H-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 23 13:46:26 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 15 15:37:20 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\ntuser.dat.LOG1 () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\ntuser.dat.LOG2 () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\ntuser.ini () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 24 11:03:35 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 07 16:37:15 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 16 21:07:08 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 06 14:52:26 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 15 15:37:20 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] >[/color] Invalid Switch: 14 04:20:08 | 000,000,000 | -H-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () >[/color] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | ---D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] >[/color] Invalid Switch: 14 06:08:56 | 000,000,000 | -HSD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] >[/color] Invalid Switch: 12 11:56:35 | 000,000,000 | RH-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M] >[/color] Invalid Switch: 20 19:38:06 | 000,000,000 | --SD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 14 05:54:24 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] >[/color] Invalid Switch: 14 03:34:59 | 000,000,000 | RH-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] >[/color] Invalid Switch: 29 19:03:42 | 000,000,000 | RH-D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] >[/color] Invalid Switch: 01 03:07:11 | 000,000,000 | --SD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M] >[/color] Invalid Switch: 01 03:07:11 | 000,000,000 | --SD | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M] >[/color] Invalid Switch: 24 15:50:51 | 000,000,000 | R--D | M] [color=#A23BEC]< O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M] >[/color] Invalid Switch: 01 03:07:11 | 000,000,000 | --SD | M] [color=#A23BEC]< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat >[/color] [color=#A23BEC]< @Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F >[/color] [color=#A23BEC]< @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< :Files >[/color] [color=#A23BEC]< C:\Program Files (x86)\Ashampoo_PO >[/color] [color=#A23BEC]< C:\Conduit >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F < End of report > [/log] 2. [log] # AdwCleaner v2.105 - Logfile created 01/14/2013 at 19:09:41 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Ultimate (64 bits) # User : David - DAVID-PC # Boot Mode : Normal # Running from : C:\Users\David\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Ashampoo_PO Deleted on reboot : C:\Program Files (x86)\Conduit Deleted on reboot : C:\Program Files (x86)\Free Offers from Freeze.com Deleted on reboot : C:\Program Files (x86)\StartSearch plugin Deleted on reboot : C:\Users\David\AppData\Local\TempDir Deleted on reboot : C:\Users\David\AppData\LocalLow\Ashampoo_PO Deleted on reboot : C:\Users\David\AppData\LocalLow\Conduit Deleted on reboot : C:\Users\David\AppData\LocalLow\PriceGong File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Ashampoo_PO Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\Software\Ashampoo_PO Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481033 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E84FA5-206A-4513-AC27-F8FA09480D78} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E84FA5-206A-4513-AC27-F8FA09480D78} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AF7557E-7BA9-4223-ACA8-2BC02795D4D0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A45746AB-1BF7-4CAB-9DF6-5558C31F7342} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_PO Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481033 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\esltif73.default\prefs.js [OK] File is clean. -\\ Opera v12.12.1707.0 File : C:\Users\David\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [4980 octets] - [14/01/2013 19:09:41] ########## EOF - C:\AdwCleaner[S1].txt - [5040 octets] ########## [/log] 3. [log] OTL logfile created on: 14/01/2013 20:38:27 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.42% Memory free 6.49 Gb Paging File | 4.85 Gb Available in Paging File | 74.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195.21 Gb Total Space | 115.65 Gb Free Space | 59.24% Space Free | Partition Type: NTFS Drive D: | 146.48 Gb Total Space | 87.76 Gb Free Space | 59.91% Space Free | Partition Type: NTFS Drive E: | 146.48 Gb Total Space | 76.77 Gb Free Space | 52.41% Space Free | Partition Type: NTFS Drive F: | 97.65 Gb Total Space | 89.32 Gb Free Space | 91.47% Space Free | Partition Type: NTFS Drive G: | 112.70 Gb Total Space | 96.84 Gb Free Space | 85.92% Space Free | Partition Type: NTFS Computer Name: DAVID-PC | User Name: David | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe PRC - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe PRC - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe PRC - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe PRC - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe PRC - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe PRC - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe PRC - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2013/01/13 20:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe MOD - [2012/12/26 17:29:51 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe MOD - [2012/12/26 17:29:49 | 016,185,832 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.dll MOD - [2012/12/14 16:49:28 | 002,171,240 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll MOD - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe MOD - [2012/12/14 16:49:28 | 000,508,264 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll MOD - [2012/12/12 19:14:55 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012/12/03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe MOD - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe MOD - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTLite.exe MOD - [2011/08/02 08:33:20 | 004,159,808 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\Engine.dll MOD - [2011/08/02 08:33:06 | 003,578,176 | ---- | M] (DT Soft Ltd) -- F:\Programy\DAEMON Tools Lite\DTCommonRes.dll MOD - [2011/07/12 15:20:44 | 000,316,736 | ---- | M] (DT Soft Ltd.) -- F:\Programy\DAEMON Tools Lite\imgengine.dll MOD - [2010/02/22 16:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe MOD - [2009/11/25 07:27:51 | 001,152,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009/11/25 07:26:17 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009/11/25 07:26:17 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009/11/25 07:22:56 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009/11/25 07:22:53 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2009/11/25 07:21:59 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009/11/25 07:21:51 | 001,124,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009/11/25 07:21:51 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009/11/25 07:20:53 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009/11/25 07:17:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2009/11/25 07:15:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll MOD - [2009/11/25 07:15:36 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009/11/25 07:15:36 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16400_none_ebf9dccf6c73e561\comctl32.dll MOD - [2009/11/25 07:15:36 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009/11/10 11:09:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe MOD - [2009/11/10 11:09:24 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2009/11/10 10:19:56 | 001,228,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\resources\en-US\res_msgr.dll MOD - [2009/07/14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2009/07/14 02:16:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll MOD - [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009/07/14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2009/07/14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009/07/14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2009/07/14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009/07/14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2009/07/14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009/07/14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009/07/14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009/07/14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2009/07/14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009/07/14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009/07/14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009/07/14 02:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009/07/14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009/07/14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009/07/14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009/07/14 02:16:12 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll MOD - [2009/07/14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009/07/14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009/07/14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll MOD - [2009/07/14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll MOD - [2009/07/14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009/07/14 02:16:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qmgrprxy.dll MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009/07/14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009/07/14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009/07/14 02:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2009/07/14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009/07/14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009/07/14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2009/07/14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2009/07/14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009/07/14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009/07/14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2009/07/14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll MOD - [2009/07/14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009/07/14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009/07/14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009/07/14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009/07/14 02:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009/07/14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009/07/14 02:15:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll MOD - [2009/07/14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2009/07/14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009/07/14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009/07/14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009/07/14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009/07/14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009/07/14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009/07/14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009/07/14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009/07/14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll MOD - [2009/06/10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll MOD - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe MOD - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll MOD - [2004/12/20 19:41:22 | 000,033,792 | ---- | M] () -- F:\Programy\Winamp\winampa.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/09/08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009/04/17 09:47:50 | 001,995,544 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV:[b]64bit:[/b] - [2009/04/12 02:26:35 | 000,578,878 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\Shahed.exe -- (.EsetTrialReset) SRV:[b]64bit:[/b] - [2009/03/19 11:48:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2009/03/19 11:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/12 19:14:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/21 20:40:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010/08/02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011/10/20 16:48:16 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011/09/08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/09/08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:[b]64bit:[/b] - [2011/08/17 10:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:[b]64bit:[/b] - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:[b]64bit:[/b] - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2011/06/06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2010/04/09 08:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2010/04/07 10:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:[b]64bit:[/b] - [2010/03/25 03:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:[b]64bit:[/b] - [2009/11/25 07:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:[b]64bit:[/b] - [2009/10/21 21:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse) DRV:[b]64bit:[/b] - [2009/10/21 21:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp) DRV:[b]64bit:[/b] - [2009/10/07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - [2009/09/30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009/09/24 07:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup) DRV:[b]64bit:[/b] - [2009/09/22 16:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2009/08/21 13:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:[b]64bit:[/b] - [2009/08/21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:[b]64bit:[/b] - [2009/07/26 23:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:[b]64bit:[/b] - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009/07/04 18:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:[b]64bit:[/b] - [2009/07/02 07:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:[b]64bit:[/b] - [2009/07/01 17:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:[b]64bit:[/b] - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:[b]64bit:[/b] - [2009/06/25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:[b]64bit:[/b] - [2009/06/25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:[b]64bit:[/b] - [2009/06/13 01:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) DRV:[b]64bit:[/b] - [2009/06/13 01:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/05/12 13:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR) DRV:[b]64bit:[/b] - [2009/05/05 05:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64) DRV:[b]64bit:[/b] - [2009/05/05 05:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64) DRV:[b]64bit:[/b] - [2009/04/16 11:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1) DRV:[b]64bit:[/b] - [2009/03/19 11:46:04 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,164,936 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2009/03/19 11:45:56 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:[b]64bit:[/b] - [2009/03/19 11:44:36 | 000,134,024 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2009/03/19 11:41:42 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon) DRV:[b]64bit:[/b] - [2009/02/11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2008/10/09 14:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:[b]64bit:[/b] - [2008/07/09 15:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64) DRV:[b]64bit:[/b] - [2008/05/15 22:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:[b]64bit:[/b] - [2008/04/15 15:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64) DRV:[b]64bit:[/b] - [2008/04/15 15:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64) DRV:[b]64bit:[/b] - [2008/01/18 05:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) DRV:[b]64bit:[/b] - [2008/01/03 19:13:48 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC230NC.SYS -- (SPC230NC) DRV:[b]64bit:[/b] - [2007/11/13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680) DRV:[b]64bit:[/b] - [2007/10/03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:[b]64bit:[/b] - [2007/10/03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:[b]64bit:[/b] - [2007/10/03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132) DRV:[b]64bit:[/b] - [2007/09/26 15:32:52 | 000,009,472 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAEAFLT.sys -- (PAEAFLT.sys) DRV:[b]64bit:[/b] - [2007/06/01 10:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531) DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2007/05/11 18:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2007/04/11 22:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) DRV:[b]64bit:[/b] - [2007/04/11 22:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) DRV:[b]64bit:[/b] - [2007/04/11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r) DRV:[b]64bit:[/b] - [2007/02/01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r) DRV:[b]64bit:[/b] - [2007/01/24 17:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP) DRV:[b]64bit:[/b] - [2006/11/10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114) DRV:[b]64bit:[/b] - [2006/11/02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124) DRV:[b]64bit:[/b] - [2006/11/01 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2006/09/20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:[b]64bit:[/b] - [2006/09/18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv) DRV:[b]64bit:[/b] - [2005/09/23 00:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=4637160c-2373-11e1-b02c-00158315a310&q={searchTerms} IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{68CAD4C2-94EA-4792-B99B-F8726276E541}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\..\SearchScopes\{EF40BF94-9292-4001-BB9B-719C402D3AF2}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120104,0,0,0,0 IE - HKU\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.41108.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\David\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/01/25 21:44:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 20:40:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/14 19:09:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/10/06 14:53:05 | 000,000,000 | ---D | M] [2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions [2012/05/08 16:14:00 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} [2012/06/27 20:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/10 23:57:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/07/21 20:40:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/04 20:51:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/07/15 12:37:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/15 12:37:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/01/11 23:00:46 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) O4:[b]64bit:[/b] - HKLM..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [ares] "F:\Programy\Ares\Ares.exe" -h File not found O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DAEMON Tools Lite] F:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Gadu-Gadu 10] F:\Programy\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RGSC] D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2465994285-61389061-1913302713-1005..\Run: [WeatherBugAlert] C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\All Users\Adobe [2011/10/10 11:53:24 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\ashampoo [2012/05/08 16:13:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ATI [2011/10/06 16:21:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011/10/20 16:47:38 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Diskeeper Corporation [2009/11/30 07:49:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DSS [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\EA Core [2011/12/12 21:40:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Electronic Arts [2011/12/12 21:40:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ESET [2009/11/15 00:05:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2011/12/07 17:26:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Hewlett-Packard [2011/10/10 11:46:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\HP [2011/11/09 22:41:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\hpzinstall.log () O4 - Startup: C:\Users\All Users\Local Settings [2012/03/31 19:02:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2011/12/16 16:35:18 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2009/11/29 19:39:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Messenger Plus! [2009/11/29 19:53:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2012/04/17 19:40:12 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\Microsoft Help [2012/02/24 13:50:00 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Mozilla [2012/06/27 20:32:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\mtbjfghn.xbe () O4 - Startup: C:\Users\All Users\Nero [2012/05/16 16:03:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Norton [2012/02/21 11:09:12 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NortonInstaller [2012/01/25 21:44:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NOTEPAD.EXE-x.txt () O4 - Startup: C:\Users\All Users\Origin [2012/11/25 20:28:45 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\REGSVR32.EXE-x.txt () O4 - Startup: C:\Users\All Users\RUNDLL32.EXE-x.txt () O4 - Startup: C:\Users\All Users\Skype [2012/11/22 07:00:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sony [2012/02/20 16:39:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Stardock [2009/11/29 20:56:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Sun [2012/04/04 20:52:05 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Symantec [2012/01/25 21:44:49 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Telefónica [2012/03/11 15:08:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\TEMP [2012/11/26 17:10:54 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Trusteer [2011/10/27 12:55:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ubisoft [2012/11/29 21:04:08 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Uniblue [2011/10/09 21:09:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\VMware [2009/11/29 19:15:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\W3i [2012/01/25 21:44:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Yahoo! [2009/12/09 03:34:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\Application Data [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Contacts [2011/10/06 19:55:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Cookies [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Desktop [2013/01/14 19:05:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Documents [2013/01/10 20:21:05 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Downloads [2012/10/02 17:56:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Favorites [2011/11/30 14:58:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Gry [2012/09/24 11:05:13 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\David\InstallAnywhere [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\David\Links [2012/12/23 13:46:26 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\Local Settings [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Music [2011/10/15 15:37:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\NetHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\NTUSER.DAT () O4 - Startup: C:\Users\David\ntuser.dat.LOG1 () O4 - Startup: C:\Users\David\ntuser.dat.LOG2 () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{6ab3caf2-12df-11e1-a87b-00158315a310}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TM.blf () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\David\NTUSER.DAT{72d3d2af-3940-11e1-b6a2-00158315a310}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\David\ntuser.ini () O4 - Startup: C:\Users\David\Pictures [2012/09/24 11:03:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Recent [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Saved Games [2011/10/07 16:37:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\David\Searches [2011/11/16 21:07:08 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Templates [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\David\Videos [2011/10/15 15:37:20 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Desktop [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2011/10/20 19:38:06 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Libraries [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Pictures [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\Public\Recorded TV [2011/10/24 15:50:51 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Videos [2009/12/01 03:07:11 | 000,000,000 | --SD | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41064 = C:\PROGRA~3\LOCALS~1\Temp\msygea.bat O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.2.132 62.179.2.133 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{819D1C69-4F04-42F6-AC7B-4697F4CAEE0E}: DhcpNameServer = 62.179.2.132 62.179.2.133 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{2ea0f472-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{2ea0f4b3-0ef2-11e1-b392-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{3aa0c0f0-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{3aa0c0f2-6ea8-11e1-9f61-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{4db4cf43-07f2-11e1-b162-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{6df72f65-0b0f-11e1-868f-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9caa8c70-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9caa8c72-0b7f-11e1-ba4b-00158315a310}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9ee04b3a-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{9ee04b3c-6d17-11e1-a25e-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{afab87ec-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{afab87fc-6b82-11e1-82b8-00158315a310}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell - "" = AutoRun O33 - MountPoints2\{cce37407-8c61-11e1-b73d-00158315a310}\Shell\AutoRun\command - "" = K:\iStudio.exe O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{da9f5423-f044-11e0-ab00-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell - "" = AutoRun O33 - MountPoints2\{da9f5441-f044-11e0-ab00-d027880b62e9}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- C:\Conduit [2013/01/10 20:31:32 | 000,000,000 | ---D | C] -- \Conduit [2012/12/25 19:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [cswos.com] [2012/12/03 19:13:34 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012/12/03 18:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012/11/29 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012/11/22 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012/11/22 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/11/22 07:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/11/22 07:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/11/21 21:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/11/21 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inixsoft [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2013/01/14 20:39:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/14 20:38:47 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 20:38:47 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 20:35:40 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/14 20:35:40 | 000,630,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/14 20:35:40 | 000,112,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/14 20:31:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/14 20:31:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/14 19:05:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/13 16:32:45 | 000,000,192 | ---- | M] () -- C:\Windows\winamp.ini [2013/01/13 15:45:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013/01/12 11:56:35 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/25 19:16:01 | 000,000,913 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk [2012/12/25 13:07:27 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/03 19:13:34 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012/12/02 19:23:45 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2012/11/29 20:51:13 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 20:51:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/22 07:00:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/12 11:56:35 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/11 22:10:16 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk [2012/12/25 19:16:01 | 000,000,913 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Counter-Strike 1.6.lnk [2012/12/02 19:23:45 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012/11/29 20:51:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 20:51:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/05/23 16:31:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012/04/19 18:20:53 | 000,921,632 | ---- | C] () -- \SPC230NC.DAT [2012/02/18 16:09:47 | 000,000,842 | ---- | C] () -- C:\Windows\SysWow64\SPC230NC.INI [2012/02/18 16:09:24 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011/11/30 14:56:57 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini [2011/11/30 14:51:55 | 000,000,968 | ---- | C] () -- C:\Windows\unins000.dat [2011/10/06 16:20:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2005/09/22 20:09:38 | 000,894,976 | ---- | C] () -- \msdia80.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2012/05/08 16:13:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo [2011/10/20 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009/11/30 07:49:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Diskeeper Corporation [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2012/09/16 10:54:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS [2011/12/12 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core [2011/12/12 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts [2009/11/15 00:05:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2011/12/07 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gadu-Gadu 10 [2012/03/31 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Local Settings [2009/11/29 19:53:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\Messenger Plus! [2012/11/25 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin [2012/02/20 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony [2009/11/29 20:56:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Stardock [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2012/03/11 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\Telefónica [2012/11/26 17:10:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2011/10/27 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Trusteer [2012/11/29 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ubisoft [2011/10/09 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Uniblue [2012/01/25 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\W3i [2012/01/25 21:45:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C} [2012/03/31 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2009/12/01 03:04:50 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC} [2011/12/31 13:40:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486} [2011/10/06 14:52:26 | 000,000,000 | -H-D | M] -- C:\Users\David\AppData [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Application Data [2011/10/06 19:55:08 | 000,000,000 | R--D | M] -- C:\Users\David\Contacts [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Cookies [2013/01/14 19:05:59 | 000,000,000 | R--D | M] -- C:\Users\David\Desktop [2013/01/10 20:21:05 | 000,000,000 | R--D | M] -- C:\Users\David\Documents [2012/10/02 17:56:34 | 000,000,000 | R--D | M] -- C:\Users\David\Downloads [2011/11/30 14:58:20 | 000,000,000 | R--D | M] -- C:\Users\David\Favorites [2012/09/24 11:05:13 | 000,000,000 | --SD | M] -- C:\Users\David\Gry [2011/10/20 19:07:10 | 000,000,000 | -H-D | M] -- C:\Users\David\InstallAnywhere [2012/12/23 13:46:26 | 000,000,000 | R--D | M] -- C:\Users\David\Links [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Local Settings [2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Music [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\My Documents [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\NetHood [2012/09/24 11:03:35 | 000,000,000 | R--D | M] -- C:\Users\David\Pictures [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\PrintHood [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Recent [2011/10/07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\David\Saved Games [2011/11/16 21:07:08 | 000,000,000 | R--D | M] -- C:\Users\David\Searches [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\SendTo [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Start Menu [2011/10/06 14:52:26 | 000,000,000 | -HSD | M] -- C:\Users\David\Templates [2011/10/15 15:37:20 | 000,000,000 | R--D | M] -- C:\Users\David\Videos [2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2013/01/12 11:56:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2011/10/20 19:38:06 | 000,000,000 | --SD | M] -- C:\Users\Public\Documents [2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2009/11/29 19:03:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Music [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Pictures [2011/10/24 15:50:51 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV [2009/12/01 03:07:11 | 000,000,000 | --SD | M] -- C:\Users\Public\Videos [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:CE2C623F @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CE2C623F < End of report > [/log] i RSIT log: [log] Logfile of random's system information tool 1.09 (written by random/random) Run by David at 2013-01-14 20:52:42 Microsoft Windows 7 Extreme Edition R1 - x64 System drive C: has 118 GB (59%) free of 200 GB Total RAM: 3326 MB (52% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:53:01, on 14/01/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Philips\SPC230NC\Monitor.exe C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe F:\Programy\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe F:\Programy\Winamp\winampa.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\Opera\opera.exe C:\Users\David\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\David.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [WinampAgent] F:\Programy\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [WeatherBugAlert] "C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe" /st O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [RGSC] D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe O4 - HKCU\..\Run: [Gadu-Gadu 10] "F:\Programy\Gadu-Gadu 10\gg.exe" O4 - HKCU\..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [ares] "F:\Programy\Ares\Ares.exe" -h O4 - HKLM\..\Policies\Explorer\Run: [41064] C:\PROGRA~3\LOCALS~1\Temp\msygea.bat O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: TrayMin230.lnk = C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programy\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Trial Reset (.EsetTrialReset) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\Shahed.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TGCM_ImportWiFiSvc - Unknown owner - C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10303 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\esltif73.default "crossriderapp1950@crossrider.com"=C:\Users\David\AppData\Local\RewardsArcadeSuite\1950\Firefox [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.5.502.135 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6] "Description"=Yahoo Messenger State Plugin "Path"=C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.41108.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450] "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In "Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448] "Description"=6.0.12.448 "Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll nppl3260.xpt nsJSRealPlayerPlugin.xpt C:\Program Files (x86)\Mozilla Firefox\plugins\ npdeployJava1.dll nppdf32.dll nppl3260.dll nprpjplug.dll C:\Program Files (x86)\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-04 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6EF6C45-5E8D-4c3b-B580-A5073261A381}] RewardsArcadeSuite - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll [2011-11-03 528216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-04 42272] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"=F:\Programy\Winamp\winampa.exe [2004-12-20 33792] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-09-08 343168] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-02 35696] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "41064"=C:\PROGRA~3\LOCALS~1\Temp\msygea.bat [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WeatherBugAlert"=C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe [2010-02-22 442368] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072] "RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616] "RGSC"=D:\GTA CZTERY\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064] "Messenger (Yahoo!)"=C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216] "InstallIQUpdater"=C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [2011-10-11 1179648] "HUAWEI 3G Data Card MTS"=C:\Program Files (x86)\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe [2008-01-27 344064] "Gadu-Gadu 10"=F:\Programy\Gadu-Gadu 10\gg.exe [2011-07-04 13374048] "DriverScanner"=C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe delay 20000 [] "DAEMON Tools Lite"=F:\Programy\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912] "ares"=F:\Programy\Ares\Ares.exe -h [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup TrayMin230.lnk - C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll [2008-05-15 65536] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "SynchronousMachineGroupPolicy"=0 "SynchronousUserGroupPolicy"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "msacm.siren"=sirenacm.dll "VIDC.DIVX"=divx.dll "VIDC.XVID"=xvidvfw.dll "VIDC.YV12"=yv12vfw.dll "msacm.ac3acm"=ac3acm.acm "msacm.lameacm"=lameACM.acm "VIDC.FFDS"=C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux1"=wdmaud.drv "vidc.VP60"=C:\Windows\system32\vp6vfw.dll "vidc.VP61"=C:\Windows\system32\vp6vfw.dll "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux2"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux3"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-01-14 20:52:47 ----D---- C:\Program Files (x86)\trend micro 2013-01-14 20:52:42 ----D---- C:\rsit 2013-01-14 19:09:41 ----A---- C:\AdwCleaner[S1].txt 2013-01-10 20:31:32 ----D---- C:\Conduit ======List of files/folders modified in the last 1 month====== 2013-01-14 20:52:54 ----D---- C:\Windows\Temp 2013-01-14 20:52:47 ----RD---- C:\Program Files (x86) 2013-01-14 20:35:40 ----D---- C:\Windows\System32 2013-01-14 20:35:40 ----D---- C:\Windows\inf 2013-01-14 19:12:02 ----D---- C:\Windows 2013-01-13 16:32:45 ----A---- C:\Windows\winamp.ini 2013-01-13 15:45:15 ----A---- C:\Windows\NeroDigital.ini 2013-01-13 15:12:42 ----D---- C:\Windows\Logs 2013-01-13 14:20:01 ----D---- C:\Windows\SoftwareDistribution 2013-01-13 14:19:37 ----D---- C:\Users\David\AppData\Roaming\uTorrent 2013-01-12 11:57:23 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-11 22:16:25 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-01-11 22:10:16 ----D---- C:\Windows\pss 2013-01-07 12:59:30 ----D---- C:\Users\David\AppData\Roaming\DAEMON Tools Lite 2012-12-29 18:34:12 ----D---- C:\Windows\SysWOW64\drivers 2012-12-28 21:17:52 ----D---- C:\Users\David\AppData\Roaming\Gadu-Gadu 10 2012-12-28 11:07:47 ----SHD---- C:\System Volume Information 2012-12-27 11:41:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2012-12-27 10:05:32 ----SHD---- C:\Windows\Installer 2012-12-27 10:05:32 ----HD---- C:\ProgramData 2012-12-27 09:36:07 ----D---- C:\Users\David\AppData\Roaming\Sports Interactive 2012-12-26 17:30:03 ----D---- C:\Program Files (x86)\Opera 2012-12-26 14:39:33 ----D---- C:\Users\David\AppData\Roaming\Skype 2012-12-25 19:14:08 ----D---- C:\Windows\Prefetch 2012-12-25 19:11:47 ----D---- C:\Program Files (x86)\Common Files\InstallShield ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 johci;JMicron 1394 Filter Driver; C:\Windows\system32\DRIVERS\johci.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [] R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\DRIVERS\SiRemFil.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [] R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [] R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [] R2 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [] R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [] R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] R3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [] R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [] R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [] R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [] R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] R3 PAEAFLT.sys;USB Composite Device; C:\Windows\system32\DRIVERS\PAEAFLT.sys [] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 SPC230NC;Philips SPC230NC Webcam; C:\Windows\system32\DRIVERS\SPC230NC.SYS [] R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [] R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [] S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [] S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [] S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys [] S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [] S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [] S3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [] S3 hptmv;hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [] S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTVE.sys [] S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS; C:\Windows\system32\DRIVERS\IAMTXPE.sys [] S3 iaStor;iaStor; C:\Windows\system32\DRIVERS\iaStor.sys [] S3 ioatdma;Intel(R) QuickData Technology device; C:\Windows\System32\Drivers\qd260x64.sys [] S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd162x64.sys [] S3 ioatdma2;Intel(R) QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd262x64.sys [] S3 iSSetup;iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [] S3 iteraid;iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [] S3 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [] S3 MegaSR1;MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [] S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [] S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [] S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [] S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [] S3 nvamacpi;nvamacpi; C:\Windows\system32\DRIVERS\NVAMACPI.sys [] S3 nvrd64;nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [] S3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [] S3 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [] S3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [] S3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sdx64.sys [] S3 Pnp680;Pnp680; C:\Windows\system32\DRIVERS\pnp680.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [] S3 rimspci;rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [] S3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [] S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [] S3 risdpcie;risdpcie; C:\Windows\system32\DRIVERS\risdpe64.sys [] S3 rismxdp;rismxdp; C:\Windows\system32\DRIVERS\rixdpx64.sys [] S3 rixdpcie;rixdpcie; C:\Windows\system32\DRIVERS\rixdpe64.sys [] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [] S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS [] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [] S3 SI3112r;SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [] S3 SI3114;SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [] S3 SI3114r;SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [] S3 SI3124;SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [] S3 Si3124r5;Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [] S3 SI3132;SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [] S3 Si3531;Si3531; C:\Windows\system32\DRIVERS\Si3531.sys [] S3 SISAGP;SiS AGP Filter; C:\Windows\system32\DRIVERS\SISAGPX.sys [] S3 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys [] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [] S3 viaagp1;VIA AGP Filter; C:\Windows\system32\DRIVERS\viaagp1.sys [] S3 viamrx64;viamrx64; C:\Windows\system32\DRIVERS\viamrx64.sys [] S3 ViBusX64;ViBusX64; C:\Windows\system32\DRIVERS\ViBusX64.sys [] S3 videX64;videX64; C:\Windows\system32\DRIVERS\videX64.sys [] S3 ViPrtX64;ViPrtX64; C:\Windows\system32\DRIVERS\ViPrtX64.sys [] S3 vm3dmp;vm3dmp; C:\Windows\system32\DRIVERS\vm3dmp.sys [] S3 VMAUDIO;VMware VMaudio (VMAUDIO) (WDM); C:\Windows\system32\drivers\vmaudio.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [] S3 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [] S3 vmmouse;VMware Pointing Device; C:\Windows\system32\DRIVERS\vmmouse.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2009-04-17 1995544] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-03-19 731840] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-11-29 75136] R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc; C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [2010-08-02 199600] S2 .EsetTrialReset;Trial Reset; C:\Program Files\ESET\ESET Smart Security\Shahed.exe [2009-04-12 578878] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 136176] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-03-19 23296] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 136176] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF----------------- [/log] info: [log] info.txt logfile of random's system information tool 1.09 2013-01-14 20:53:03 ======Uninstall list====== -->C:\ProgramData\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}\UMPSetup.exe -->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} µTorrent-->"F:\Programy\uTorrent\uTorrent.exe" /UNINSTALL 3 USB Modem-->C:\PROGRA~2\HUAWEI~1\HUAWEI~1\Uninstall.exe Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001} Assassin's Creed Revelations-->"C:\Program Files (x86)\InstallShield Installation Information\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}\setup.exe" -runfromtemp -l0x0015 -removeonly Carambis Driver Updater-->C:\Program Files (x86)\Carambis\Driver Updater\uninstall.exe Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62} Combined Community Codec Pack 2011-11-11-->"C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe" Connection Manager-->"C:\Program Files (x86)\O2\Connection Manager\Uninstall.exe" Cortona® VRML Client-->C:\PROGRA~2\PARALL~1\CORTON~1\UNWISE32.EXE C:\PROGRA~2\PARALL~1\CORTON~1\Install.log Counter-Strike 1.6 [cswos.com]-->"D:\Counter-Strike 1.6 [cswos.com]\unins000.exe" DAEMON Tools Lite-->F:\Programy\DAEMON Tools Lite\uninst.exe Deluxe Ski Jump 4-->"D:\Deluxe Ski Jump 4\Uninstall\unins000.exe" Football Manager 2012-->"D:\Football Manager 2012\unins000.exe" Free 3GP Video Converter version 5.0.1.1123-->C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe Gadu-Gadu 10-->F:\Programy\Gadu-Gadu 10\Uninstall.exe Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HUAWEI DataCard Driver 4.05.00.00-->C:\Program Files (x86)\HUAWEI Modem Driver\uninst.exe IconPackager-->"C:\ProgramData\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}\IconPackager.exe" REMOVE=TRUE MODIFY=FALSE IconPackager-->C:\ProgramData\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}\IconPackager.exe InstallIQ Updater-->MsiExec.exe /X{8E1CB0F1-67BF-4052-AA23-FA22E94804C1} Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF} KalOnline-->C:\Program Files (x86)\InstallShield Installation Information\{B9174A04-C46A-4142-9D70-7D4E24FB0BF6}\setup.exe -runfromtemp -l0x0015 -removeonly KalOnline-->C:\Program Files (x86)\InstallShield Installation Information\{CCE4507E-7D40-4AEB-84FC-A63C35666A94}\setup.exe -runfromtemp -l0x0009 -removeonly K-Lite Mega Codec Pack 5.5.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" Macromedia Flash Player 8-->MsiExec.exe /X{0A28C610-EE06-4A33-BB56-A2155B524916} Malwarebytes Anti-Malware wersja 1.70.0.1100-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Service Pack 1 Redistributable-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} MojDzwonek.com - konwerter dzwonków TrueTone-->"F:\Programy\Dzwonki\uninstall.exe" Mozilla Firefox 14.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSVCRT Redists-->MsiExec.exe /I{0F733E11-408E-11E1-B5FE-F04DA23A5C58} NapiProjekt (2.0.0.2151)-->"C:\Program Files (x86)\NapiProjekt\unins000.exe" Nero 8 Lite 8.3.2.1-->"C:\Program Files (x86)\Nero\unins000.exe" Niezbêdnik CD-->C:\Windows\unins000.exe Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} Opera 12.12-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe Pazera Free 3GP to AVI Converter 1.4-->"C:\Program Files (x86)\pazera-software\3GP_to_AVI_Converter\unins000.exe" Philips SPC230NC Webcam-->C:\Program Files (x86)\InstallShield Installation Information\{52480FEE-7C32-47B7-95BF-D24374FBB54C}\setup.exe -runfromtemp -l0x0009 -removeonly PunkBuster Services-->C:\Users\David\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe -u Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe" Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053} The Sims™ 3 Ambitions-->"C:\Program Files (x86)\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\Sims3EP02Setup.exe" -runfromtemp -l0x0009 -removeonly The Sims™ 3 Diesel Stuff-->"C:\Program Files (x86)\InstallShield Installation Information\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}\Sims3SP07Setup.exe" -runfromtemp -l0x0009 -removeonly The Sims™ 3 Generations-->"C:\Program Files (x86)\InstallShield Installation Information\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}\Sims3EP04Setup.exe" -runfromtemp -l0x0009 -removeonly The Sims™ 3 Late Night-->"C:\Program Files (x86)\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\Sims3EP03Setup.exe" -runfromtemp -l0x0009 -removeonly The Sims™ 3 Pets-->"C:\Program Files (x86)\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-8A496462F106}\Sims3EP05Setup.exe" -runfromtemp -l0x0009 -removeonly The Sims™ 3 Seasons-->"C:\Program Files (x86)\InstallShield Installation Information\{3DE92282-CB49-434F-81BF-94E5B380E889}\Sims3EP08Setup.exe" -runfromtemp -l0x0009 -removeonly The Sims™ 3 Showtime-->"C:\Program Files (x86)\InstallShield Installation Information\{3BBFD444-5FAB-49F6-98B1-A1954E831399}\Sims3EP06Setup.exe" -runfromtemp -l0x0009 -removeonly The Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0015 -removeonly Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Ultimate Media Player-->"C:\ProgramData\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}\UMPSetup.exe" REMOVE=TRUE MODIFY=FALSE UltraISO Premium V9.35-->"C:\Program Files (x86)\UltraISO\unins000.exe" Universal Extractor 1.6-->"C:\Program Files (x86)\Universal Extractor\unins000.exe" Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C} Vegas Pro 11.0-->MsiExec.exe /X{0BF3B440-408E-11E1-BA79-F04DA23A5C58} WeatherBug Alert-->MsiExec.exe /X{7426428E-71D4-452C-BA13-B14E5EB52859} Winamp (remove only)-->"F:\Programy\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5} Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG ======System event log====== Computer Name: David-PC Event Code: 7000 Message: The Trial Reset service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Record Number: 92738 Source Name: Service Control Manager Time Written: 20120425143852.526034-000 Event Type: Error User: Computer Name: David-PC Event Code: 7009 Message: A timeout was reached (30000 milliseconds) while waiting for the Trial Reset service to connect. Record Number: 92737 Source Name: Service Control Manager Time Written: 20120425143852.526034-000 Event Type: Error User: Computer Name: David-PC Event Code: 36 Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Record Number: 92616 Source Name: volsnap Time Written: 20120424155952.567644-000 Event Type: Error User: Computer Name: David-PC Event Code: 7000 Message: The Trial Reset service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Record Number: 92553 Source Name: Service Control Manager Time Written: 20120424153709.598430-000 Event Type: Error User: Computer Name: David-PC Event Code: 7009 Message: A timeout was reached (30000 milliseconds) while waiting for the Trial Reset service to connect. Record Number: 92552 Source Name: Service Control Manager Time Written: 20120424153709.598430-000 Event Type: Error User: =====Application event log===== Computer Name: David-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-2465994285-61389061-1913302713-1005: Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005 Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005 Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005 Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005 Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\Root Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\CA Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\Disallowed Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\TrustedPeople Process 1476 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\trust Record Number: 4528 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20111024091819.129430-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: David-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 4523 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111024082143.599989-000 Event Type: Error User: Computer Name: David-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-2465994285-61389061-1913302713-1005: Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005 Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Internet Explorer\IETld Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies Process 1508 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Record Number: 4493 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20111023213852.785435-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: David-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 4474 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111023190800.029808-000 Event Type: Error User: Computer Name: David-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-2465994285-61389061-1913302713-1005: Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005 Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005 Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\Root Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Policies\Microsoft\SystemCertificates Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\My Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\CA Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness Process 1420 (\Device\HarddiskVolume2\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2465994285-61389061-1913302713-1005\Software\Microsoft\SystemCertificates\trust Record Number: 4445 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20111023151300.345176-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Security event log===== Computer Name: amit-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 938 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091211192526.921875-000 Event Type: Audit Success User: Computer Name: amit-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: AMIT-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 937 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091211192526.921875-000 Event Type: Audit Success User: Computer Name: amit-PC Event Code: 4738 Message: A user account was changed. Subject: Security ID: S-1-5-21-765963876-391559905-182306359-500 Account Name: Administrator Account Domain: amit-PC Logon ID: 0x18f4b Target Account: Security ID: S-1-5-21-765963876-391559905-182306359-500 Account Name: Administrator Account Domain: amit-PC Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: 0x210 New UAC Value: 0x211 User Account Control: Account Disabled User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: - Record Number: 936 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091211192520.359375-000 Event Type: Audit Success User: Computer Name: amit-PC Event Code: 4725 Message: A user account was disabled. Subject: Security ID: S-1-5-21-765963876-391559905-182306359-500 Account Name: Administrator Account Domain: amit-PC Logon ID: 0x18f4b Target Account: Security ID: S-1-5-21-765963876-391559905-182306359-500 Account Name: Administrator Account Domain: amit-PC Record Number: 935 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091211192520.359375-000 Event Type: Audit Success User: Computer Name: amit-PC Event Code: 1102 Message: The audit log was cleared. Subject: Security ID: S-1-5-21-765963876-391559905-182306359-500 Account Name: Administrator Domain Name: amit-PC Logon ID: 0x18f4b Record Number: 934 Source Name: Microsoft-Windows-Eventlog Time Written: 20091211192508.593750-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files (x86)\Universal Extractor;C:\Program Files (x86)\Universal Extractor\bin;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\ "RGSCLauncher"=D:\GTA CZTERY\Rockstar Games Social Club "RGSC"=D:\GTA CZTERY\Rockstar Games Social Club\1_0_0_0 -----------------EOF----------------- [/log] To ktokolwiek jest w stanie mi pomóc ?
Natsuki Kuga komentarz 15 stycznia 2013 komentarz 15 stycznia 2013 Skrypt do OTL został wykonany niepoprawnie - miałeś kliknąć [b]Wykonaj skrypt,[/b] a nie [b]Skanuj.[/b] Powtórz ten krok, potem wygeneruj nowy zestaw logów i go zaprezentuj.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.