Prosim o preventivku, diky :)

Zpráva

puko · #1 Příspěvek od **puko** » 14 lis 2011 18:24

Logfile of random's system information tool 1.09 (written by random/random)
Run by c1107048 at 2011-11-14 18:12:40
Microsoft Windows 7 Professional
System drive C: has 393 GB (86%) free of 456 GB
Total RAM: 4070 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:12:41, on 2011/11/14
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\c1107048.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://czisa:8080/array.dll?Get.Routing.Script
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wcz.wistron
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wcz.wistron
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wcz.wistron
O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\Program Files (x86)\Common Files\Quest Shared\CodeXpert\qcom.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OracleCSService - Unknown owner - C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe
O23 - Service: OracleOraDb10g_home2SNMPPeerEncapsulator - Unknown owner - C:\oracle\product\10.1.0\Db_1\BIN\ENCSVC.EXE
O23 - Service: OracleOraDb10g_home2SNMPPeerMasterAgent - Unknown owner - C:\oracle\product\10.1.0\Db_1\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16588 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe"
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe"
C:\windows\system32\WLANExt.exe 30903824
\??\C:\windows\system32\conhost.exe
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe"
"c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe"
"c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe"
"c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe"
C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe service
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe"
"c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe monitorOracleCSService 3000
\??\C:\windows\system32\conhost.exe
C:\windows\SysWOW64\CCM\CcmExec.exe
"C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe"
WLIDSvcM.exe 3360
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
atieclxx
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
C:\windows\system32\svchost.exe -k bthsvcs
"C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe"
\??\C:\windows\system32\conhost.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
"C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe" -HideWindow
"C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
C:\windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\STOPzilla!\STOPzilla.exe" /service_start
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
C:\windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe" -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
-Minimized
"c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Connection Manager</Title><Text>Wi-Fi: Disabled
Bluetooth®: On
LAN: Not connected</Text><IconPath>C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe</IconPath><ID>1</ID><Path>C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe</Path><Parameters>OpenMainWindow</Parameters></Toast></hpNotification>"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4492 CREDAT:203009
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -Embedding
C:\windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4492 CREDAT:203010
"C:\windows\system32\cmd.exe"
\??\C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe"
"C:\windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\c1107048.WCZ\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\HPCeeScheduleForC1107048X$.job

=========Mozilla firefox=========

ProfilePath - C:\Users\c1107048.WCZ\AppData\Roaming\Mozilla\Firefox\Profiles\vwp6dzuy.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0]
"Description"=Bing Bar
"Path"=C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\c1107048.WCZ\AppData\Roaming\Mozilla\Firefox\Profiles\vwp6dzuy.default\extensions\
superstart@enjoyfreeware.org

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-09-06 959432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-14 609544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E31CE47F-C268-41ba-897B-B415E613947D}]
Microsoft Web Test Recorder 9.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll [2007-11-08 64088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-09-06 959432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-14 609544]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2011-01-27 13880]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-04 2679592]
"Broadcom Wireless Manager UI"=C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2011-05-11 5398528]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-01-27 835072]
"MfeEpePcMonitor"=C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [2011-02-09 200704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-05-19 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2011-01-12 514544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-01-13 895512]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2011-01-29 299576]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2011-02-07 12274688]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-01-26 283160]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-02-06 336384]
"HPConnectionManager"=c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2011-02-15 94264]
""= []
"HPQuickWebProxy"=c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-02-11 76344]
"IFXSPMGT"=c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [2011-01-20 1125728]
"OfficeScanNT Monitor"=C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2010-02-05 1340720]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"Communicator"=C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2008-12-16 5160288]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=EpePcNp64
DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=\\10.82.33.21\Source\wall\wcz_wallpaper.jpg
"WallpaperStyle"=2

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2038-01-19 01:14:08 ----A---- C:\windows\SYSWOW64\WindowsAccessBridge.dll
2038-01-19 01:14:08 ----A---- C:\windows\SYSWOW64\JavaAccessBridge.dll
2011-11-14 18:12:40 ----D---- C:\rsit
2011-11-14 18:07:21 ----D---- C:\Program Files\trend micro
2011-11-14 12:11:14 ----D---- C:\Program Files (x86)\Microsoft Works
2011-11-14 12:10:57 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-11-14 02:12:57 ----A---- C:\windows\system32\drivers\aswSP.sys
2011-11-14 02:12:57 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2011-11-14 02:12:56 ----A---- C:\windows\system32\drivers\aswTdi.sys
2011-11-14 02:12:56 ----A---- C:\windows\system32\drivers\aswSnx.sys
2011-11-14 02:12:56 ----A---- C:\windows\system32\drivers\aswRdr.sys
2011-11-14 02:12:56 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2011-11-14 02:12:56 ----A---- C:\windows\system32\aswBoot.exe
2011-11-14 02:12:52 ----A---- C:\windows\SYSWOW64\aswBoot.exe
2011-11-14 02:12:52 ----A---- C:\windows\avastSS.scr
2011-11-14 02:12:47 ----D---- C:\ProgramData\AVAST Software
2011-11-14 02:12:47 ----D---- C:\Program Files\AVAST Software
2011-11-13 22:52:14 ----D---- C:\Program Files (x86)\STOPzilla!
2011-11-13 22:52:13 ----D---- C:\ProgramData\STOPzilla!
2011-11-11 19:25:12 ----RA---- C:\windows\SYSWOW64\IS3HTUI5.dll
2011-11-11 19:25:10 ----RA---- C:\windows\SYSWOW64\SZIO5.dll
2011-11-11 19:25:10 ----RA---- C:\windows\SYSWOW64\SZComp5.dll
2011-11-11 19:25:10 ----RA---- C:\windows\SYSWOW64\SZBase5.dll
2011-11-11 19:25:10 ----RA---- C:\windows\SYSWOW64\IS3XDat5.dll
2011-11-11 19:25:10 ----RA---- C:\windows\SYSWOW64\IS3Svc5.dll
2011-11-11 19:25:10 ----RA---- C:\windows\SYSWOW64\IS3Inet5.dll
2011-11-11 19:25:10 ----RA---- C:\windows\SYSWOW64\IS3Hks5.dll
2011-11-11 19:25:10 ----RA---- C:\windows\SYSWOW64\IS3DBA5.dll
2011-11-11 19:25:08 ----RA---- C:\windows\SYSWOW64\IS3Win325.dll
2011-11-11 19:25:08 ----RA---- C:\windows\SYSWOW64\IS3UI5.dll
2011-11-11 19:25:08 ----RA---- C:\windows\SYSWOW64\IS3Base5.dll
2011-11-10 23:56:40 ----A---- C:\windows\system32\avgrep.txt
2011-11-10 18:39:36 ----A---- C:\windows\ntbtlog.txt
2011-11-10 16:26:03 ----D---- C:\Users\c1107048.WCZ\AppData\Roaming\AVG
2011-11-10 16:25:03 ----AD---- C:\ProgramData\TEMP
2011-11-10 16:13:12 ----HD---- C:\ProgramData\Common Files
2011-11-10 16:12:59 ----D---- C:\ProgramData\MFAData
2011-10-30 15:47:31 ----N---- C:\windows\system32\MpSigStub.exe

======List of files/folders modified in the last 1 month======

2011-11-14 18:12:40 ----D---- C:\windows\Temp
2011-11-14 18:07:21 ----RD---- C:\Program Files
2011-11-14 17:58:20 ----D---- C:\windows\system32\config
2011-11-14 17:51:17 ----D---- C:\windows\System32
2011-11-14 17:51:17 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-11-14 17:51:16 ----D---- C:\windows\inf
2011-11-14 17:45:02 ----A---- C:\windows\SMSCFG.ini
2011-11-14 17:44:43 ----D---- C:\mail
2011-11-14 17:42:58 ----A---- C:\windows\SYSWOW64\log.txt
2011-11-14 17:41:44 ----D---- C:\windows\system32\drivers
2011-11-14 17:41:13 ----D---- C:\windows\Prefetch
2011-11-14 17:40:42 ----D---- C:\ProgramData\HPQLOG
2011-11-14 12:12:35 ----SHD---- C:\windows\Installer
2011-11-14 12:12:34 ----D---- C:\ProgramData\Microsoft Help
2011-11-14 12:12:22 ----RSD---- C:\windows\assembly
2011-11-14 12:11:14 ----RD---- C:\Program Files (x86)
2011-11-14 12:11:13 ----D---- C:\windows\SysWOW64
2011-11-14 12:11:07 ----D---- C:\Program Files (x86)\MSBuild
2011-11-14 12:11:00 ----D---- C:\Program Files (x86)\Microsoft Office
2011-11-14 12:10:53 ----D---- C:\windows\ShellNew
2011-11-14 12:10:28 ----RSD---- C:\windows\Fonts
2011-11-14 12:09:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-14 12:08:38 ----D---- C:\Program Files\Microsoft Office
2011-11-14 12:08:32 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-11-14 12:08:21 ----A---- C:\windows\win.ini
2011-11-14 09:15:52 ----D---- C:\windows\system32\drivers\etc
2011-11-14 08:34:13 ----D---- C:\ProgramData\PDFC
2011-11-14 08:27:20 ----A---- C:\windows\cfgall.ini
2011-11-14 08:26:04 ----D---- C:\windows\Tasks
2011-11-14 08:26:04 ----D---- C:\windows\system32\Tasks
2011-11-14 02:21:57 ----HD---- C:\ProgramData
2011-11-14 02:12:52 ----D---- C:\Windows
2011-11-14 02:07:24 ----D---- C:\windows\SYSWOW64\drivers
2011-11-13 23:02:32 ----D---- C:\ProgramData\Sonic
2011-11-13 22:59:03 ----D---- C:\windows\system32\catroot2
2011-11-13 22:53:06 ----RD---- C:\Users
2011-11-13 22:52:19 ----D---- C:\windows\winsxs
2011-11-13 22:52:13 ----D---- C:\Program Files (x86)\Common Files
2011-11-13 21:15:05 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-10 16:30:11 ----D---- C:\windows\Downloaded Program Files
2011-11-10 16:04:40 ----SHD---- C:\System Volume Information
2011-11-10 16:04:40 ----D---- C:\ProgramData\Norton
2011-11-10 16:03:22 ----D---- C:\Program Files\Common Files
2011-11-09 23:37:54 ----D---- C:\windows\system32\NDF
2011-11-08 19:42:01 ----D---- C:\Users\c1107048.WCZ\AppData\Roaming\Skype
2011-10-30 15:08:15 ----SD---- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft
2011-10-24 07:36:39 ----D---- C:\windows\system32\DriverStore
2011-10-24 07:36:39 ----D---- C:\windows\system32\catroot
2011-10-23 18:43:46 ----D---- C:\Users\c1107048.WCZ\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-01-27 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-13 439320]
R0 MfeEpePc;MfeEpePc; C:\windows\system32\drivers\MfeEpePc.sys [2011-02-09 168008]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 szkg5;szkg5; C:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-09-06 42328]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2011-09-06 601944]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-09-06 301912]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-09-06 58200]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-16 270912]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\windows\System32\drivers\psd.sys [2010-01-26 44576]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\windows\system32\DRIVERS\tmlwf.sys [2010-07-21 196688]
R1 tmtdi;Trend Micro TDI Driver; C:\windows\system32\DRIVERS\tmtdi.sys [2010-07-21 108624]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-09-06 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2011-07-12 342288]
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2011-07-12 42768]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\windows\system32\DRIVERS\tmwfp.sys [2010-07-21 338000]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-01-27 43320]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2010-01-26 1212416]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2011-02-06 9090048]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2011-02-06 299520]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BCM42RLY;BCM42RLY; C:\windows\system32\drivers\BCM42RLY.sys [2011-05-11 22592]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-05-11 3065408]
R3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
R3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-07-20 102952]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2010-07-20 135720]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-07-20 21544]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\windows\system32\DRIVERS\e1c62x64.sys [2010-12-21 316080]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-12-03 25912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 prepdrvr;SMS Process Event Driver; \??\C:\windows\SysWOW64\CCM\prepdrv.sys [2008-05-20 29728]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-12-21 1826048]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\windows\system32\DRIVERS\stwrt64.sys [2011-01-27 520192]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-04 1413680]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S0 is3srv;is3srv; C:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
S3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2011-01-30 174168]
S3 johci;JMicron 1394 Filter Driver; C:\windows\system32\DRIVERS\johci.sys [2011-02-08 26712]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-10-29 109056]
S3 storvsc;storvsc; C:\windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vpcuxd;USB Virtualization Stub Service; C:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-12-04 28672]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2011-02-06 203776]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-07-30 951584]
R2 CcmExec;SMS Agent Host; C:\windows\SysWOW64\CCM\CcmExec.exe [2008-05-20 757792]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2011-02-12 481104]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-12-10 126520]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-05 92216]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-29 281656]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-01-27 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
R2 IFXSpMgtSrv;Security Platform Management Service; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [2011-01-20 1125728]
R2 IFXTCS;Trusted Platform Core Service; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [2011-01-20 980320]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-05-19 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-01-03 326168]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [2010-02-02 1916720]
R2 OracleCSService;OracleCSService; C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe [2011-08-17 773444]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-01-13 1126936]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
R2 PersonalSecureDriveService;Personal Secure Drive Service; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [2011-01-20 203104]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 156016]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-01-27 296448]
R2 szserver;STOPzilla Service; C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe [2011-11-11 68648]
R2 tmlisten;OfficeScan NT Listener; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [2010-02-02 1986448]
R2 uArcCapture;ArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
R3 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
R3 hpCMSrv;HP Connection Manager 4.0 Service; c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2011-02-05 797240]
R3 TmPfw;OfficeScan NT Firewall; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-01-07 595960]
R3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-01-07 917768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2011-02-04 464480]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 OracleOraDb10g_home2SNMPPeerEncapsulator;OracleOraDb10g_home2SNMPPeerEncapsulator; C:\oracle\product\10.1.0\Db_1\BIN\ENCSVC.EXE [2011-08-17 187392]
S3 OracleOraDb10g_home2SNMPPeerMasterAgent;OracleOraDb10g_home2SNMPPeerMasterAgent; C:\oracle\product\10.1.0\Db_1\BIN\AGNTSVC.EXE [2011-08-17 254464]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 242328]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM; C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-01-15 1116656]
S3 Samsung UPD Service;Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
S3 smstsmgr;SMS Task Sequence Agent; C:\windows\SysWOW64\CCM\TSManager.exe [2008-05-20 249888]
S3 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-11-09 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 14 lis 2011 18:40

Zdravim a pekny vecer preji

maly dotaz na uvod: jedna se o domaci PC nebo nejake pracovni\firemni

puko · #3 Příspěvek od **puko** » 14 lis 2011 18:53

Zdravim a taky preji pekny vecer,

jedna se o otcove PC, ktere mam doma dovoleno volne pouzivat.. proc? Je tam nejaky problem?

#4 Příspěvek od **vyosek** » 14 lis 2011 18:56

Fajn a je to otcuv PC nebo ho ma firemni

Tohle wcz.wistron je co za nastaveni internet. pripojeni

puko · #5 Příspěvek od **puko** » 14 lis 2011 19:02

je to otcuv notebook, ktery si bere obcas i do prace.. pracuje ve wistronu

#6 Příspěvek od **vyosek** » 14 lis 2011 19:05

To jsem pochopil ze je otcuv, ale ma jej od firmy nebo si jej koupil

Me prijde, ze tohle je firemni ntb a firemnimi PC\ntb se tu nezabyvame - na to ma firma placeny IT management

puko · #7 Příspěvek od **puko** » 14 lis 2011 19:11

je koupeny, tedy myslim otcem koupeny, o nejakem IT managementu nevim

Muzete mi prosim pomoci analyzovat ten log z RSIT? Diky

#8 Příspěvek od **vyosek** » 14 lis 2011 19:14

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Ja na 64bit OS radeji pouzivam OTL, takze poprosim o sken pomoci nej - navod nize

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

puko · #9 Příspěvek od **puko** » 14 lis 2011 20:38

uz to trva trochu dele nez 15min, vypada to, ze se to seklo na radku "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\LightScribe Control Panel..."

pak tam jeste vyskocila nejaka hlaska: Cannot create run.bat nebo tak neco

Mam to vypnout a zkusit zapnout znova

Diky za radu

#10 Příspěvek od **vyosek** » 14 lis 2011 20:43

Spustte znovu ale v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) a pouzijte tento (upraveny) skript

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

puko · #11 Příspěvek od **puko** » 14 lis 2011 21:27

Tady jsou ty logfily z prostredi Safe Mode

OTL logfile created on: 11/14/2011 9:03:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\c1107048.WCZ\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: yyyy/M/d

3.97 Gb Total Physical Memory | 3.24 Gb Available Physical Memory | 81.53% Memory free
7.95 Gb Paging File | 7.25 Gb Available in Paging File | 91.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.40 Gb Total Space | 384.04 Gb Free Space | 86.23% Space Free | Partition Type: NTFS
Drive E: | 15.07 Gb Total Space | 2.25 Gb Free Space | 14.96% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32

Computer Name: C1107048X | User Name: c1107048 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 19:20:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\c1107048.WCZ\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/11 12:52:49 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2011/02/12 05:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/02/09 19:28:12 | 001,318,912 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/02/06 08:39:18 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011/01/27 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/27 03:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/01/27 01:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/22 03:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/08/09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010/07/30 03:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/04 00:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/11/07 08:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/11/11 19:25:16 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/17 09:45:57 | 000,187,392 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\product\10.1.0\Db_1\BIN\encsvc.exe -- (OracleOraDb10g_home2SNMPPeerEncapsulator)
SRV - [2011/08/17 09:45:56 | 000,254,464 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\product\10.1.0\Db_1\BIN\agntsvc.exe -- (OracleOraDb10g_home2SNMPPeerMasterAgent)
SRV - [2011/08/17 09:45:36 | 000,773,444 | ---- | M] () [Auto | Stopped] -- C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe -- (OracleCSService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/15 23:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/02/07 20:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/02/05 01:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/04 00:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/01/29 00:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/01/22 03:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/20 06:55:18 | 001,125,728 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2011/01/20 06:43:00 | 000,203,104 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2011/01/20 05:49:00 | 000,980,320 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2011/01/18 22:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/01/15 13:32:30 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2011/01/13 18:22:20 | 001,126,936 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/01/12 20:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2011/01/03 23:16:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/01/03 23:16:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2010/11/11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/02 16:35:40 | 001,986,448 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/02/02 16:33:18 | 001,916,720 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/01/07 10:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/01/07 10:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/20 03:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2008/05/20 03:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2002/04/26 18:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/16 08:38:36 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/11 12:52:48 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/11 12:52:48 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/02/09 19:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011/02/08 18:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/02/07 16:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/02/06 09:22:40 | 009,090,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/06 08:01:44 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/04 04:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/30 20:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/27 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/27 01:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/27 01:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/21 18:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/12/21 10:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/12/03 02:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/17 02:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/11 08:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/10/29 04:05:56 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/07/21 13:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/07/21 13:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/07/21 13:46:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/07/20 22:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 22:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 22:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 15:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/05/12 09:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/05/12 09:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/03/19 12:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/02 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/26 21:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/26 06:31:08 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009/12/31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 02:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009/09/23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/26 11:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/09/26 11:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2011/07/12 09:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 09:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 09:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/05/20 03:00:00 | 000,029,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/09/04 15:53:34 | 000,071,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys -- (VSPerfDrv90)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://czisa:8080/array.dll?Get.Routing.Script

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/03/09 04:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/09 04:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/09 04:15:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/09 04:15:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/14 02:12:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/28 11:18:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/15 15:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c1107048.WCZ\AppData\Roaming\mozilla\Extensions
[2011/11/07 08:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c1107048.WCZ\AppData\Roaming\mozilla\Firefox\Profiles\vwp6dzuy.default\extensions
[2011/10/24 17:11:25 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\c1107048.WCZ\AppData\Roaming\mozilla\Firefox\Profiles\vwp6dzuy.default\extensions\superstart@enjoyfreeware.org
[2011/09/09 12:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/14 02:12:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\C1107048.WCZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWP6DZUY.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/10/28 11:18:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/28 11:18:32 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2011/10/28 11:18:32 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2011/10/28 11:18:32 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011/10/28 11:18:32 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011/10/28 11:18:32 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011/11/13 22:55:07 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = \\10.82.33.21\Source\wall\wcz_wallpaper.jpg
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms] http in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms] https in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms-wks] http in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms-wks] https in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.137.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wcz.wistron
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9722C9A8-10BF-4A84-971B-D364C846818C}: DhcpNameServer = 192.168.137.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E10E6059-9434-4A41-91BE-E871EEE2713E}: DhcpNameServer = 10.82.33.21 10.82.33.22
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qcom - No CLSID value found
O18 - Protocol\Handler\qcom {B8DBD265-42C3-43e6-B439-E968C71984C6} - C:\Program Files (x86)\Common Files\Quest Shared\CodeXpert\qcom.dll (Quest Software, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) -c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{99e00a38-c7cb-11e0-b2bd-984be1ed0f2b}\Shell - "" = AutoRun
O33 - MountPoints2\{99e00a38-c7cb-11e0-b2bd-984be1ed0f2b}\Shell\AutoRun\command - "" = D:\autorun\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\...exe [@ = exefile] -- Reg Error: Key error. File not found

CREATERESTOREPOINT
Error creating restore point.

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2038/01/19 01:14:08 | 000,122,880 | ---- | C] (Sun Microsystems) -- C:\windows\SysWow64\JavaAccessBridge.dll
[2038/01/19 01:14:08 | 000,069,632 | ---- | C] (Sun Microsystems) -- C:\windows\SysWow64\WindowsAccessBridge.dll
[2011/11/14 19:20:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\c1107048.WCZ\Desktop\OTL.exe
[2011/11/14 18:12:40 | 000,000,000 | ---D | C] -- C:\rsit
[2011/11/14 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/11/14 12:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/11/14 12:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/11/14 11:04:02 | 000,000,000 | ---D | C] -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/11/14 02:12:57 | 000,301,912 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2011/11/14 02:12:57 | 000,024,408 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2011/11/14 02:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/14 02:12:56 | 000,601,944 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/11/14 02:12:56 | 000,254,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/11/14 02:12:56 | 000,065,368 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2011/11/14 02:12:56 | 000,058,200 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2011/11/14 02:12:56 | 000,042,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2011/11/14 02:12:52 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011/11/14 02:12:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/11/14 02:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/14 02:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/13 22:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/11/13 22:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/11/13 22:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/11/13 22:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/11/11 19:25:12 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/11/11 19:25:10 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/11/11 19:25:10 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/11/11 19:25:10 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/11/11 19:25:10 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/11/11 19:25:10 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/11/11 19:25:10 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/11/11 19:25:10 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/11/11 19:25:10 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/11/11 19:25:08 | 000,740,392 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/11/11 19:25:08 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/11/11 19:25:08 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/11/10 16:26:03 | 000,000,000 | ---D | C] -- C:\Users\c1107048.WCZ\AppData\Roaming\AVG
[2011/11/10 16:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/10 16:13:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/10 16:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/08 13:49:02 | 000,000,000 | ---D | C] -- C:\Users\c1107048.WCZ\Desktop\LOT Issues

========== Files - Modified Within 7 Days ==========

[2038/01/19 01:14:08 | 000,122,880 | ---- | M] (Sun Microsystems) -- C:\windows\SysWow64\JavaAccessBridge.dll
[2038/01/19 01:14:08 | 000,069,632 | ---- | M] (Sun Microsystems) -- C:\windows\SysWow64\WindowsAccessBridge.dll
[2011/11/14 21:04:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/11/14 20:47:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/14 20:46:58 | 4268,089,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 19:27:55 | 000,861,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/14 19:27:55 | 000,711,610 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/14 19:27:55 | 000,142,818 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/11/14 19:20:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\c1107048.WCZ\Desktop\OTL.exe
[2011/11/14 17:53:11 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 17:53:11 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 17:50:13 | 000,935,175 | ---- | M] () -- C:\Users\c1107048.WCZ\Desktop\RSITx64.exe
[2011/11/14 17:45:02 | 000,000,475 | ---- | M] () -- C:\windows\SMSCFG.ini
[2011/11/14 17:40:05 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForC1107048X$.job
[2011/11/14 17:39:50 | 000,463,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/11/14 12:18:03 | 000,001,133 | ---- | M] () -- C:\Users\c1107048.WCZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/14 08:28:18 | 000,001,365 | ---- | M] () -- C:\MAPISVC.INF
[2011/11/14 08:27:20 | 000,016,036 | ---- | M] () -- C:\windows\cfgall.ini
[2011/11/14 02:12:56 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/11/13 22:55:07 | 000,000,860 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/11/11 19:25:12 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/11/11 19:25:10 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/11/11 19:25:10 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/11/11 19:25:10 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/11/11 19:25:10 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/11/11 19:25:10 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/11/11 19:25:10 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/11/11 19:25:10 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/11/11 19:25:10 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/11/11 19:25:08 | 000,740,392 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/11/11 19:25:08 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/11/11 19:25:08 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll

========== Files Created - No Company Name ==========

[2011/11/14 19:28:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/11/14 17:50:12 | 000,935,175 | ---- | C] () -- C:\Users\c1107048.WCZ\Desktop\RSITx64.exe
[2011/11/14 12:18:03 | 000,001,133 | ---- | C] () -- C:\Users\c1107048.WCZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/14 08:28:18 | 000,001,365 | ---- | C] () -- C:\MAPISVC.INF
[2011/11/14 02:12:56 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2011/09/09 13:00:05 | 000,131,072 | ---- | C] () -- C:\windows\SysWow64\CSVSpecialProcessing.dll
[2011/09/09 13:00:05 | 000,102,400 | ---- | C] () -- C:\windows\SysWow64\SARzilla.dll
[2011/09/09 13:00:05 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\DVM.dll
[2011/09/09 13:00:05 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\RegisterExe.exe
[2011/09/09 13:00:05 | 000,000,530 | ---- | C] () -- C:\windows\SysWow64\tx13_ic.ini
[2011/08/30 08:17:50 | 000,004,096 | -H-- | C] () -- C:\Users\c1107048.WCZ\AppData\Local\keyfile3.drm
[2011/08/17 09:46:32 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\JAWTAccessBridge.dll
[2011/08/16 11:52:31 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/08/16 09:27:01 | 000,000,172 | ---- | C] () -- C:\windows\ODBC.INI
[2011/08/15 15:10:33 | 000,004,764 | ---- | C] () -- C:\windows\SysWow64\CcmFramework.ini
[2011/08/15 15:10:16 | 000,000,475 | ---- | C] () -- C:\windows\SMSCFG.ini
[2011/08/15 13:27:56 | 000,016,036 | ---- | C] () -- C:\windows\cfgall.ini
[2011/08/15 13:10:03 | 000,021,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/11 13:17:31 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdcecbh.sys
[2011/05/11 13:01:16 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/05/11 12:58:34 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/05/11 12:58:34 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/03/09 04:17:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdcdieb.sys
[2011/03/09 04:06:37 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2011/03/09 04:01:29 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdcdigf.sys
[2011/03/09 03:34:23 | 001,609,724 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/12 05:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/02/12 05:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/02/12 05:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011/02/12 05:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011/02/04 04:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/02/04 00:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011/02/03 05:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011/02/03 05:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/02/03 05:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011/01/30 00:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011/01/22 20:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011/01/11 04:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2010/12/20 16:27:22 | 000,003,113 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/12/07 06:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2010/12/07 06:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/15 13:11:00 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\DigitalPersona
[2011/08/15 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Infineon
[2011/08/15 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Synaptics
[2011/08/15 10:48:26 | 000,000,000 | ---D | M] -- C:\Users\c1107048\AppData\Roaming\DigitalPersona
[2011/08/15 10:49:07 | 000,000,000 | ---D | M] -- C:\Users\c1107048\AppData\Roaming\Infineon
[2011/08/15 11:11:45 | 000,000,000 | ---D | M] -- C:\Users\c1107048\AppData\Roaming\Synaptics
[2011/11/10 16:26:31 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\AVG
[2011/08/16 09:07:37 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\DAEMON Tools Lite
[2011/08/15 13:21:47 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\DigitalPersona
[2011/08/15 13:21:46 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Infineon
[2011/08/16 12:56:42 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Quest Software
[2011/09/09 13:01:39 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Softinterface, Inc
[2011/09/12 09:28:04 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Softplicity
[2011/08/16 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Software
[2011/08/15 13:21:46 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Synaptics
[2009/07/14 06:08:49 | 000,015,730 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/10/01 08:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\SysWOW64\autochk.exe
[2009/10/01 08:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_e28cf2983c0715a1\autochk.exe
[2009/10/01 08:42:15 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=3AE12EC776AB9830462E8197FB5C88CF -- C:\windows\SysNative\autochk.exe
[2009/10/01 08:42:15 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=3AE12EC776AB9830462E8197FB5C88CF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_3eab8e1bf46486d7\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\windows\SysNative\drivers\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\windows\SysNative\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2006/11/24 05:55:06 | 000,025,088 | ---- | M] () MD5=98BF9A30416D2AE9759A1698BE8D835F -- C:\oracle\product\10.2.0\client_1\perl\site\5.8.3\lib\MSWin32-X64-multi-thread\auto\Win32\EventLog\EventLog.dll
[2004/11/15 09:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\oracle\product\10.2.0\db_1\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/10/29 04:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/10/29 04:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/10/29 04:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/10/29 04:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/10/29 04:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/29 04:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/10/29 04:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/29 04:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/29 04:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/10/29 04:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/09/01 07:34:28 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=01B586A0B8C8D860457892F80B85A5CD -- C:\windows\SysNative\hal.dll
[2009/09/01 07:34:28 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=01B586A0B8C8D860457892F80B85A5CD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16416_none_076a95ef732190e3\hal.dll
[2009/09/01 08:03:17 | 000,263,240 | ---- | M] (Microsoft Corporation) MD5=514D418248FECD24D96E7219162BDFDD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20519_none_07f733988c3c7cb2\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTOR.SYS >
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
[2011/01/13 02:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\windows\SysNative\drivers\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\drivers\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\windows\SysNative\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\windows\SysNative\drivers\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010/05/12 09:50:49 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=491E3CF1A4F0869E32197E34603B9BE1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\windows\SysNative\drivers\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\windows\SysNative\drivers\nvstor.sys
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\windows\SysNative\smss.exe
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010/10/29 04:09:15 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/10/29 04:09:15 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\windows\SysNative\drivers\tcpip.sys
[2010/10/29 04:09:15 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/10/29 04:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/29 04:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010/10/29 04:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

puko · #12 Příspěvek od **puko** » 14 lis 2011 21:28

< MD5 for: WS2_32.DLL >
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\windows\SysNative\ws2_32.dll
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[2 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\wlansvc\Policies\*.tmp files -> C:\windows\wlansvc\Policies\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/08/16 07:59:49 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Adobe
[2011/08/15 13:22:46 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\ATI
[2011/11/10 16:26:31 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\AVG
[2011/08/16 09:07:37 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\DAEMON Tools Lite
[2011/08/15 13:21:47 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\DigitalPersona
[2011/08/17 07:04:58 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\hpqLog
[2011/08/15 13:21:39 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Identities
[2011/08/15 13:21:46 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Infineon
[2011/08/15 13:21:40 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\InstallShield
[2011/08/15 13:21:46 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Intel Corporation
[2011/08/15 14:54:25 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Macromedia
[2011/10/30 15:08:15 | 000,000,000 | --SD | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft
[2011/08/16 08:31:35 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft Office
[2011/08/16 08:31:36 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft Shared
[2011/08/15 15:24:37 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Mozilla
[2011/08/16 12:56:42 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Quest Software
[2011/08/15 13:21:47 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Roxio
[2011/08/16 09:08:14 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Roxio Burn
[2011/11/08 19:42:01 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Skype
[2011/09/09 13:01:39 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Softinterface, Inc
[2011/09/12 09:28:04 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Softplicity
[2011/08/16 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Software
[2011/08/15 13:21:46 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\Synaptics
[2011/10/23 18:43:46 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\vlc
[2011/08/16 08:26:53 | 000,000,000 | ---D | M] -- C:\Users\c1107048.WCZ\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2009/09/20 14:43:38 | 000,239,960 | ---- | M] (Microsoft Corporation) -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft Office\Live Meeting 8\Console\bgpubmgr.exe
[2009/09/20 14:43:42 | 006,299,976 | ---- | M] (Microsoft Corporation) -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
[2011/08/16 12:55:52 | 000,002,462 | R--- | M] () -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft\Installer\{2E68F5BF-3951-4F69-81AE-69AF4EC7611A}\_2525BD1C8041840BC15E9F.exe
[2011/08/16 12:55:52 | 000,010,134 | R--- | M] () -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft\Installer\{2E68F5BF-3951-4F69-81AE-69AF4EC7611A}\_2B90EBD3FA291192521AE9.exe
[2011/08/16 12:55:52 | 000,010,134 | R--- | M] () -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft\Installer\{2E68F5BF-3951-4F69-81AE-69AF4EC7611A}\_5D8D4FCEC0F7B020B02095.exe
[2011/08/16 12:55:51 | 000,002,362 | R--- | M] () -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft\Installer\{2E68F5BF-3951-4F69-81AE-69AF4EC7611A}\_6FEFF9B68218417F98F549.exe
[2011/08/16 12:55:52 | 000,010,134 | R--- | M] () -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft\Installer\{2E68F5BF-3951-4F69-81AE-69AF4EC7611A}\_8D52851D7DECE1B72885FD.exe
[2011/08/16 12:55:52 | 000,002,362 | R--- | M] () -- C:\Users\c1107048.WCZ\AppData\Roaming\Microsoft\Installer\{2E68F5BF-3951-4F69-81AE-69AF4EC7611A}\_B9517ED6C2EEACB531EB0C.exe
[2011/10/25 22:16:32 | 000,188,152 | ---- | M] () -- C:\Users\c1107048.WCZ\AppData\Roaming\Mozilla\Firefox\Profiles\vwp6dzuy.default\FlashGot.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011/11/14 02:12:56 | 000,000,000 | ---- | M] () -- C:\windows\system32\config.nt
[2038/01/19 01:14:08 | 000,122,880 | ---- | M] (Sun Microsystems) -- C:\windows\system32\JavaAccessBridge.dll
[2011/11/14 20:46:37 | 000,000,031 | ---- | M] () -- C:\windows\system32\log.txt
[2038/01/19 01:14:08 | 000,069,632 | ---- | M] (Sun Microsystems) -- C:\windows\system32\WindowsAccessBridge.dll

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"LightScribe Control Panel" = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2010/05/19 19:38:38 | 002,736,128 | ---- | M] (Hewlett-Packard Company)

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011/11/14 21:04:50 | 000,000,512 | ---- | M] () MD5=4523164B24048FD6955F3FC978FBC9D8 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2002/04/18 20:41:08 | 000,002,291 | ---- | M] () -- \oracle\ora92\jdk\include-old\java_lang_ClassLoader.h
[2004/03/09 23:18:06 | 000,002,908 | ---- | M] () -- \oracle\product\10.1.0\Db_1\oc4j\j2ee\oc4j_applications\applications\em\em\admin\rep\emdConfig\uploadError.uix
[2004/03/09 23:18:56 | 000,005,016 | ---- | M] () -- \oracle\product\10.1.0\Db_1\oc4j\j2ee\oc4j_applications\applications\em\em\health\healthLoaderDetails.jsp
[2011/08/17 09:46:06 | 000,010,672 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\AutoLoader.pm
[2011/08/17 09:46:01 | 000,012,135 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\SelfLoader.pm
[2011/08/17 09:46:01 | 000,000,603 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\MSWin32-x86\ByteLoader.pm
[2011/08/17 09:46:05 | 000,028,119 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\MSWin32-x86\DynaLoader.pm
[2011/08/17 09:46:06 | 000,003,749 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\MSWin32-x86\XSLoader.pm
[2011/08/17 09:46:06 | 000,000,000 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\MSWin32-x86\auto\ByteLoader\ByteLoader.bs
[2011/08/17 09:46:06 | 000,024,576 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\MSWin32-x86\auto\ByteLoader\ByteLoader.dll
[2011/08/17 09:46:07 | 000,000,817 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\MSWin32-x86\auto\ByteLoader\ByteLoader.exp
[2011/08/17 09:46:06 | 000,002,212 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\5.6.1\lib\MSWin32-x86\auto\ByteLoader\ByteLoader.lib
[2011/08/17 09:46:03 | 000,004,501 | ---- | M] () -- \oracle\product\10.1.0\Db_1\perl\site\5.6.1\lib\Apache\RegistryLoader.pm
[2004/03/04 18:35:56 | 000,125,474 | ---- | M] () -- \oracle\product\10.1.0\Db_1\sysman\admin\emdrep\lib\emdloader.jar
[2011/08/17 09:45:26 | 000,094,470 | ---- | M] () -- \oracle\product\10.1.0\Db_1\sysman\admin\emdrep\sql\core\latest\basic\basic_loader_pkgbody.sql
[2011/08/17 09:45:26 | 000,012,393 | ---- | M] () -- \oracle\product\10.1.0\Db_1\sysman\admin\emdrep\sql\core\latest\basic\basic_loader_pkgdef.sql
[2011/08/17 09:45:40 | 000,003,937 | ---- | M] () -- \oracle\product\10.1.0\Db_1\ultrasearch\bin\MetaLoader.class
[2006/11/24 05:54:38 | 000,002,129 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\ext\ByteLoader\ByteLoader.html
[2006/11/24 05:54:38 | 000,019,341 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\ext\DynaLoader\DynaLoader.html
[2006/11/24 05:54:38 | 000,009,072 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\ext\DynaLoader\XSLoader.html
[2006/11/24 05:54:38 | 000,010,365 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\lib\AutoLoader.html
[2006/11/24 05:54:38 | 000,002,129 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\lib\ByteLoader.html
[2006/11/24 05:54:38 | 000,019,341 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\lib\DynaLoader.html
[2006/11/24 05:54:40 | 000,011,488 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\lib\SelfLoader.html
[2006/11/24 05:54:42 | 000,009,072 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\lib\XSLoader.html
[2006/11/24 05:54:40 | 000,000,925 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\html\lib\Locale\Maketext\GutsLoader.html
[2006/11/24 05:54:44 | 000,011,436 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\AutoLoader.pm
[2006/11/24 05:54:56 | 000,012,953 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\SelfLoader.pm
[2006/11/24 05:54:46 | 000,001,324 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\Locale\Maketext\GutsLoader.pm
[2006/11/24 05:54:48 | 000,000,727 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\MSWin32-X64-multi-thread\ByteLoader.pm
[2006/11/24 05:54:48 | 000,028,710 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\MSWin32-X64-multi-thread\DynaLoader.pm
[2006/11/24 05:54:48 | 000,008,852 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\MSWin32-X64-multi-thread\XSLoader.pm
[2006/11/24 05:54:48 | 000,000,000 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\MSWin32-X64-multi-thread\auto\ByteLoader\ByteLoader.bs
[2006/11/24 05:54:48 | 000,041,472 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\MSWin32-X64-multi-thread\auto\ByteLoader\ByteLoader.dll
[2006/11/24 05:54:48 | 000,000,807 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\MSWin32-X64-multi-thread\auto\ByteLoader\ByteLoader.exp
[2006/11/24 05:54:48 | 000,001,986 | ---- | M] () -- \oracle\product\10.2.0\client_1\perl\5.8.3\lib\MSWin32-X64-multi-thread\auto\ByteLoader\ByteLoader.lib
[2006/11/14 13:19:00 | 000,002,908 | ---- | M] () -- \oracle\product\10.2.0\db_1\oc4j\j2ee\oc4j_applications\applications\em\em\admin\rep\emdConfig\uploadError.uix
[2004/11/15 09:35:32 | 000,002,129 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\ext\ByteLoader\ByteLoader.html
[2004/11/15 09:35:34 | 000,019,323 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\ext\DynaLoader\DynaLoader.html
[2004/11/15 09:35:34 | 000,009,018 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\ext\DynaLoader\XSLoader.html
[2004/11/15 09:35:42 | 000,010,266 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\lib\AutoLoader.html
[2004/11/15 09:35:44 | 000,002,129 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\lib\ByteLoader.html
[2004/11/15 09:35:44 | 000,019,323 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\lib\DynaLoader.html
[2004/11/15 09:35:46 | 000,011,470 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\lib\SelfLoader.html
[2004/11/15 09:35:48 | 000,009,018 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\lib\XSLoader.html
[2004/11/15 09:36:00 | 000,000,925 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\html\lib\Locale\Maketext\GutsLoader.html
[2004/11/15 09:36:22 | 000,011,436 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\AutoLoader.pm
[2004/11/15 09:36:28 | 000,012,953 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\SelfLoader.pm
[2004/11/15 09:36:42 | 000,001,277 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\Locale\Maketext\GutsLoader.pm
[2004/11/15 09:36:44 | 000,000,727 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86-multi-thread\ByteLoader.pm
[2004/11/15 09:36:44 | 000,028,710 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86-multi-thread\DynaLoader.pm
[2004/11/15 09:36:44 | 000,008,852 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86-multi-thread\XSLoader.pm
[2004/11/15 09:36:46 | 000,000,000 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86-multi-thread\auto\ByteLoader\ByteLoader.bs
[2004/11/15 09:36:46 | 000,028,672 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86-multi-thread\auto\ByteLoader\ByteLoader.dll
[2004/11/15 09:36:46 | 000,000,817 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86-multi-thread\auto\ByteLoader\ByteLoader.exp
[2004/11/15 09:36:46 | 000,002,212 | ---- | M] () -- \oracle\product\10.2.0\db_1\perl\5.8.3\lib\MSWin32-x86-multi-thread\auto\ByteLoader\ByteLoader.lib
[2005/08/25 05:44:00 | 000,125,612 | ---- | M] () -- \oracle\product\10.2.0\db_1\sysman\admin\emdrep\sql\core\latest\basic\basic_loader_pkgbody.sql
[2005/08/18 07:48:00 | 000,018,336 | ---- | M] () -- \oracle\product\10.2.0\db_1\sysman\admin\emdrep\sql\core\latest\basic\basic_loader_pkgdef.sql
[2005/11/15 18:00:02 | 000,003,918 | ---- | M] () -- \oracle\product\10.2.0\db_1\sysman\admin\emdrep\sql\core\latest\sdk\sdk_loader_pkgbody.sql
[2005/08/11 02:18:00 | 000,001,904 | ---- | M] () -- \oracle\product\10.2.0\db_1\sysman\admin\emdrep\sql\core\latest\sdk\sdk_loader_pkgdef.sql
[2006/10/26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2007/11/07 09:21:26 | 000,072,192 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader80.dll
[2007/11/06 19:10:00 | 000,004,096 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader80.tlb
[2010/03/24 19:12:34 | 000,249,680 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010/03/24 19:12:34 | 000,018,264 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2007/10/12 06:19:58 | 000,052,232 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\8.0\AddinLoader.dll
[2007/10/12 06:20:18 | 000,129,024 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\8.0\VSTOLoader.dll
[2007/10/12 06:20:14 | 000,017,416 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\8.0\1033\VSTOLoaderUI.dll
[2007/11/07 10:40:30 | 000,205,312 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\9.0\VSTOLoader.dll
[2007/11/07 10:40:30 | 000,018,952 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\9.0\1033\VSTOLoaderUI.dll
[2011/01/15 09:21:00 | 000,053,511 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Generic\Images\themeloader_default_chapter.jpg
[2011/01/15 09:21:00 | 000,053,511 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Generic\Images\themeloader_default_menu.jpg
[2011/01/12 13:48:56 | 000,007,990 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1028\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:48:58 | 000,008,029 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1030\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:48:58 | 000,008,063 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1031\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:00 | 000,008,026 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1033\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:02 | 000,008,158 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1035\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:02 | 000,008,038 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1036\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:04 | 000,008,052 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1040\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:06 | 000,008,654 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1041\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:06 | 000,008,187 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1042\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:08 | 000,008,164 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1043\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:10 | 000,008,076 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1044\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:10 | 000,008,283 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1046\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:12 | 000,008,694 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1049\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:12 | 000,008,032 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\1053\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:14 | 000,007,967 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\2052\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:16 | 000,008,350 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\2070\Strings\RCMFormatLoaderStrings.xml
[2011/01/12 13:49:16 | 000,008,413 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\Common Resources\Shared\Locale\3082\Strings\RCMFormatLoaderStrings.xml
[2011/01/15 13:27:38 | 000,231,920 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\CPSFileLoader.dll
[2011/01/15 13:27:56 | 000,084,464 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\CPSFormatLoaderBMP.dll
[2011/01/15 13:28:12 | 000,072,176 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\CPSFormatLoaderECDC.dll
[2011/01/15 13:28:22 | 000,092,656 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\CPSFormatLoaderGIF.dll
[2011/01/15 13:28:30 | 000,207,344 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\CPSFormatLoaderJPG2.dll
[2011/01/15 13:35:06 | 000,072,176 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\CPSFormatLoaderMDC.dll
[2011/01/15 13:28:38 | 000,133,616 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\CPSFormatLoaderPNG.dll
[2011/01/15 13:28:48 | 000,104,944 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\CPSFormatLoaderTIFF.dll
[2011/01/15 13:31:52 | 000,150,000 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\LeResourceLoader.dll
[2011/01/25 12:16:44 | 000,053,248 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\HP Setup\ContentDownloader.exe
[2011/01/25 12:11:12 | 000,005,974 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\HP Setup\ContentDownloader.exe.config
[2005/10/14 01:49:48 | 000,017,624 | ---- | M] () -- \Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\SqlResourceLoader.dll
[2005/10/14 01:49:48 | 000,017,624 | ---- | M] () -- \Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SqlResourceLoader.dll
[2010/08/14 00:18:48 | 000,005,272 | ---- | M] () -- \Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Toolbar\Applications\loader.xap
[2011/01/12 16:23:32 | 000,141,808 | ---- | M] () -- \Program Files (x86)\Roxio\OEM\VideoCore 12\VOBLoader.ax
[2011/01/19 03:57:58 | 000,170,480 | ---- | M] () -- \Program Files (x86)\Roxio\OEM\VideoUI 12\DSThemeLoader.dll
[2011/01/19 03:58:56 | 000,113,136 | ---- | M] () -- \Program Files (x86)\Roxio\OEM\VideoUI 12\DVDFormatLoaderPlugIn.dll
[2011/01/19 03:22:12 | 000,040,000 | R--- | M] () -- \Program Files (x86)\Roxio\OEM\VideoUI 12\Skins\Default\Generic\Images\themeloader_hourglass.jpg
[2010/03/24 19:35:48 | 000,370,512 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2010/03/24 19:35:48 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2007/09/27 13:17:42 | 000,085,352 | ---- | M] () -- \Program Files\Microsoft SDKs\Windows\v6.0A\Bin\IALoader.dll
[2006/05/19 13:50:54 | 000,003,380 | ---- | M] () -- \Program Files\Quest Software\Tuning_Lab\BACKUP\dqm_loader.js
[2006/05/19 13:50:54 | 000,003,380 | ---- | M] () -- \Program Files\Quest Software\Tuning_Lab\HTML\WhatsNew\images\dqm_loader.js
[2011/05/28 21:04:04 | 000,054,784 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2011/04/22 14:01:00 | 000,005,277 | ---- | M] () -- \Users\c1107048.WCZ\AppData\Local\Microsoft\Toolbar\Applications\Loader.xap
[2010/08/14 00:18:48 | 000,005,272 | ---- | M] () -- \Users\c1107048.WCZ\AppData\Local\Microsoft\Toolbar\BackUp\loader.xap
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2008/04/08 16:30:26 | 000,003,294 | ---- | M] () -- \Windows\System32\CCM\SdmPackageLoader.xsd
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2008/04/08 16:30:26 | 000,003,294 | ---- | M] () -- \Windows\SysWOW64\CCM\SdmPackageLoader.xsd
[2009/07/14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 06:37:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 06:37:37 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009/07/14 06:37:37 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009/07/14 06:37:37 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009/07/14 06:37:37 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2009/07/14 03:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009/07/14 03:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009/07/14 03:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009/07/14 03:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009/07/14 03:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009/07/14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/14 03:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009/07/14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

puko · #13 Příspěvek od **puko** » 14 lis 2011 21:29

OTL Extras logfile created on: 11/14/2011 9:03:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\c1107048.WCZ\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: yyyy/M/d

3.97 Gb Total Physical Memory | 3.24 Gb Available Physical Memory | 81.53% Memory free
7.95 Gb Paging File | 7.25 Gb Available in Paging File | 91.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.40 Gb Total Space | 384.04 Gb Free Space | 86.23% Space Free | Partition Type: NTFS
Drive E: | 15.07 Gb Total Space | 2.25 Gb Free Space | 14.96% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32

Computer Name: C1107048X | User Name: c1107048 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"5800:TCP:10.0.0.0/24:enabled:VNC5800" = 5800:TCP:10.0.0.0/24:enabled:VNC5800
"5900:TCP:10.0.0.0/24:enabled:VNC5900" = 5900:TCP:10.0.0.0/24:enabled:VNC5900
"6129:TCP:10.0.0.0/24:enabled:DAME6129" = 6129:TCP:10.0.0.0/24:enabled:DAME6129

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 1
"AllowOutboundTimeExceeded" = 1
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 1
"AllowInboundMaskRequest" = 1
"AllowOutboundPacketTooBig" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 0
"LogSuccessfulConnections" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"5800:TCP:10.0.0.0/24:enabled:VNC5800" = 5800:TCP:10.0.0.0/24:enabled:VNC5800
"5900:TCP:10.0.0.0/24:enabled:VNC5900" = 5900:TCP:10.0.0.0/24:enabled:VNC5900
"6129:TCP:10.0.0.0/24:enabled:DAME6129" = 6129:TCP:10.0.0.0/24:enabled:DAME6129

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 1
"AllowOutboundTimeExceeded" = 1
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 1
"AllowInboundMaskRequest" = 1
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 0
"LogSuccessfulConnections" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{103729AF-35B8-7567-2739-905128A38CFE}" = ccc-utility64
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{422BA615-2133-4DC0-8673-09C8CC7557F2}" = HP ProtectTools Security Manager
"{4322C618-94E5-3EB0-8BA5-4675C4803C34}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{87821717-5688-4AE6-887A-6B11571D0CD7}" = Embedded Security for HP ProtectTools
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D5526B83-25C4-88A8-A984-98F871DA1415}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E8F1F2-6E5B-C5A4-A5FD-B76CCF833F21}" = CCC Help Finnish
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E8DE6AB-5193-A885-A550-7B26858FFF74}" = Catalyst Control Center Localization All
"{0F1B840F-1EDC-4C9F-ADE9-63B8C8C27700}" = mycalc
"{11C8CD1B-B0F8-D6F5-3E5D-6103FA7A2740}" = CCC Help English
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{1267DA48-A6EA-3202-6C02-0AD5D3AAF360}" = Catalyst Control Center InstallProxy
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{14FDECFD-FBA1-5D0A-16FE-51621197077E}" = CCC Help Norwegian
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E8D5440-0CC6-6E2D-7A1A-1B02699C76DE}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2041A685-F8DC-A7C7-2AF4-CE646D1E2161}" = CCC Help Thai
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2b104c55-547b-4545-a4ea-8192f3c901fa}" = Knowledge Xpert for Oracle Administration
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2E68F5BF-3951-4F69-81AE-69AF4EC7611A}" = Quest SQL Optimizer 7.4.1 for Oracle
"{2F36E5A1-A627-3736-D4BC-7962DD22EE0B}" = CCC Help Polish
"{2FC34E5F-AC85-4F04-B95E-1E39D17BF198}" = Quest SQL Optimizer for Oracle Common
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39705143-74BD-1E99-5952-22764AD6DED9}" = ccc-core-static
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3C213840-A3A6-FD8C-91E5-AC7566FCB71B}" = CCC Help Czech
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43698FDB-55B2-40D2-B995-F9E2CA799695}" = SQL Navigator for Oracle
"{44C72B93-46FA-6D17-4020-E796E8D9C808}" = CCC Help German
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5681FF4A-5469-D41F-F990-D1AC1037AB02}" = CCC Help Korean
"{5A6CB42D-AFB6-989E-E7EB-B3FF928C707F}" = Catalyst Control Center Profiles Mobile
"{5fb88c3e-b84c-4cb9-97dd-6c340da3d720}" = Knowledge Xpert for PLSQL
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{63240320-9946-4A11-5135-DB66D8113842}" = CCC Help Japanese
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68DDF0E0-42D9-B5C3-AD7A-3E1DCCE8D2E3}" = CCC Help Turkish
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{71B6AC98-B3A3-441E-AB45-5196788EC6D4}" = Quest Installer Logging - Powered by Codesite
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F2A75584-A63E-4117-BE54-B155F68DE40B}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2010
"{90140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{9F7E4DF2-1795-99AD-CDD7-29F440B61088}" = CCC Help Hungarian
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A79846AB-AE6A-C993-71DF-99FF8E559613}" = CCC Help Chinese Traditional
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Czech
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF6CCCD-2C82-CF3F-58AD-1766D370622F}" = CCC Help French
"{B104C813-FB09-4B7B-B675-5EF0C176AF66}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{BA1EA42A-B02E-4210-882C-717416D96E65}" = STOPzilla
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C0116FFA-6568-B16B-09EF-01E97CEF89E9}" = CCC Help Chinese Standard
"{C501064B-0925-A417-D08B-A96C07D11E01}" = CCC Help Italian
"{CDF2096F-1FBD-C097-15BC-8BC64AF0B6F7}" = CCC Help Spanish
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{CE7AE690-57AF-286B-B022-A808D30F08F2}" = CCC Help Greek
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D9965E8E-496F-F5E4-D8FF-78FB7EBE6ABA}" = CCC Help Swedish
"{DA8B96DE-3FE5-2079-D33B-7152C13AFC73}" = CCC Help Portuguese
"{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}" = HP Support Assistant
"{E1625943-425A-6675-6A52-6AE98AC3080F}" = CCC Help Dutch
"{e2c0f584-41a0-4a0b-ada8-546aebee7b66}" = Knowledge Xpert Oracle Common
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E755FF48-9936-FE6B-3910-490DFB39F56D}" = Catalyst Control Center Graphics Previews Common
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{f34d9c22-0d2f-42ae-9780-7dbad467cc00}" = Knowledge Xpert
"{F70487C4-B639-5576-6DE1-2D2D790AC51A}" = CCC Help Russian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Convert XLS_is1" = Convert XLS
"DAEMON Tools Lite" = DAEMON Tools Lite
"HijackThis" = HijackThis 2.0.2
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"Knowledge Xpert" = Knowledge Xpert
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"Mozilla Firefox 7.0.1 (x86 cs)" = Mozilla Firefox 7.0.1 (x86 cs)
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"Office14.SharePointDesigner" = Microsoft SharePoint Designer 2010
"OfficeScanNT" = Trend Micro OfficeScan Client
"PDF Complete" = PDF Complete Special Edition
"PROPLUS" = Microsoft Office Professional Plus 2007
"Quest Installer" = Quest Installer
"Quest SQL Tuning" = Quest SQL Tuning for Oracle
"Samsung Universal Print Driver PS" = Samsung Universal Print Driver PS
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2011 2:07:04 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipexternal.wistron.com because it could not be
resolved.

Error - 11/10/2011 2:07:04 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipexternal.wistron.com because it could not be
resolved.

Error - 11/10/2011 2:07:47 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipinternal.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipinternal.wistron.com because it could not be
resolved.

Error - 11/10/2011 2:07:47 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipinternal.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipinternal.wistron.com because it could not be
resolved.

Error - 11/10/2011 2:07:47 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.wistron.com because it could not be resolved.

Error - 11/10/2011 2:07:47 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.wistron.com because it could not be resolved.

Error - 11/10/2011 2:07:47 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipexternal.wistron.com because it could not be
resolved.

Error - 11/10/2011 2:07:47 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipexternal.wistron.com because it could not be
resolved.

Error - 11/10/2011 2:08:59 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipinternal.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipinternal.wistron.com because it could not be
resolved.

Error - 11/10/2011 2:08:59 PM | Computer Name = c1107048x.wcz.wistron | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipinternal.wistron.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipinternal.wistron.com because it could not be
resolved.

[ Broadcom Wireless LAN Events ]
Error - 8/17/2011 7:08:25 AM | Computer Name = c1107048x.wcz.wistron | Source = WLAN-Tray | ID = 0
Description = 13:08:25, Wed, Aug 17, 11 Error - Unable to gain access to user store

Error - 9/19/2011 1:27:23 PM | Computer Name = c1107048x.wcz.wistron | Source = WLAN-Tray | ID = 0
Description = 19:27:22, Mon, Sep 19, 11 Error - Unable to gain access to user store

[ Hewlett-Packard Events ]
Error - 8/31/2011 3:20:22 AM | Computer Name = c1107048x.wcz.wistron | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081131092015.xml
File not created by asset agent

Error - 8/31/2011 3:20:24 AM | Computer Name = c1107048x.wcz.wistron | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081131092022.xml
File not created by asset agent

Error - 10/12/2011 3:35:00 AM | Computer Name = c1107048x.wcz.wistron | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101112093455.xml
File not created by asset agent

Error - 10/12/2011 3:35:33 AM | Computer Name = c1107048x.wcz.wistron | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101112093500.xml
File not created by asset agent

Error - 10/19/2011 2:18:56 AM | Computer Name = c1107048x.wcz.wistron | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101119081851.xml
File not created by asset agent

[ HP Connection Manager Events ]
Error - 11/14/2011 11:35:32 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:32.190|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:34 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:34.344|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:35 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:35.186|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:38 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:38.198|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:41 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:41.194|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:42 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:42.771|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:44 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:44.191|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:44 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:44.347|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:47 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:47.187|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2011 11:35:50 AM | Computer Name = c1107048x.wcz.wistron | Source = hpCMSrv | ID = 5
Description = 2011/11/14 16:35:50.199|00002214|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Power Assistant Events ]
Error - 9/20/2011 2:31:09 AM | Computer Name = c1107048x.wcz.wistron | Source = HP PA Service | ID = 1024
Description = An error occured in HP Power Assistant application, module [HistoryDB].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Some kind of disk I/O error occurred disk I/O errorDailyHistoricalFileManager

Error - 9/21/2011 2:55:19 AM | Computer Name = c1107048x.wcz.wistron | Source = HP PA Service | ID = 1024
Description = An error occured in HP Power Assistant application, module [HistoryDB].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Some kind of disk I/O error occurred disk I/O errorDailyHistoricalFileManager

Error - 11/7/2011 3:34:11 AM | Computer Name = c1107048x.wcz.wistron | Source = HP PA Service | ID = 1024
Description = An error occured in HP Power Assistant application, module [HistoryDB].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Some kind of disk I/O error occurred disk I/O errorDailyHistoricalFileManager

[ OSession Events ]
Error - 10/27/2011 2:20:25 PM | Computer Name = c1107048x.wcz.wistron | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/13/2011 5:50:30 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:50:30 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:50:30 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:50:33 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:50:33 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:50:33 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:50:33 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:50:33 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:50:33 PM | Computer Name = c1107048x.wcz.wistron | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/13/2011 5:58:02 PM | Computer Name = c1107048x.wcz.wistron | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain WCZ due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

< End of report >

#14 Příspěvek od **vyosek** » 15 lis 2011 08:52

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://czisa:8080/array.dll?Get.Routing.Script
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\restrictions present
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms] http in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms] https in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms-wks] http in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms-wks] https in Local intranet)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qcom - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{99e00a38-c7cb-11e0-b2bd-984be1ed0f2b}\Shell - "" = AutoRun
O37 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[2 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\wlansvc\Policies\*.tmp files -> C:\windows\wlansvc\Policies\*.tmp -> ]
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

puko · #15 Příspěvek od **puko** » 15 lis 2011 09:55

Dal jsem Opravit, neco to delalo, pak vyskocila hlaska:

Cannot create file C:\windows\System32\drivers\etc\Hosts.

a ted to vypada, ze OTL se zase seklo, dole v tom okynku je ted:

Reseting HOSTS file. DO NOT INTERUPT...

nijak jsem to zatim neprerusoval, ale uz to trva vice jak 5min, tak nevim, jestli neni neco spatne

Diky za radu

VIRY.CZ

Prosim o preventivku, diky :)

Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)

Re: Prosim o preventivku, diky :)