Prosim o kontrolu logu.
_________________________________________________________________
Logfile of random's system information tool 1.08 (written by random/random)
Run by Dukan at 2010-11-27 12:18:54
Microsoft Windows 7 Professional
System drive C: has 424 GB (92%) free of 459 GB
Total RAM: 3887 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:58, on 27.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\trend micro\Dukan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11973 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
winlogon.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 22816720
\??\C:\windows\system32\conhost.exe
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\windows\System32\spoolsv.exe
"C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe"
"c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2572
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
"taskhost.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" welcome=false splash=false view=standard pillar=PC_HEALTH_SECURITY
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Bluetooth®: Disabled
WLAN: Disabled</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_off.ico</IconPath><ID>1941632966</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "http://h30155.www3.hp.com/helpandsuppor ... AndBattery"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1072.109f62e0.1220938455 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 1072 plugin \\.\pipe\gecko-crash-server-pipe.1072
C:\windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 8467578A-8152-F05B-89B9-5B0312E21715 -Reinvoke
"C:\Users\Dukan\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForDukan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 2132232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 1471752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-04-05 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-26 2074408]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-04 196648]
""= []
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-04 483880]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-04-26 161304]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-04-26 386584]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-04-26 413208]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-17 487424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-03-06 563736]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2010-01-19 11266048]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2010-03-04 111640]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-07-12 74752]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-09-08 421888]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-04-21 269824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-11-27 12:18:54 ----D---- C:\rsit
2010-11-27 12:18:54 ----D---- C:\Program Files\trend micro
2010-11-27 11:18:15 ----D---- C:\Users\Dukan\AppData\Roaming\ICQ
2010-11-27 11:18:12 ----D---- C:\Program Files (x86)\ICQ7.2
2010-11-27 10:51:55 ----D---- C:\windows\SYSWOW64\Wat
2010-11-27 10:51:55 ----D---- C:\windows\system32\Wat
2010-11-27 01:45:47 ----A---- C:\windows\SYSWOW64\PresentationHostProxy.dll
2010-11-27 01:45:47 ----A---- C:\windows\SYSWOW64\PresentationHost.exe
2010-11-27 01:45:47 ----A---- C:\windows\SYSWOW64\netfxperf.dll
2010-11-27 01:45:47 ----A---- C:\windows\SYSWOW64\mscoree.dll
2010-11-27 01:45:47 ----A---- C:\windows\SYSWOW64\dfshim.dll
2010-11-27 01:45:47 ----A---- C:\windows\system32\PresentationHostProxy.dll
2010-11-27 01:45:47 ----A---- C:\windows\system32\PresentationHost.exe
2010-11-27 01:45:47 ----A---- C:\windows\system32\netfxperf.dll
2010-11-27 01:45:47 ----A---- C:\windows\system32\mscoree.dll
2010-11-27 01:45:47 ----A---- C:\windows\system32\dfshim.dll
2010-11-27 01:45:36 ----A---- C:\windows\system32\browserchoice.exe
2010-11-27 01:43:17 ----A---- C:\windows\system32\drivers\usbvideo.sys
2010-11-27 01:43:17 ----A---- C:\windows\system32\drivers\ks.sys
2010-11-27 00:48:54 ----A---- C:\windows\SYSWOW64\ntdll.dll
2010-11-27 00:48:54 ----A---- C:\windows\system32\ntdll.dll
2010-11-27 00:48:51 ----A---- C:\windows\SYSWOW64\t2embed.dll
2010-11-27 00:48:51 ----A---- C:\windows\system32\t2embed.dll
2010-11-27 00:48:49 ----A---- C:\windows\SYSWOW64\ole32.dll
2010-11-27 00:48:49 ----A---- C:\windows\system32\ole32.dll
2010-11-27 00:48:47 ----A---- C:\windows\SYSWOW64\StructuredQuery.dll
2010-11-27 00:48:47 ----A---- C:\windows\system32\StructuredQuery.dll
2010-11-27 00:48:37 ----A---- C:\windows\system32\shell32.dll
2010-11-27 00:48:36 ----A---- C:\windows\SYSWOW64\shell32.dll
2010-11-27 00:48:35 ----A---- C:\windows\system32\inetcomm.dll
2010-11-27 00:48:34 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2010-11-27 00:48:33 ----A---- C:\windows\SYSWOW64\CPFilters.dll
2010-11-27 00:48:33 ----A---- C:\windows\system32\CPFilters.dll
2010-11-27 00:48:32 ----A---- C:\windows\system32\msdri.dll
2010-11-27 00:48:24 ----A---- C:\windows\system32\drivers\tcpip.sys
2010-11-27 00:48:20 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2010-11-27 00:48:20 ----A---- C:\windows\system32\ntoskrnl.exe
2010-11-27 00:48:19 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2010-11-27 00:48:17 ----A---- C:\windows\SYSWOW64\schannel.dll
2010-11-27 00:48:17 ----A---- C:\windows\system32\schannel.dll
2010-11-27 00:48:16 ----A---- C:\windows\system32\rtutils.dll
2010-11-27 00:48:15 ----A---- C:\windows\SYSWOW64\rtutils.dll
2010-11-27 00:48:15 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2010-11-27 00:48:14 ----A---- C:\windows\system32\oleaut32.dll
2010-11-27 00:48:13 ----A---- C:\windows\SYSWOW64\comctl32.dll
2010-11-27 00:48:13 ----A---- C:\windows\system32\comctl32.dll
2010-11-27 00:48:01 ----A---- C:\windows\SYSWOW64\tzres.dll
2010-11-27 00:48:01 ----A---- C:\windows\system32\tzres.dll
2010-11-27 00:47:58 ----A---- C:\windows\system32\spoolsv.exe
2010-11-27 00:47:57 ----A---- C:\windows\SYSWOW64\iccvid.dll
2010-11-27 00:47:55 ----A---- C:\windows\system32\drivers\fvevol.sys
2010-11-27 00:47:55 ----A---- C:\windows\system32\cdd.dll
2010-11-27 00:47:43 ----A---- C:\windows\SYSWOW64\wmpmde.dll
2010-11-27 00:47:43 ----A---- C:\windows\system32\wmpmde.dll
2010-11-27 00:47:40 ----A---- C:\windows\system32\msxml3.dll
2010-11-27 00:47:39 ----A---- C:\windows\SYSWOW64\msxml3.dll
2010-11-27 00:47:33 ----A---- C:\windows\system32\drivers\Diskdump.sys
2010-11-27 00:47:31 ----A---- C:\windows\SYSWOW64\mfc40u.dll
2010-11-27 00:47:31 ----A---- C:\windows\SYSWOW64\mfc40.dll
2010-11-27 00:47:29 ----A---- C:\windows\system32\mshtml.dll
2010-11-27 00:47:28 ----A---- C:\windows\SYSWOW64\mshtml.dll
2010-11-27 00:47:27 ----A---- C:\windows\SYSWOW64\ieframe.dll
2010-11-27 00:47:27 ----A---- C:\windows\system32\ieframe.dll
2010-11-27 00:47:26 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2010-11-27 00:47:26 ----A---- C:\windows\SYSWOW64\iertutil.dll
2010-11-27 00:47:26 ----A---- C:\windows\system32\urlmon.dll
2010-11-27 00:47:26 ----A---- C:\windows\system32\msfeeds.dll
2010-11-27 00:47:26 ----A---- C:\windows\system32\iertutil.dll
2010-11-27 00:47:25 ----A---- C:\windows\SYSWOW64\wininet.dll
2010-11-27 00:47:25 ----A---- C:\windows\SYSWOW64\urlmon.dll
2010-11-27 00:47:25 ----A---- C:\windows\SYSWOW64\mstime.dll
2010-11-27 00:47:25 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2010-11-27 00:47:25 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2010-11-27 00:47:25 ----A---- C:\windows\SYSWOW64\iepeers.dll
2010-11-27 00:47:25 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2010-11-27 00:47:25 ----A---- C:\windows\system32\wininet.dll
2010-11-27 00:47:25 ----A---- C:\windows\system32\mshtmled.dll
2010-11-27 00:47:25 ----A---- C:\windows\system32\licmgr10.dll
2010-11-27 00:47:25 ----A---- C:\windows\system32\iepeers.dll
2010-11-27 00:47:25 ----A---- C:\windows\system32\iedkcs32.dll
2010-11-27 00:47:24 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2010-11-27 00:47:24 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2010-11-27 00:47:24 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2010-11-27 00:47:24 ----A---- C:\windows\SYSWOW64\ieui.dll
2010-11-27 00:47:24 ----A---- C:\windows\system32\mstime.dll
2010-11-27 00:47:24 ----A---- C:\windows\system32\msfeedssync.exe
2010-11-27 00:47:24 ----A---- C:\windows\system32\msfeedsbs.dll
2010-11-27 00:47:24 ----A---- C:\windows\system32\jsproxy.dll
2010-11-27 00:47:24 ----A---- C:\windows\system32\ieui.dll
2010-11-27 00:47:16 ----A---- C:\windows\system32\wmp.dll
2010-11-27 00:47:15 ----A---- C:\windows\SYSWOW64\wmp.dll
2010-11-27 00:47:14 ----A---- C:\windows\SYSWOW64\wmploc.DLL
2010-11-27 00:47:13 ----A---- C:\windows\SYSWOW64\sscore.dll
2010-11-27 00:47:13 ----A---- C:\windows\system32\wmploc.DLL
2010-11-27 00:47:13 ----A---- C:\windows\system32\srvsvc.dll
2010-11-27 00:47:13 ----A---- C:\windows\system32\drivers\srvnet.sys
2010-11-27 00:47:13 ----A---- C:\windows\system32\drivers\srv2.sys
2010-11-27 00:47:13 ----A---- C:\windows\system32\drivers\srv.sys
2010-11-27 00:47:12 ----A---- C:\windows\system32\win32k.sys
2010-11-27 00:11:34 ----D---- C:\Users\Dukan\AppData\Roaming\WinRAR
2010-11-27 00:10:43 ----D---- C:\Program Files\WinRAR
2010-11-27 00:07:48 ----D---- C:\ProgramData\Apple Computer
2010-11-27 00:07:48 ----D---- C:\Program Files (x86)\QuickTime
2010-11-27 00:06:56 ----D---- C:\ProgramData\Apple
2010-11-27 00:06:56 ----D---- C:\Program Files (x86)\Apple Software Update
2010-11-26 23:55:06 ----D---- C:\windows\system32\appmgmt
2010-11-26 23:51:23 ----D---- C:\Users\Dukan\AppData\Roaming\Roxio Log Files
2010-11-26 22:07:40 ----A---- C:\windows\system32\drivers\aswTdi.sys
2010-11-26 22:07:40 ----A---- C:\windows\system32\drivers\aswSP.sys
2010-11-26 22:07:40 ----A---- C:\windows\system32\drivers\aswRdr.sys
2010-11-26 22:07:40 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2010-11-26 22:07:40 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2010-11-26 22:07:23 ----N---- C:\windows\SYSWOW64\aswBoot.exe
2010-11-26 22:07:22 ----D---- C:\ProgramData\Alwil Software
2010-11-26 22:07:22 ----D---- C:\Program Files\Alwil Software
2010-11-26 22:02:57 ----D---- C:\ProgramData\Last.fm
2010-11-26 21:59:01 ----N---- C:\windows\SYSWOW64\D3DX9_42.dll
2010-11-26 21:58:41 ----D---- C:\Program Files (x86)\Winamp Detect
2010-11-26 21:58:35 ----D---- C:\Users\Dukan\AppData\Roaming\Winamp
2010-11-26 21:58:35 ----D---- C:\Program Files (x86)\Winamp
2010-11-26 21:46:32 ----D---- C:\Program Files (x86)\Last.fm
2010-11-26 21:41:23 ----D---- C:\Program Files\CCleaner
2010-11-26 21:38:47 ----D---- C:\Users\Dukan\AppData\Roaming\IrfanView
2010-11-26 21:38:47 ----D---- C:\Program Files (x86)\IrfanView
2010-11-26 19:47:01 ----D---- C:\Users\Dukan\AppData\Roaming\Mozilla
2010-11-26 19:46:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-11-26 12:23:22 ----D---- C:\Users\Dukan\AppData\Roaming\Macromedia
2010-11-26 00:12:02 ----D---- C:\windows\rescache
2010-11-26 00:06:54 ----ASH---- C:\pagefile.sys
2010-11-25 17:04:34 ----D---- C:\ProgramData\LightScribe
2010-11-25 16:37:50 ----A---- C:\windows\myClean.bat
2010-11-25 16:36:00 ----D---- C:\Intel
2010-11-25 16:35:15 ----D---- C:\Users\Dukan\AppData\Roaming\Identities
2010-11-25 16:24:15 ----D---- C:\Users\Dukan\AppData\Roaming\Adobe
2010-11-25 16:24:13 ----D---- C:\Users\Dukan\AppData\Roaming\Hewlett-Packard
2010-11-25 16:22:43 ----A---- C:\windows\system32\drivers\vpcvmm.sys
2010-11-25 16:20:55 ----SHD---- C:\HPMBackup
2010-11-25 16:20:05 ----D---- C:\Users\Dukan\AppData\Roaming\hpqLog
2010-11-25 16:19:02 ----D---- C:\ProgramData\WinZip
2010-11-25 16:18:37 ----D---- C:\Users\Dukan\AppData\Roaming\DigitalPersona
2010-11-25 16:18:22 ----SD---- C:\Users\Dukan\AppData\Roaming\Microsoft
2010-11-25 16:17:44 ----ASH---- C:\hiberfil.sys
======List of files/folders modified in the last 1 months======
2010-11-27 12:18:55 ----D---- C:\windows\Temp
2010-11-27 12:18:54 ----RD---- C:\Program Files
2010-11-27 12:10:06 ----D---- C:\windows\System32
2010-11-27 12:10:06 ----D---- C:\windows\inf
2010-11-27 12:10:06 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-11-27 11:18:12 ----RD---- C:\Program Files (x86)
2010-11-27 11:07:18 ----D---- C:\windows\system32\config
2010-11-27 11:00:16 ----RSD---- C:\windows\assembly
2010-11-27 11:00:16 ----D---- C:\windows\Microsoft.NET
2010-11-27 10:54:15 ----D---- C:\windows\winsxs
2010-11-27 10:54:12 ----D---- C:\ProgramData\HPQLOG
2010-11-27 10:53:59 ----A---- C:\windows\SYSWOW64\log.txt
2010-11-27 10:52:06 ----D---- C:\windows\SysWOW64
2010-11-27 10:52:05 ----D---- C:\Program Files\Internet Explorer
2010-11-27 10:52:05 ----D---- C:\Program Files (x86)\Internet Explorer
2010-11-27 10:52:03 ----D---- C:\windows\ehome
2010-11-27 10:52:03 ----D---- C:\Program Files\Windows Mail
2010-11-27 10:52:03 ----D---- C:\Program Files (x86)\Windows Mail
2010-11-27 10:52:02 ----D---- C:\windows\system32\drivers
2010-11-27 10:51:59 ----D---- C:\windows\SYSWOW64\cs-CZ
2010-11-27 10:51:59 ----D---- C:\windows\system32\cs-CZ
2010-11-27 10:51:58 ----D---- C:\windows\SYSWOW64\sl-SI
2010-11-27 10:51:58 ----D---- C:\windows\SYSWOW64\sk-SK
2010-11-27 10:51:58 ----D---- C:\windows\SYSWOW64\hr-HR
2010-11-27 10:51:58 ----D---- C:\windows\SYSWOW64\en-US
2010-11-27 10:51:58 ----D---- C:\windows\system32\sl-SI
2010-11-27 10:51:58 ----D---- C:\windows\system32\sk-SK
2010-11-27 10:51:58 ----D---- C:\windows\system32\hr-HR
2010-11-27 10:51:58 ----D---- C:\windows\system32\en-US
2010-11-27 10:51:55 ----D---- C:\windows\AppPatch
2010-11-27 10:51:54 ----D---- C:\windows\SYSWOW64\migration
2010-11-27 10:51:54 ----D---- C:\windows\system32\migration
2010-11-27 10:51:53 ----D---- C:\Program Files\Windows Media Player
2010-11-27 10:51:53 ----D---- C:\Program Files (x86)\Windows Media Player
2010-11-27 10:51:48 ----D---- C:\windows\system32\DriverStore
2010-11-27 10:50:55 ----D---- C:\ProgramData\Uninstall
2010-11-27 01:45:51 ----D---- C:\windows\system32\catroot
2010-11-27 01:44:23 ----D---- C:\windows\system32\catroot2
2010-11-27 01:43:06 ----SHD---- C:\System Volume Information
2010-11-27 00:13:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-27 00:08:04 ----SHD---- C:\windows\Installer
2010-11-27 00:07:48 ----HD---- C:\ProgramData
2010-11-27 00:07:01 ----D---- C:\Program Files (x86)\Common Files
2010-11-27 00:06:57 ----D---- C:\windows\system32\Tasks
2010-11-26 23:55:06 ----D---- C:\Windows
2010-11-26 23:53:10 ----RSD---- C:\windows\Fonts
2010-11-26 22:13:50 ----D---- C:\windows\Logs
2010-11-26 19:52:22 ----SD---- C:\ProgramData\Microsoft
2010-11-26 19:52:21 ----D---- C:\windows\system32\drivers\UMDF
2010-11-26 19:48:53 ----D---- C:\Program Files (x86)\Microsoft
2010-11-26 19:47:26 ----D---- C:\ProgramData\PDFC
2010-11-26 19:43:09 ----D---- C:\windows\Tasks
2010-11-26 19:05:17 ----HD---- C:\SYSTEM.SAV
2010-11-26 11:52:24 ----D---- C:\windows\Prefetch
2010-11-26 11:48:12 ----D---- C:\windows\system32\wdi
2010-11-26 00:07:30 ----D---- C:\windows\Panther
2010-11-25 16:39:20 ----D---- C:\Program Files\Common Files\McAfee
2010-11-25 16:35:13 ----SHD---- C:\$Recycle.Bin
2010-11-25 16:27:06 ----D---- C:\windows\SoftwareDistribution
2010-11-25 16:24:09 ----RD---- C:\Program Files (x86)\Online Services
2010-11-25 16:23:55 ----D---- C:\Program Files\Windows Sidebar
2010-11-25 16:23:55 ----D---- C:\Program Files (x86)\Windows Sidebar
2010-11-25 16:23:28 ----D---- C:\swsetup
2010-11-25 16:22:18 ----D---- C:\windows\SYSWOW64\drivers
2010-11-25 16:21:04 ----D---- C:\ProgramData\Hewlett-Packard
2010-11-25 16:21:00 ----D---- C:\Program Files\Hewlett-Packard
2010-11-25 16:18:21 ----RD---- C:\Users
2010-11-25 16:16:40 ----D---- C:\windows\system32\restore
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-08 409112]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-02-02 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-02-02 15688]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2010-09-07 28752]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2010-09-07 121936]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2010-09-07 51280]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-02-02 58184]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-10-22 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2009-12-01 359624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2010-09-07 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2010-01-21 1209856]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-10-22 3058168]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\windows\system32\DRIVERS\e1k62x64.sys [2010-01-07 295088]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-04-21 10326784]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-01-18 1803904]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-02-26 316464]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2010-10-22 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2010-10-22 95232]
R3 WinUSB;WinUSB Service; C:\windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2010-01-07 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2010-02-01 7675392]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-09-16 109056]
S3 storvsc;storvsc; C:\windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2010-01-21 16896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 873248]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-03-31 462088]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-04 268824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [2010-03-17 244736]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-04 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-02-08 230968]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-27 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Kontrola logu
Dobrý večer 
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Kontrola logu
Dobrý den.
Děkuji za zájem
___________________________________________
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5204
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.11.2010 14:10:02
mbam-log-2010-11-28 (14-10-02).txt
Scan type: Full scan (C:\|F:\|Q:\|)
Objects scanned: 272692
Time elapsed: 29 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Děkuji za zájem
___________________________________________
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5204
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.11.2010 14:10:02
mbam-log-2010-11-28 (14-10-02).txt
Scan type: Full scan (C:\|F:\|Q:\|)
Objects scanned: 272692
Time elapsed: 29 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Re: Kontrola logu
Jaké jsou s počítačem problémy?
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Kontrola logu
S počítačem žádné problémy nejsou
Žádám jen o preventivní kontrolu - abych případnému problému předešel.
Ještě jednou děkuji za Váš čas.
Žádám jen o preventivní kontrolu - abych případnému problému předešel.
Ještě jednou děkuji za Váš čas.
Re: Kontrola logu
OTL logfile created on: 11/29/2010 12:53:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dukan\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 411.38 Gb Free Space | 91.73% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.67% Space Free | Partition Type: FAT32
Computer Name: DUKAN-HP | User Name: Dukan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/11/29 12:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dukan\Desktop\OTL.exe
PRC - [2010/10/27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010/10/27 07:12:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 07:12:32 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/04 14:56:58 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/07/12 17:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2010/07/12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/06/14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
PRC - [2010/05/06 02:30:26 | 011,268,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2010/05/06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/31 00:04:46 | 000,629,000 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010/03/17 01:37:08 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/03/06 22:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/03/04 00:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/04 00:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/02/02 01:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/02/02 01:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2010/01/08 22:56:26 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/01/08 22:55:54 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (SafeList) ==========
MOD - [2010/11/29 12:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dukan\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/04/05 19:15:22 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2010/04/05 19:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/31 00:04:50 | 000,462,088 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/03/17 13:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/18 22:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/02/02 01:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2010/02/02 01:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2010/01/21 18:42:44 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/12/29 22:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/08 20:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/06/04 00:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2010/08/04 14:56:58 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/05/06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/17 01:37:08 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/03/06 22:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/03/04 00:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/04 00:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/02/18 22:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/08 22:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/12/07 19:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/11/27 14:50:07 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/27 14:45:48 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/22 15:42:56 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/10/22 15:42:56 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/10/22 15:42:56 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/09/16 19:00:23 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/12 09:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/05/12 09:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/21 20:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/17 13:48:42 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/16 20:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/01 20:12:14 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/01/21 18:42:48 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/18 23:34:18 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/12/11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/12/01 18:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/10/29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/10/26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/10/21 21:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/08 20:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 20:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/02/02 01:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/02 01:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/02/02 01:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/02/02 01:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKU\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-4232791037-752211120-959289193-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4238
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/16 18:33:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/27 00:08:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/27 00:08:01 | 000,000,000 | ---D | M]
[2010/11/26 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Extensions
[2010/11/28 00:04:42 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/11/27 13:08:14 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (BBCode) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/27 12:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\abhere2@moztw.org
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\add-to-searchbox@maltekraus.de
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\development@add-art.org
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\igoogletabremover@david.rubin
[2010/11/26 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\mhctwsa1.default\extensions
[2010/11/26 19:57:33 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\mhctwsa1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/11/26 19:46:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/10/27 06:19:36 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/10/27 06:19:36 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/10/27 06:19:36 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/10/27 06:19:36 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/10/27 06:19:36 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2010/11/29 12:52:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dukan\Desktop\OTL.exe
[2010/11/29 12:47:47 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Documents\Medicine
[2010/11/28 23:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Documents\Winamp_Backup
[2010/11/28 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Backup Tool
[2010/11/28 22:53:45 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Roxio
[2010/11/28 17:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/28 17:01:17 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Apple Computer
[2010/11/28 16:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/11/28 13:34:42 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Malwarebytes
[2010/11/28 13:34:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/28 13:34:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/11/28 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/28 13:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/28 13:31:18 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dukan\Desktop\mbam-setup-1.46.exe
[2010/11/27 22:50:32 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\ElevatedDiagnostics
[2010/11/27 22:46:41 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Desktop\Kings od Convenience
[2010/11/27 22:43:56 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Diagnostics
[2010/11/27 22:17:12 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\SoftGrid Client
[2010/11/27 22:17:11 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\SoftGrid Client
[2010/11/27 22:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/11/27 22:16:22 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2010/11/27 22:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/27 22:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2010/11/27 22:16:12 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\TP
[2010/11/27 14:58:51 | 000,000,000 | ---D | C] -- C:\DATA
[2010/11/27 14:50:45 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\pt
[2010/11/27 14:50:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pt
[2010/11/27 14:50:09 | 001,379,376 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\drivers\SynTP.sys
[2010/11/27 14:50:09 | 000,400,168 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynCOM.dll
[2010/11/27 14:50:09 | 000,270,632 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynCtrl.dll
[2010/11/27 14:50:09 | 000,215,336 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPAPI.dll
[2010/11/27 14:50:09 | 000,214,312 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCtrl.dll
[2010/11/27 14:50:09 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCOM.dll
[2010/11/27 14:50:09 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPCo4.dll
[2010/11/27 14:50:09 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynTPCOM.dll
[2010/11/27 14:49:05 | 000,107,912 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys
[2010/11/27 14:49:05 | 000,027,016 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys
[2010/11/27 14:49:04 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2010/11/27 14:49:04 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2010/11/27 14:49:04 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2010/11/27 14:48:07 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\evr.dll
[2010/11/27 14:48:07 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\evr.dll
[2010/11/27 12:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/11/27 12:18:54 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/27 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\ICQ
[2010/11/27 11:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010/11/27 10:51:55 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2010/11/27 10:51:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2010/11/27 01:45:47 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll
[2010/11/27 01:45:47 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll
[2010/11/27 01:45:47 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe
[2010/11/27 01:45:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe
[2010/11/27 01:45:47 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll
[2010/11/27 01:45:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll
[2010/11/27 01:45:47 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll
[2010/11/27 01:45:47 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll
[2010/11/27 01:45:36 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2010/11/27 01:36:27 | 000,000,000 | ---D | C] -- C:\Users\Dukan\dwhelper
[2010/11/27 00:48:54 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2010/11/27 00:48:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\t2embed.dll
[2010/11/27 00:48:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\t2embed.dll
[2010/11/27 00:48:49 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll
[2010/11/27 00:48:47 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\StructuredQuery.dll
[2010/11/27 00:48:33 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll
[2010/11/27 00:48:33 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll
[2010/11/27 00:48:33 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax
[2010/11/27 00:48:32 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdri.dll
[2010/11/27 00:48:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax
[2010/11/27 00:48:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax
[2010/11/27 00:48:32 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax
[2010/11/27 00:48:20 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2010/11/27 00:48:20 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2010/11/27 00:48:19 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2010/11/27 00:48:16 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rtutils.dll
[2010/11/27 00:48:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rtutils.dll
[2010/11/27 00:48:14 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2010/11/27 00:48:13 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2010/11/27 00:47:57 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\SysWow64\iccvid.dll
[2010/11/27 00:47:55 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2010/11/27 00:47:43 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2010/11/27 00:47:43 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmpmde.dll
[2010/11/27 00:47:33 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2010/11/27 00:47:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc40.dll
[2010/11/27 00:47:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc40u.dll
[2010/11/27 00:47:26 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2010/11/27 00:47:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeeds.dll
[2010/11/27 00:47:25 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2010/11/27 00:47:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2010/11/27 00:47:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2010/11/27 00:47:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2010/11/27 00:47:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2010/11/27 00:47:24 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2010/11/27 00:47:24 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2010/11/27 00:47:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2010/11/27 00:47:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2010/11/27 00:47:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2010/11/27 00:47:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2010/11/27 00:47:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2010/11/27 00:47:16 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2010/11/27 00:47:15 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2010/11/27 00:47:14 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2010/11/27 00:47:13 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2010/11/27 00:47:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll
[2010/11/27 00:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\AOL
[2010/11/27 00:11:34 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\WinRAR
[2010/11/27 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/27 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/11/27 00:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/27 00:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/11/27 00:06:57 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Apple
[2010/11/27 00:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/11/27 00:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/26 23:55:06 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2010/11/26 23:51:23 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Roxio Log Files
[2010/11/26 22:07:40 | 000,121,936 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2010/11/26 22:07:40 | 000,061,008 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2010/11/26 22:07:40 | 000,051,280 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2010/11/26 22:07:40 | 000,028,752 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2010/11/26 22:07:40 | 000,020,048 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2010/11/26 22:07:23 | 000,167,592 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2010/11/26 22:07:23 | 000,038,848 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2010/11/26 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/11/26 22:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/26 22:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/11/26 21:59:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2010/11/26 21:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/11/26 21:58:35 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Winamp
[2010/11/26 21:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/11/26 21:46:34 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Last.fm
[2010/11/26 21:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2010/11/26 21:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/26 21:38:47 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\IrfanView
[2010/11/26 21:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2010/11/26 19:52:47 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Documents\backup_firefox
[2010/11/26 19:47:01 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Mozilla
[2010/11/26 19:47:01 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Mozilla
[2010/11/26 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/26 12:23:22 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Macromedia
[2010/11/26 00:12:02 | 000,000,000 | ---D | C] -- C:\windows\rescache
[2010/11/25 17:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/11/25 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Broadcom
[2010/11/25 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Documents\Bluetooth Exchange Folder
[2010/11/25 16:36:09 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\PDFC
[2010/11/25 16:36:00 | 000,000,000 | ---D | C] -- C:\Intel
[2010/11/25 16:35:21 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Virtual Machines
[2010/11/25 16:35:21 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Searches
[2010/11/25 16:35:21 | 000,000,000 | -H-D | C] -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/25 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Identities
[2010/11/25 16:35:13 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Contacts
[2010/11/25 16:35:11 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\VirtualStore
[2010/11/25 16:24:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Adobe
[2010/11/25 16:24:13 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Hewlett-Packard
[2010/11/25 16:22:43 | 000,359,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\vpcvmm.sys
[2010/11/25 16:21:04 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Hewlett-Packard
[2010/11/25 16:20:55 | 000,000,000 | -HSD | C] -- C:\HPMBackup
[2010/11/25 16:20:05 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\hpqLog
[2010/11/25 16:19:45 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Downloaded Installations
[2010/11/25 16:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/11/25 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\DigitalPersona
[2010/11/25 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\DigitalPersona
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\AppData\Local\Temporary Internet Files
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Templates
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Start Menu
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\SendTo
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Recent
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\PrintHood
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\NetHood
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Documents\My Videos
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Documents\My Pictures
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Documents\My Music
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\My Documents
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Local Settings
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\AppData\Local\History
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Cookies
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Application Data
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\AppData\Local\Application Data
[2010/11/25 16:18:22 | 000,000,000 | --SD | C] -- C:\Users\Dukan\AppData\Roaming\Microsoft
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Videos
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Saved Games
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Pictures
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Music
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Links
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Favorites
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Downloads
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\My Documents
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Desktop
[2010/11/25 16:18:22 | 000,000,000 | -H-D | C] -- C:\Users\Dukan\AppData
[2010/11/25 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Temp
[2010/11/25 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Microsoft
[2010/10/22 15:00:24 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dukan\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 411.38 Gb Free Space | 91.73% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.67% Space Free | Partition Type: FAT32
Computer Name: DUKAN-HP | User Name: Dukan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/11/29 12:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dukan\Desktop\OTL.exe
PRC - [2010/10/27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010/10/27 07:12:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 07:12:32 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/04 14:56:58 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/07/12 17:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2010/07/12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/06/14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
PRC - [2010/05/06 02:30:26 | 011,268,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2010/05/06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/31 00:04:46 | 000,629,000 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010/03/17 01:37:08 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/03/06 22:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/03/04 00:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/04 00:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/02/02 01:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/02/02 01:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2010/01/08 22:56:26 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/01/08 22:55:54 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (SafeList) ==========
MOD - [2010/11/29 12:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dukan\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/04/05 19:15:22 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2010/04/05 19:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/31 00:04:50 | 000,462,088 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/03/17 13:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/18 22:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/02/02 01:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2010/02/02 01:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2010/01/21 18:42:44 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/12/29 22:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/08 20:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/06/04 00:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2010/08/04 14:56:58 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/05/06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/17 01:37:08 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/03/06 22:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/03/04 00:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/04 00:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/02/18 22:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/08 22:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/12/07 19:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/11/27 14:50:07 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/27 14:45:48 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/22 15:42:56 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/10/22 15:42:56 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/10/22 15:42:56 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/09/16 19:00:23 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/12 09:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/05/12 09:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/21 20:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/17 13:48:42 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/16 20:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/01 20:12:14 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/01/21 18:42:48 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/18 23:34:18 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/12/11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/12/01 18:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/10/29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/10/26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/10/21 21:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/08 20:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 20:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/02/02 01:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/02 01:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/02/02 01:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/02/02 01:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKU\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-4232791037-752211120-959289193-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4238
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/16 18:33:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/27 00:08:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/27 00:08:01 | 000,000,000 | ---D | M]
[2010/11/26 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Extensions
[2010/11/28 00:04:42 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/11/27 13:08:14 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (BBCode) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/27 12:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\abhere2@moztw.org
[2010/11/26 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\add-to-searchbox@maltekraus.de
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\development@add-art.org
[2010/11/26 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\igoogletabremover@david.rubin
[2010/11/26 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\mhctwsa1.default\extensions
[2010/11/26 19:57:33 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\mhctwsa1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/11/26 19:46:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/10/27 06:19:36 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/10/27 06:19:36 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/10/27 06:19:36 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/10/27 06:19:36 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/10/27 06:19:36 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2010/11/29 12:52:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dukan\Desktop\OTL.exe
[2010/11/29 12:47:47 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Documents\Medicine
[2010/11/28 23:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Documents\Winamp_Backup
[2010/11/28 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Backup Tool
[2010/11/28 22:53:45 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Roxio
[2010/11/28 17:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/28 17:01:17 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Apple Computer
[2010/11/28 16:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/11/28 13:34:42 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Malwarebytes
[2010/11/28 13:34:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/28 13:34:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/11/28 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/28 13:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/28 13:31:18 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dukan\Desktop\mbam-setup-1.46.exe
[2010/11/27 22:50:32 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\ElevatedDiagnostics
[2010/11/27 22:46:41 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Desktop\Kings od Convenience
[2010/11/27 22:43:56 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Diagnostics
[2010/11/27 22:17:12 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\SoftGrid Client
[2010/11/27 22:17:11 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\SoftGrid Client
[2010/11/27 22:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/11/27 22:16:22 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2010/11/27 22:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/27 22:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2010/11/27 22:16:12 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\TP
[2010/11/27 14:58:51 | 000,000,000 | ---D | C] -- C:\DATA
[2010/11/27 14:50:45 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\pt
[2010/11/27 14:50:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pt
[2010/11/27 14:50:09 | 001,379,376 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\drivers\SynTP.sys
[2010/11/27 14:50:09 | 000,400,168 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynCOM.dll
[2010/11/27 14:50:09 | 000,270,632 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynCtrl.dll
[2010/11/27 14:50:09 | 000,215,336 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPAPI.dll
[2010/11/27 14:50:09 | 000,214,312 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCtrl.dll
[2010/11/27 14:50:09 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCOM.dll
[2010/11/27 14:50:09 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPCo4.dll
[2010/11/27 14:50:09 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\windows\SysWow64\SynTPCOM.dll
[2010/11/27 14:49:05 | 000,107,912 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys
[2010/11/27 14:49:05 | 000,027,016 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys
[2010/11/27 14:49:04 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2010/11/27 14:49:04 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2010/11/27 14:49:04 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2010/11/27 14:48:07 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\evr.dll
[2010/11/27 14:48:07 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\evr.dll
[2010/11/27 12:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/11/27 12:18:54 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/27 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\ICQ
[2010/11/27 11:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010/11/27 10:51:55 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2010/11/27 10:51:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2010/11/27 01:45:47 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll
[2010/11/27 01:45:47 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll
[2010/11/27 01:45:47 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe
[2010/11/27 01:45:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe
[2010/11/27 01:45:47 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll
[2010/11/27 01:45:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll
[2010/11/27 01:45:47 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll
[2010/11/27 01:45:47 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll
[2010/11/27 01:45:36 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2010/11/27 01:36:27 | 000,000,000 | ---D | C] -- C:\Users\Dukan\dwhelper
[2010/11/27 00:48:54 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2010/11/27 00:48:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\t2embed.dll
[2010/11/27 00:48:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\t2embed.dll
[2010/11/27 00:48:49 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll
[2010/11/27 00:48:47 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\StructuredQuery.dll
[2010/11/27 00:48:33 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll
[2010/11/27 00:48:33 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll
[2010/11/27 00:48:33 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax
[2010/11/27 00:48:32 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdri.dll
[2010/11/27 00:48:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax
[2010/11/27 00:48:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax
[2010/11/27 00:48:32 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax
[2010/11/27 00:48:20 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2010/11/27 00:48:20 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2010/11/27 00:48:19 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2010/11/27 00:48:16 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rtutils.dll
[2010/11/27 00:48:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rtutils.dll
[2010/11/27 00:48:14 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2010/11/27 00:48:13 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2010/11/27 00:47:57 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\SysWow64\iccvid.dll
[2010/11/27 00:47:55 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2010/11/27 00:47:43 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2010/11/27 00:47:43 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmpmde.dll
[2010/11/27 00:47:33 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2010/11/27 00:47:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc40.dll
[2010/11/27 00:47:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc40u.dll
[2010/11/27 00:47:26 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2010/11/27 00:47:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeeds.dll
[2010/11/27 00:47:25 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2010/11/27 00:47:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2010/11/27 00:47:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2010/11/27 00:47:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2010/11/27 00:47:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2010/11/27 00:47:24 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2010/11/27 00:47:24 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2010/11/27 00:47:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2010/11/27 00:47:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2010/11/27 00:47:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2010/11/27 00:47:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2010/11/27 00:47:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2010/11/27 00:47:16 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2010/11/27 00:47:15 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2010/11/27 00:47:14 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2010/11/27 00:47:13 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2010/11/27 00:47:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll
[2010/11/27 00:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\AOL
[2010/11/27 00:11:34 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\WinRAR
[2010/11/27 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/27 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/11/27 00:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/27 00:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/11/27 00:06:57 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Apple
[2010/11/27 00:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/11/27 00:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/26 23:55:06 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2010/11/26 23:51:23 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Roxio Log Files
[2010/11/26 22:07:40 | 000,121,936 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2010/11/26 22:07:40 | 000,061,008 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2010/11/26 22:07:40 | 000,051,280 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2010/11/26 22:07:40 | 000,028,752 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2010/11/26 22:07:40 | 000,020,048 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2010/11/26 22:07:23 | 000,167,592 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2010/11/26 22:07:23 | 000,038,848 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2010/11/26 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/11/26 22:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/26 22:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/11/26 21:59:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2010/11/26 21:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/11/26 21:58:35 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Winamp
[2010/11/26 21:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/11/26 21:46:34 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Last.fm
[2010/11/26 21:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2010/11/26 21:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/26 21:38:47 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\IrfanView
[2010/11/26 21:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2010/11/26 19:52:47 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Documents\backup_firefox
[2010/11/26 19:47:01 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Mozilla
[2010/11/26 19:47:01 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Mozilla
[2010/11/26 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/26 12:23:22 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Macromedia
[2010/11/26 00:12:02 | 000,000,000 | ---D | C] -- C:\windows\rescache
[2010/11/25 17:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/11/25 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Broadcom
[2010/11/25 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\Documents\Bluetooth Exchange Folder
[2010/11/25 16:36:09 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\PDFC
[2010/11/25 16:36:00 | 000,000,000 | ---D | C] -- C:\Intel
[2010/11/25 16:35:21 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Virtual Machines
[2010/11/25 16:35:21 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Searches
[2010/11/25 16:35:21 | 000,000,000 | -H-D | C] -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/25 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Identities
[2010/11/25 16:35:13 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Contacts
[2010/11/25 16:35:11 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\VirtualStore
[2010/11/25 16:24:15 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Adobe
[2010/11/25 16:24:13 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\Hewlett-Packard
[2010/11/25 16:22:43 | 000,359,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\vpcvmm.sys
[2010/11/25 16:21:04 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Hewlett-Packard
[2010/11/25 16:20:55 | 000,000,000 | -HSD | C] -- C:\HPMBackup
[2010/11/25 16:20:05 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\hpqLog
[2010/11/25 16:19:45 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Downloaded Installations
[2010/11/25 16:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/11/25 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Roaming\DigitalPersona
[2010/11/25 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\DigitalPersona
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\AppData\Local\Temporary Internet Files
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Templates
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Start Menu
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\SendTo
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Recent
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\PrintHood
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\NetHood
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Documents\My Videos
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Documents\My Pictures
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Documents\My Music
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\My Documents
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Local Settings
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\AppData\Local\History
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Cookies
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\Application Data
[2010/11/25 16:18:23 | 000,000,000 | -HSD | C] -- C:\Users\Dukan\AppData\Local\Application Data
[2010/11/25 16:18:22 | 000,000,000 | --SD | C] -- C:\Users\Dukan\AppData\Roaming\Microsoft
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Videos
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Saved Games
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Pictures
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Music
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Links
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Favorites
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Downloads
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\My Documents
[2010/11/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Users\Dukan\Desktop
[2010/11/25 16:18:22 | 000,000,000 | -H-D | C] -- C:\Users\Dukan\AppData
[2010/11/25 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Temp
[2010/11/25 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Dukan\AppData\Local\Microsoft
[2010/10/22 15:00:24 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
Re: Kontrola logu
========== Files - Modified Within 30 Days ==========
[2010/11/29 12:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dukan\Desktop\OTL.exe
[2010/11/29 12:46:49 | 001,447,246 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/11/29 12:46:49 | 000,624,718 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2010/11/29 12:46:49 | 000,608,172 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/11/29 12:46:49 | 000,119,586 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2010/11/29 12:46:49 | 000,104,292 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/11/29 12:23:01 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 12:23:01 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 12:15:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/29 12:15:22 | 4076,265,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/28 17:16:52 | 001,475,014 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/28 14:58:43 | 000,328,330 | ---- | M] () -- C:\Users\Dukan\Desktop\qjd81ghc3109l8ib3dqp.jpg
[2010/11/28 14:58:06 | 000,209,439 | ---- | M] () -- C:\Users\Dukan\Desktop\eat_shit_food.png
[2010/11/28 14:08:38 | 000,238,754 | ---- | M] () -- C:\Users\Dukan\Desktop\screen.jpg
[2010/11/28 13:31:23 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dukan\Desktop\mbam-setup-1.46.exe
[2010/11/27 22:08:34 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForDukan.job
[2010/11/27 14:50:48 | 000,000,473 | ---- | M] () -- C:\windows\SysNative\MAPISVC.INF
[2010/11/27 14:50:47 | 000,000,976 | ---- | M] () -- C:\windows\SysWow64\mapisvc.inf
[2010/11/27 14:50:07 | 001,379,376 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\drivers\SynTP.sys
[2010/11/27 14:50:07 | 000,400,168 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\SynCOM.dll
[2010/11/27 14:50:07 | 000,270,632 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\SynCtrl.dll
[2010/11/27 14:50:07 | 000,215,336 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPAPI.dll
[2010/11/27 14:50:07 | 000,214,312 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCtrl.dll
[2010/11/27 14:50:07 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCOM.dll
[2010/11/27 14:50:07 | 000,147,752 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPCo4.dll
[2010/11/27 14:50:07 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysWow64\SynTPCOM.dll
[2010/11/27 14:47:19 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 6450b_Y5336AN_0U_QCNU0424D1K_E626214-222_4A_I146D_SHP_V73.11_68CDE F.02_T100810_WU48-0_L409_M3888_J500_7Intel_8655_92.40_#100916_N808610EB;14E44727_(WD777EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2010/11/27 14:47:19 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 6450b_Y5336AN_0U_QCNU0424D1K_E626214-222_4A_I146D_SHP_V73.11_68CDE F.02_T100810_WU48-0_L409_M3888_J500_7Intel_8655_92.40_#100916_N808610EB;14E44727_(WD777EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2010/11/27 14:46:27 | 001,049,314 | ---- | M] () -- C:\windows\SysNative\oem39.inf
[2010/11/27 14:45:48 | 003,891,200 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmihvsrv64.dll
[2010/11/27 14:45:48 | 003,555,840 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmihvui64.dll
[2010/11/27 14:45:48 | 003,063,360 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\BCMWL664.SYS
[2010/11/27 14:45:48 | 000,095,544 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmwlcoi.dll
[2010/11/27 14:45:48 | 000,006,656 | ---- | M] () -- C:\windows\SysNative\bcmwlrc.dll
[2010/11/27 10:53:46 | 000,276,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/11/27 00:27:41 | 000,025,788 | ---- | M] () -- C:\Users\Dukan\Desktop\fullscreencapture280720.jpg
[2010/11/26 23:46:59 | 000,324,751 | ---- | M] () -- C:\Users\Dukan\Desktop\bckround.jpg
[2010/11/26 23:05:09 | 001,698,455 | ---- | M] () -- C:\Users\Dukan\Desktop\Skins_3___Effy_by_theravenbard.gif
[2010/11/26 22:07:40 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2010/11/26 21:59:02 | 000,001,003 | ---- | M] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/11/26 21:55:24 | 001,096,372 | ---- | M] () -- C:\Users\Dukan\Desktop\WinampBackupToolSetup.exe
[2010/11/26 21:41:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/26 21:38:54 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/11/26 20:10:21 | 000,789,481 | ---- | M] () -- C:\Users\Dukan\Desktop\wti29x.jpg
[2010/11/26 19:52:21 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/26 19:46:51 | 000,001,963 | ---- | M] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/26 19:46:51 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/26 12:05:22 | 000,007,605 | ---- | M] () -- C:\Users\Dukan\AppData\Local\Resmon.ResmonCfg
[2010/11/26 00:12:23 | 000,040,833 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2010/11/26 00:12:23 | 000,040,833 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2010/11/25 17:12:06 | 000,001,437 | ---- | M] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/25 16:37:06 | 000,002,059 | ---- | M] () -- C:\windows\SysNative\Config.MPF
========== Files Created - No Company Name ==========
[2010/11/28 15:08:58 | 000,032,256 | ---- | C] () -- C:\Users\Dukan\Desktop\eduroam-cuni.exe
[2010/11/28 14:58:42 | 000,328,330 | ---- | C] () -- C:\Users\Dukan\Desktop\qjd81ghc3109l8ib3dqp.jpg
[2010/11/28 14:58:05 | 000,209,439 | ---- | C] () -- C:\Users\Dukan\Desktop\eat_shit_food.png
[2010/11/28 14:08:38 | 000,238,754 | ---- | C] () -- C:\Users\Dukan\Desktop\screen.jpg
[2010/11/27 22:16:33 | 001,475,014 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/27 14:50:48 | 000,000,473 | ---- | C] () -- C:\windows\SysNative\MAPISVC.INF
[2010/11/27 14:46:33 | 001,049,314 | ---- | C] () -- C:\windows\SysNative\oem39.inf
[2010/11/26 23:46:59 | 000,324,751 | ---- | C] () -- C:\Users\Dukan\Desktop\bckround.jpg
[2010/11/26 23:05:09 | 001,698,455 | ---- | C] () -- C:\Users\Dukan\Desktop\Skins_3___Effy_by_theravenbard.gif
[2010/11/26 22:07:39 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2010/11/26 21:59:02 | 000,001,003 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/11/26 21:55:24 | 001,096,372 | ---- | C] () -- C:\Users\Dukan\Desktop\WinampBackupToolSetup.exe
[2010/11/26 21:41:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/26 21:38:54 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/11/26 20:11:36 | 000,025,788 | ---- | C] () -- C:\Users\Dukan\Desktop\fullscreencapture280720.jpg
[2010/11/26 20:10:20 | 000,789,481 | ---- | C] () -- C:\Users\Dukan\Desktop\wti29x.jpg
[2010/11/26 19:52:21 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/26 19:46:51 | 000,001,963 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/26 19:46:51 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/26 12:05:22 | 000,007,605 | ---- | C] () -- C:\Users\Dukan\AppData\Local\Resmon.ResmonCfg
[2010/11/25 17:12:06 | 000,001,437 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/25 16:37:50 | 000,000,384 | ---- | C] () -- C:\windows\myClean.bat
[2010/11/25 16:35:04 | 000,000,332 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForDukan.job
[2010/11/25 16:18:42 | 000,000,000 | RHS- | C] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 6450b_Y5336AN_0U_QCNU0424D1K_E626214-222_4A_I146D_SHP_V73.11_68CDE F.02_T100810_WU48-0_L409_M3888_J500_7Intel_8655_92.40_#100916_N808610EB;14E44727_(WD777EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2010/11/25 16:18:42 | 000,000,000 | RHS- | C] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 6450b_Y5336AN_0U_QCNU0424D1K_E626214-222_4A_I146D_SHP_V73.11_68CDE F.02_T100810_WU48-0_L409_M3888_J500_7Intel_8655_92.40_#100916_N808610EB;14E44727_(WD777EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2010/11/25 16:18:22 | 000,000,290 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/25 16:18:22 | 000,000,272 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/25 16:17:44 | 4076,265,472 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/22 15:00:24 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/09/16 19:09:26 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wddbhie.sys
[2010/09/16 18:43:01 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010/09/16 18:36:13 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2010/04/21 19:22:50 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/04/21 19:22:50 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/04/01 20:07:18 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2010/03/31 00:04:50 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2010/03/31 00:04:50 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2010/03/31 00:04:48 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2010/03/31 00:04:48 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2010/03/31 00:04:48 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2010/02/19 17:43:00 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2010/02/10 02:58:12 | 000,012,800 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/12/07 19:36:18 | 000,329,272 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/11/25 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\DigitalPersona
[2010/11/27 14:04:29 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\ICQ
[2010/11/26 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\IrfanView
[2010/11/28 00:16:29 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\SoftGrid Client
[2010/11/27 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\TP
[2009/07/14 06:08:49 | 000,006,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 02:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010/11/25 16:24:15 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Adobe
[2010/11/25 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\DigitalPersona
[2010/11/27 14:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Hewlett-Packard
[2010/11/25 16:20:05 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\hpqLog
[2010/11/27 14:04:29 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\ICQ
[2010/11/25 16:35:15 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Identities
[2010/11/26 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\IrfanView
[2010/11/27 12:49:55 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Macromedia
[2010/11/28 13:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Malwarebytes
[2010/11/28 16:52:17 | 000,000,000 | --SD | M] -- C:\Users\Dukan\AppData\Roaming\Microsoft
[2010/11/26 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla
[2010/11/26 23:51:23 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Roxio Log Files
[2010/11/28 00:16:29 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\SoftGrid Client
[2010/11/27 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\TP
[2010/11/28 23:43:24 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Winamp
[2010/11/27 00:11:47 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010/04/18 15:33:56 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2010/04/18 15:33:56 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/09/16 18:54:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/09/16 18:54:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/09/16 18:54:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/09/16 18:48:26 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/09/16 18:54:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/09/16 18:54:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/16 18:48:26 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/09/16 18:54:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/16 18:48:26 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/16 18:54:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/09/16 18:48:26 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009/09/01 07:34:28 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=01B586A0B8C8D860457892F80B85A5CD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16416_none_076a95ef732190e3\hal.dll
[2009/09/01 08:03:17 | 000,263,240 | ---- | M] (Microsoft Corporation) MD5=514D418248FECD24D96E7219162BDFDD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20519_none_07f733988c3c7cb2\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTOR.SYS >
[2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5db459a8209eb08e\iaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_9ec067702a498bab\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010/05/12 09:50:49 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=491E3CF1A4F0869E32197E34603B9BE1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010/06/14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/16 18:54:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/16 18:54:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010/11/26 22:07:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\config.nt
[2010/11/27 16:36:58 | 000,000,052 | ---- | M] () -- C:\Windows\SysWOW64\DOErrors.log
[2010/11/29 12:15:45 | 000,000,018 | ---- | M] () -- C:\Windows\SysWOW64\log.txt
[2010/11/27 14:50:47 | 000,000,976 | ---- | M] () -- C:\Windows\SysWOW64\mapisvc.inf
[2010/11/28 17:16:52 | 001,475,014 | ---- | M] () -- C:\Windows\SysWOW64\PerfStringBackup.INI
[2010/11/27 14:50:07 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWOW64\SynCOM.dll
[2010/11/27 14:50:07 | 000,214,312 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWOW64\SynCtrl.dll
[2010/11/27 14:50:07 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWOW64\SynTPCOM.dll
< CREATERESTOREPOIN >
< End of report >
[2010/11/29 12:52:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dukan\Desktop\OTL.exe
[2010/11/29 12:46:49 | 001,447,246 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/11/29 12:46:49 | 000,624,718 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2010/11/29 12:46:49 | 000,608,172 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/11/29 12:46:49 | 000,119,586 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2010/11/29 12:46:49 | 000,104,292 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/11/29 12:23:01 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 12:23:01 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 12:15:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/29 12:15:22 | 4076,265,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/28 17:16:52 | 001,475,014 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/28 14:58:43 | 000,328,330 | ---- | M] () -- C:\Users\Dukan\Desktop\qjd81ghc3109l8ib3dqp.jpg
[2010/11/28 14:58:06 | 000,209,439 | ---- | M] () -- C:\Users\Dukan\Desktop\eat_shit_food.png
[2010/11/28 14:08:38 | 000,238,754 | ---- | M] () -- C:\Users\Dukan\Desktop\screen.jpg
[2010/11/28 13:31:23 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dukan\Desktop\mbam-setup-1.46.exe
[2010/11/27 22:08:34 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForDukan.job
[2010/11/27 14:50:48 | 000,000,473 | ---- | M] () -- C:\windows\SysNative\MAPISVC.INF
[2010/11/27 14:50:47 | 000,000,976 | ---- | M] () -- C:\windows\SysWow64\mapisvc.inf
[2010/11/27 14:50:07 | 001,379,376 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\drivers\SynTP.sys
[2010/11/27 14:50:07 | 000,400,168 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\SynCOM.dll
[2010/11/27 14:50:07 | 000,270,632 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\SynCtrl.dll
[2010/11/27 14:50:07 | 000,215,336 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPAPI.dll
[2010/11/27 14:50:07 | 000,214,312 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCtrl.dll
[2010/11/27 14:50:07 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysWow64\SynCOM.dll
[2010/11/27 14:50:07 | 000,147,752 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysNative\SynTPCo4.dll
[2010/11/27 14:50:07 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\windows\SysWow64\SynTPCOM.dll
[2010/11/27 14:47:19 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 6450b_Y5336AN_0U_QCNU0424D1K_E626214-222_4A_I146D_SHP_V73.11_68CDE F.02_T100810_WU48-0_L409_M3888_J500_7Intel_8655_92.40_#100916_N808610EB;14E44727_(WD777EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2010/11/27 14:47:19 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 6450b_Y5336AN_0U_QCNU0424D1K_E626214-222_4A_I146D_SHP_V73.11_68CDE F.02_T100810_WU48-0_L409_M3888_J500_7Intel_8655_92.40_#100916_N808610EB;14E44727_(WD777EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2010/11/27 14:46:27 | 001,049,314 | ---- | M] () -- C:\windows\SysNative\oem39.inf
[2010/11/27 14:45:48 | 003,891,200 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmihvsrv64.dll
[2010/11/27 14:45:48 | 003,555,840 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmihvui64.dll
[2010/11/27 14:45:48 | 003,063,360 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\BCMWL664.SYS
[2010/11/27 14:45:48 | 000,095,544 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\bcmwlcoi.dll
[2010/11/27 14:45:48 | 000,006,656 | ---- | M] () -- C:\windows\SysNative\bcmwlrc.dll
[2010/11/27 10:53:46 | 000,276,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/11/27 00:27:41 | 000,025,788 | ---- | M] () -- C:\Users\Dukan\Desktop\fullscreencapture280720.jpg
[2010/11/26 23:46:59 | 000,324,751 | ---- | M] () -- C:\Users\Dukan\Desktop\bckround.jpg
[2010/11/26 23:05:09 | 001,698,455 | ---- | M] () -- C:\Users\Dukan\Desktop\Skins_3___Effy_by_theravenbard.gif
[2010/11/26 22:07:40 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2010/11/26 21:59:02 | 000,001,003 | ---- | M] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/11/26 21:55:24 | 001,096,372 | ---- | M] () -- C:\Users\Dukan\Desktop\WinampBackupToolSetup.exe
[2010/11/26 21:41:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/26 21:38:54 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/11/26 20:10:21 | 000,789,481 | ---- | M] () -- C:\Users\Dukan\Desktop\wti29x.jpg
[2010/11/26 19:52:21 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/26 19:46:51 | 000,001,963 | ---- | M] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/26 19:46:51 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/26 12:05:22 | 000,007,605 | ---- | M] () -- C:\Users\Dukan\AppData\Local\Resmon.ResmonCfg
[2010/11/26 00:12:23 | 000,040,833 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2010/11/26 00:12:23 | 000,040,833 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2010/11/25 17:12:06 | 000,001,437 | ---- | M] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/25 16:37:06 | 000,002,059 | ---- | M] () -- C:\windows\SysNative\Config.MPF
========== Files Created - No Company Name ==========
[2010/11/28 15:08:58 | 000,032,256 | ---- | C] () -- C:\Users\Dukan\Desktop\eduroam-cuni.exe
[2010/11/28 14:58:42 | 000,328,330 | ---- | C] () -- C:\Users\Dukan\Desktop\qjd81ghc3109l8ib3dqp.jpg
[2010/11/28 14:58:05 | 000,209,439 | ---- | C] () -- C:\Users\Dukan\Desktop\eat_shit_food.png
[2010/11/28 14:08:38 | 000,238,754 | ---- | C] () -- C:\Users\Dukan\Desktop\screen.jpg
[2010/11/27 22:16:33 | 001,475,014 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/27 14:50:48 | 000,000,473 | ---- | C] () -- C:\windows\SysNative\MAPISVC.INF
[2010/11/27 14:46:33 | 001,049,314 | ---- | C] () -- C:\windows\SysNative\oem39.inf
[2010/11/26 23:46:59 | 000,324,751 | ---- | C] () -- C:\Users\Dukan\Desktop\bckround.jpg
[2010/11/26 23:05:09 | 001,698,455 | ---- | C] () -- C:\Users\Dukan\Desktop\Skins_3___Effy_by_theravenbard.gif
[2010/11/26 22:07:39 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2010/11/26 21:59:02 | 000,001,003 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/11/26 21:55:24 | 001,096,372 | ---- | C] () -- C:\Users\Dukan\Desktop\WinampBackupToolSetup.exe
[2010/11/26 21:41:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/26 21:38:54 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/11/26 20:11:36 | 000,025,788 | ---- | C] () -- C:\Users\Dukan\Desktop\fullscreencapture280720.jpg
[2010/11/26 20:10:20 | 000,789,481 | ---- | C] () -- C:\Users\Dukan\Desktop\wti29x.jpg
[2010/11/26 19:52:21 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/26 19:46:51 | 000,001,963 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/26 19:46:51 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/26 12:05:22 | 000,007,605 | ---- | C] () -- C:\Users\Dukan\AppData\Local\Resmon.ResmonCfg
[2010/11/25 17:12:06 | 000,001,437 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/25 16:37:50 | 000,000,384 | ---- | C] () -- C:\windows\myClean.bat
[2010/11/25 16:35:04 | 000,000,332 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForDukan.job
[2010/11/25 16:18:42 | 000,000,000 | RHS- | C] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 6450b_Y5336AN_0U_QCNU0424D1K_E626214-222_4A_I146D_SHP_V73.11_68CDE F.02_T100810_WU48-0_L409_M3888_J500_7Intel_8655_92.40_#100916_N808610EB;14E44727_(WD777EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2010/11/25 16:18:42 | 000,000,000 | RHS- | C] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 6450b_Y5336AN_0U_QCNU0424D1K_E626214-222_4A_I146D_SHP_V73.11_68CDE F.02_T100810_WU48-0_L409_M3888_J500_7Intel_8655_92.40_#100916_N808610EB;14E44727_(WD777EA#ARL)_XMOBILE_CN10_Z_2_G80860046.MRK
[2010/11/25 16:18:22 | 000,000,290 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/25 16:18:22 | 000,000,272 | ---- | C] () -- C:\Users\Dukan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/25 16:17:44 | 4076,265,472 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/22 15:00:24 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/09/16 19:09:26 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wddbhie.sys
[2010/09/16 18:43:01 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010/09/16 18:36:13 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2010/04/21 19:22:50 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/04/21 19:22:50 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/04/01 20:07:18 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2010/03/31 00:04:50 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2010/03/31 00:04:50 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2010/03/31 00:04:48 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2010/03/31 00:04:48 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2010/03/31 00:04:48 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2010/02/19 17:43:00 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2010/02/10 02:58:12 | 000,012,800 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/12/07 19:36:18 | 000,329,272 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/11/25 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\DigitalPersona
[2010/11/27 14:04:29 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\ICQ
[2010/11/26 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\IrfanView
[2010/11/28 00:16:29 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\SoftGrid Client
[2010/11/27 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\TP
[2009/07/14 06:08:49 | 000,006,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 02:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010/11/25 16:24:15 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Adobe
[2010/11/25 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\DigitalPersona
[2010/11/27 14:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Hewlett-Packard
[2010/11/25 16:20:05 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\hpqLog
[2010/11/27 14:04:29 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\ICQ
[2010/11/25 16:35:15 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Identities
[2010/11/26 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\IrfanView
[2010/11/27 12:49:55 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Macromedia
[2010/11/28 13:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Malwarebytes
[2010/11/28 16:52:17 | 000,000,000 | --SD | M] -- C:\Users\Dukan\AppData\Roaming\Microsoft
[2010/11/26 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Mozilla
[2010/11/26 23:51:23 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Roxio Log Files
[2010/11/28 00:16:29 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\SoftGrid Client
[2010/11/27 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\TP
[2010/11/28 23:43:24 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\Winamp
[2010/11/27 00:11:47 | 000,000,000 | ---D | M] -- C:\Users\Dukan\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010/04/18 15:33:56 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2010/04/18 15:33:56 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Dukan\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dukan\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/09/16 18:54:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/09/16 18:54:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/09/16 18:54:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/09/16 18:48:26 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/09/16 18:54:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/09/16 18:54:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/16 18:48:26 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/09/16 18:54:34 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/16 18:48:26 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/16 18:54:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/09/16 18:48:26 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009/09/01 07:34:28 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=01B586A0B8C8D860457892F80B85A5CD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16416_none_076a95ef732190e3\hal.dll
[2009/09/01 08:03:17 | 000,263,240 | ---- | M] (Microsoft Corporation) MD5=514D418248FECD24D96E7219162BDFDD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20519_none_07f733988c3c7cb2\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTOR.SYS >
[2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5db459a8209eb08e\iaStor.sys
[2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_9ec067702a498bab\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010/05/12 09:50:49 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=491E3CF1A4F0869E32197E34603B9BE1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010/06/14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/16 18:54:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/16 18:54:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010/11/26 22:07:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\config.nt
[2010/11/27 16:36:58 | 000,000,052 | ---- | M] () -- C:\Windows\SysWOW64\DOErrors.log
[2010/11/29 12:15:45 | 000,000,018 | ---- | M] () -- C:\Windows\SysWOW64\log.txt
[2010/11/27 14:50:47 | 000,000,976 | ---- | M] () -- C:\Windows\SysWOW64\mapisvc.inf
[2010/11/28 17:16:52 | 001,475,014 | ---- | M] () -- C:\Windows\SysWOW64\PerfStringBackup.INI
[2010/11/27 14:50:07 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWOW64\SynCOM.dll
[2010/11/27 14:50:07 | 000,214,312 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWOW64\SynCtrl.dll
[2010/11/27 14:50:07 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWOW64\SynTPCOM.dll
< CREATERESTOREPOIN >
< End of report >
Re: Kontrola logu
OTL Extras logfile created on: 11/29/2010 12:53:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dukan\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 411.38 Gb Free Space | 91.73% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.67% Space Free | Partition Type: FAT32
Computer Name: DUKAN-HP | User Name: Dukan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{32394B71-1E8E-4233-8958-B84F4CDC8F4D}" = Privacy Manager for HP ProtectTools
"{34E6F14D-68F9-486D-87BA-6AA8431F3F44}" = Drive Encryption for HP ProtectTools
"{3B392D0A-F3F6-41EA-8DDB-D657ABA70168}" = HP QuickLook
"{3C33FD2E-6B21-4CD3-B41A-A7331D467617}" = HP Power Assistant
"{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}" = HP Power Data
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D06DE3F-0B91-4E1F-B791-619A9D1B53EF}" = HP ProtectTools Security Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 1 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}" = HP Documentation
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7861911B-4270-498A-8F7A-FCF0570F4877}" = HP QuickWeb
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BF3CCE21-3BD9-498B-ADFC-EE9D1E3C1564}" = HP ESU for Microsoft Windows 7
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5B6C628-4F4A-408A-8DAF-90278E22B2BB}" = HP Software Framework
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E1CD7FC4-98F6-4A14-A8C8-A01D6F6F8FC3}" = HP SoftPaq Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Drive Encryption" = Drive Encryption for HP ProtectTools
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"Winamp" = Winamp
"Winamp Backup Tool" = Winamp Backup Tool
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/25/2010 11:46:02 AM | Computer Name = Dukan-HP | Source = RasClient | ID = 20227
Description =
Error - 11/25/2010 11:49:08 AM | Computer Name = Dukan-HP | Source = RasClient | ID = 20227
Description =
Error - 11/26/2010 4:18:28 PM | Computer Name = Dukan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPAdvisorDock.exe, version: 3.4.10262.3295,
time stamp: 0x4b72213a Faulting module name: HPAdvisorDock.exe, version: 3.4.10262.3295,
time stamp: 0x4b72213a Exception code: 0xc000041d Fault offset: 0x00000000000352fc
Faulting
process id: 0x258 Faulting application start time: 0x01cb8da714f5e7f6 Faulting application
path: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe Faulting
module path: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
Report
Id: 5451cc71-f99a-11df-a67e-1cc1deb40a0a
Error - 11/28/2010 5:38:17 PM | Computer Name = Dukan-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 11/29/2010 7:25:53 AM | Computer Name = Dukan-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
[ HP Power Assistant Events ]
Error - 10/22/2010 9:48:03 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:48:08 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:48:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:49:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:50:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:51:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:52:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 11/26/2010 6:52:24 AM | Computer Name = Dukan-HP | Source = HP PA Application | ID = 0
Description = System.Exception UpdateBatteryPredictions() bad values. Check PMCCapabilities.XML
and PMCData.XML if in emulation mode current power scheme invalid v HPPA_Main.PACustomControls.DSList.PowerSchemes.GetControl(PowerScheme
scheme) v HPPA_Main.PACustomControls.Pages.SettingsPage.ApplyPowerUsage(Double
actualUsage, Double maxValue) v HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
Error - 11/26/2010 6:52:24 AM | Computer Name = Dukan-HP | Source = HP PA Application | ID = 0
Description = System.Exception UpdateBatteryPredictions() bad values. Check PMCCapabilities.XML
and PMCData.XML if in emulation mode current power scheme invalid v HPPA_Main.PACustomControls.DSList.PowerSchemes.GetControl(PowerScheme
scheme) v HPPA_Main.PACustomControls.Pages.SettingsPage.ApplyPowerUsage(Double
actualUsage, Double maxValue) v HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
Error - 11/26/2010 6:52:26 AM | Computer Name = Dukan-HP | Source = HP PA Application | ID = 0
Description = System.Exception UpdateBatteryPredictions() bad values. Check PMCCapabilities.XML
and PMCData.XML if in emulation mode current power scheme invalid v HPPA_Main.PACustomControls.DSList.PowerSchemes.GetControl(PowerScheme
scheme) v HPPA_Main.PACustomControls.Pages.SettingsPage.ApplyPowerUsage(Double
actualUsage, Double maxValue) v HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
[ HP Wireless Assistant Events ]
Error - 10/22/2010 9:47:44 AM | Computer Name = ALJRVNHGO8PJO | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 10/22/2010 9:47:44 AM | Computer Name = ALJRVNHGO8PJO | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
handler) at HPPA_Service.CurrentConfiguration..ctor()
Error - 10/22/2010 9:47:46 AM | Computer Name = ALJRVNHGO8PJO | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597 at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
calibration) at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
[ System Events ]
Error - 11/28/2010 5:31:08 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 5:31:22 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 5:31:27 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 5:31:31 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:06:41 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:08:41 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:08:46 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:08:51 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:08:56 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:09:01 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
< End of report >
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dukan\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 411.38 Gb Free Space | 91.73% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.67% Space Free | Partition Type: FAT32
Computer Name: DUKAN-HP | User Name: Dukan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{32394B71-1E8E-4233-8958-B84F4CDC8F4D}" = Privacy Manager for HP ProtectTools
"{34E6F14D-68F9-486D-87BA-6AA8431F3F44}" = Drive Encryption for HP ProtectTools
"{3B392D0A-F3F6-41EA-8DDB-D657ABA70168}" = HP QuickLook
"{3C33FD2E-6B21-4CD3-B41A-A7331D467617}" = HP Power Assistant
"{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}" = HP Power Data
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D06DE3F-0B91-4E1F-B791-619A9D1B53EF}" = HP ProtectTools Security Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 1 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}" = HP Documentation
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7861911B-4270-498A-8F7A-FCF0570F4877}" = HP QuickWeb
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BF3CCE21-3BD9-498B-ADFC-EE9D1E3C1564}" = HP ESU for Microsoft Windows 7
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5B6C628-4F4A-408A-8DAF-90278E22B2BB}" = HP Software Framework
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E1CD7FC4-98F6-4A14-A8C8-A01D6F6F8FC3}" = HP SoftPaq Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Drive Encryption" = Drive Encryption for HP ProtectTools
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"Winamp" = Winamp
"Winamp Backup Tool" = Winamp Backup Tool
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/25/2010 11:46:02 AM | Computer Name = Dukan-HP | Source = RasClient | ID = 20227
Description =
Error - 11/25/2010 11:49:08 AM | Computer Name = Dukan-HP | Source = RasClient | ID = 20227
Description =
Error - 11/26/2010 4:18:28 PM | Computer Name = Dukan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPAdvisorDock.exe, version: 3.4.10262.3295,
time stamp: 0x4b72213a Faulting module name: HPAdvisorDock.exe, version: 3.4.10262.3295,
time stamp: 0x4b72213a Exception code: 0xc000041d Fault offset: 0x00000000000352fc
Faulting
process id: 0x258 Faulting application start time: 0x01cb8da714f5e7f6 Faulting application
path: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe Faulting
module path: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
Report
Id: 5451cc71-f99a-11df-a67e-1cc1deb40a0a
Error - 11/28/2010 5:38:17 PM | Computer Name = Dukan-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 11/29/2010 7:25:53 AM | Computer Name = Dukan-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
[ HP Power Assistant Events ]
Error - 10/22/2010 9:48:03 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:48:08 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:48:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:49:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:50:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:51:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 10/22/2010 9:52:13 AM | Computer Name = ALJRVNHGO8PJO | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.get_UnmonitoredPMCData()
Error - 11/26/2010 6:52:24 AM | Computer Name = Dukan-HP | Source = HP PA Application | ID = 0
Description = System.Exception UpdateBatteryPredictions() bad values. Check PMCCapabilities.XML
and PMCData.XML if in emulation mode current power scheme invalid v HPPA_Main.PACustomControls.DSList.PowerSchemes.GetControl(PowerScheme
scheme) v HPPA_Main.PACustomControls.Pages.SettingsPage.ApplyPowerUsage(Double
actualUsage, Double maxValue) v HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
Error - 11/26/2010 6:52:24 AM | Computer Name = Dukan-HP | Source = HP PA Application | ID = 0
Description = System.Exception UpdateBatteryPredictions() bad values. Check PMCCapabilities.XML
and PMCData.XML if in emulation mode current power scheme invalid v HPPA_Main.PACustomControls.DSList.PowerSchemes.GetControl(PowerScheme
scheme) v HPPA_Main.PACustomControls.Pages.SettingsPage.ApplyPowerUsage(Double
actualUsage, Double maxValue) v HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
Error - 11/26/2010 6:52:26 AM | Computer Name = Dukan-HP | Source = HP PA Application | ID = 0
Description = System.Exception UpdateBatteryPredictions() bad values. Check PMCCapabilities.XML
and PMCData.XML if in emulation mode current power scheme invalid v HPPA_Main.PACustomControls.DSList.PowerSchemes.GetControl(PowerScheme
scheme) v HPPA_Main.PACustomControls.Pages.SettingsPage.ApplyPowerUsage(Double
actualUsage, Double maxValue) v HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
[ HP Wireless Assistant Events ]
Error - 10/22/2010 9:47:44 AM | Computer Name = ALJRVNHGO8PJO | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 10/22/2010 9:47:44 AM | Computer Name = ALJRVNHGO8PJO | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
handler) at HPPA_Service.CurrentConfiguration..ctor()
Error - 10/22/2010 9:47:46 AM | Computer Name = ALJRVNHGO8PJO | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597 at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
calibration) at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
[ System Events ]
Error - 11/28/2010 5:31:08 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 5:31:22 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 5:31:27 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 5:31:31 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:06:41 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:08:41 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:08:46 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:08:51 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:08:56 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 11/28/2010 6:09:01 PM | Computer Name = Dukan-HP | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
< End of report >
Re: Kontrola logu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Kontrola logu
Zdá se být v pořádku.
viz http://tinyurl.com/2webz5y
viz http://tinyurl.com/2webz5y
Re: Kontrola logu
Mě se tedy moc nelíbí 
, můžu Vám ho smazat?
, můžu Vám ho smazat?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Kontrola logu
No dobrá
Smažme ho!
Smažme ho!
Re: Kontrola logu
Pokud Vám to nebude vadit, necháme to na zítra
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Kontrola logu
Rád, chtěl jsem to také navrhnout.
Dobrou noc a děkuji.
Dobrou noc a děkuji.
Re: Kontrola logu
Spustte OTL-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O4:64bit: - HKLM..\Run: [] File not found
IE - HKU\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKU\S-1-5-21-4232791037-752211120-959289193-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\windows\myClean.bat
C:\windows\SysWow64\drivers\wddbhie.sys
:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?