Temat jest zamknięty
Pierwszy log jest z RSIT x64
Logfile of random's system information tool 1.09 (written by random/random)
Run by dom at 2013-03-16 20:15:57
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 25 GB (12%) free of 200 GB
Total RAM: 4095 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:03, on 2013-03-16
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\dom\Desktop\OTL.exe
C:\Program Files\trend micro\dom.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1342608838_220770
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=hp&babsrc=lnkry_nt"]Babylon Search[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]MetroMSN.pl - MSN.pl - wydarzenia, styl życia, dom, pieniądze, rozrywka i gwiazdy,metro, Hotmail[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: Shell=C:\PROGRA~3\Fh59IZN.bat
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
O2 - BHO: Linkury SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Zoomex - {67BF155D-7896-43A3-1C8B-B3F619E820B1} - C:\ProgramData\Zoomex\50fd51e662695.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
O3 - Toolbar: Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{81022E93-1FC7-4565-916F-AB4D30895698}: NameServer = 62.179.1.62
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
O20 - AppInit_DLLs: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll c:\progra~2\zoomex\sprote~1.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9572 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x274
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Users\dom\Desktop\OTL.exe"
"C:\Users\dom\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\RMAutoUpdate.job
C:\Windows\tasks\RMSchedule.job
C:\Windows\tasks\ZoomExUpdaterTask{DAED68F5-436B-4787-8ECB-67A74F866FE0}.job
=========Mozilla firefox=========
ProfilePath - C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\vty4knvd.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.13.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
allegro-pl.xml
fbc-pl.xml
google.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-08-13 1393272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
Linkury SmartbarEngine - C:\Windows\system32\mscoree.dll [2010-11-05 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [2012-06-24 1968248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll [2011-02-08 1057160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02 5748928]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
MediaBar - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24 89008]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
Linkury SmartbarEngine - C:\Windows\system32\mscoree.dll [2010-11-05 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2012-06-24 1417336]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [2011-02-08 721288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BF155D-7896-43A3-1C8B-B3F619E820B1}]
Zoomex - C:\ProgramData\Zoomex\50fd51e662695.dll [2013-01-21 120832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-06 461216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02 4119744]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-06 170912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} -
{ae07101b-46d4-4a98-af68-0333ea26e113} - Linkury Smartbar - C:\Windows\system32\mscoree.dll [2010-11-05 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{07B18EA9-A523-4961-B6BB-170DE4475CCA}
{D4027C7F-154A-4066-A1AD-4243D8127440} -
{28387537-e3f9-4ed7-860c-11e69af4a8a0} - MediaBar - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24 89008]
{ae07101b-46d4-4a98-af68-0333ea26e113} - Linkury Smartbar - C:\Windows\system32\mscoree.dll [2010-11-05 444752]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]
"ccleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2012-06-22 5283680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2012-07-31 2596984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper]
C:\Users\dom\AppData\Local\Smartbar\Application\Linkury.exe [2013-01-21 13824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-08-28 2252800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-06-27 1996200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe /m=2 /w /h []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2013-03-07 3093624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-08-21 105120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2012-05-29 115032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
C:\Users\dom\AppData\Local\Temp\dYSEvWR.exe,M1N1 []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\drmkaud]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Audiosrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\drmkaud]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HDAudBus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MMCSS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-03-16 20:09:31 ----A---- C:\Windows\system32\FNTCACHE.DAT
2013-03-16 20:09:18 ----A---- C:\Windows\ntbtlog.txt
2013-03-16 18:12:10 ----D---- C:\Users\dom\AppData\Roaming\Malwarebytes
2013-03-16 18:12:03 ----D---- C:\ProgramData\Malwarebytes
2013-03-16 18:12:03 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-16 18:12:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-03-16 15:31:10 ----D---- C:\rsit
2013-03-16 15:31:10 ----D---- C:\Program Files\trend micro
2013-03-12 14:56:08 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-09 06:45:33 ----A---- C:\Windows\system32\win32k.sys
2013-03-09 06:45:29 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-03-09 06:45:29 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-03-09 06:45:26 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-03-09 06:45:25 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-03-09 06:45:25 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-03-07 18:22:31 ----D---- C:\ProgramData\PMB Files
2013-03-07 18:22:17 ----D---- C:\Program Files (x86)\Pando Networks
======List of files/folders modified in the last 1 month======
2013-03-16 20:09:57 ----D---- C:\Windows
2013-03-16 20:09:31 ----D---- C:\Windows\System32
2013-03-16 20:09:19 ----D---- C:\Windows\system32\config
2013-03-16 20:09:15 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-16 20:09:14 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-03-16 19:56:40 ----RD---- C:\Program Files (x86)
2013-03-16 19:49:57 ----SHD---- C:\System Volume Information
2013-03-16 19:44:47 ----D---- C:\Windows\system32\catroot
2013-03-16 19:44:46 ----D---- C:\Windows\system32\catroot2
2013-03-16 19:43:29 ----D---- C:\Windows\winsxs
2013-03-16 19:43:15 ----SHD---- C:\Windows\Installer
2013-03-16 19:43:13 ----AD---- C:\Windows\Temp
2013-03-16 19:43:12 ----SHD---- C:\Config.Msi
2013-03-16 19:40:16 ----D---- C:\Windows\SoftwareDistribution
2013-03-16 19:37:18 ----D---- C:\Windows\system32\LogFiles
2013-03-16 19:26:01 ----D---- C:\Users\dom\AppData\Roaming\Skype
2013-03-16 18:12:03 ----HD---- C:\ProgramData
2013-03-16 18:12:03 ----D---- C:\Windows\system32\drivers
2013-03-16 18:08:32 ----D---- C:\Program Files (x86)\Opera
2013-03-16 15:31:10 ----RD---- C:\Program Files
2013-03-16 11:04:03 ----D---- C:\Windows\inf
2013-03-16 10:17:30 ----D---- C:\Windows\Microsoft.NET
2013-03-16 07:55:40 ----RSD---- C:\Windows\assembly
2013-03-16 07:48:43 ----SD---- C:\ProgramData\Microsoft
2013-03-15 19:16:59 ----D---- C:\Users\dom\AppData\Roaming\BitTorrent
2013-03-15 17:04:11 ----D---- C:\Windows\Prefetch
2013-03-15 14:19:08 ----D---- C:\Users\dom\AppData\Roaming\DAEMON Tools Lite
2013-03-15 14:18:07 ----D---- C:\Windows\debug
2013-03-15 13:52:50 ----D---- C:\Windows\SysWOW64
2013-03-15 06:36:33 ----D---- C:\ProgramData\Microsoft Help
2013-03-14 06:33:34 ----D---- C:\Windows\pss
2013-03-14 06:30:02 ----D---- C:\Windows\SYSWOW64\migration
2013-03-14 06:30:02 ----D---- C:\Windows\system32\migration
2013-03-14 06:30:02 ----D---- C:\Windows\AppPatch
2013-03-14 06:30:02 ----D---- C:\Program Files\Internet Explorer
2013-03-14 06:30:02 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-14 06:27:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-12 20:12:05 ----D---- C:\Program Files\Common Files
2013-03-12 17:18:54 ----D---- C:\ProgramData\BioWare
2013-03-12 17:11:43 ----D---- C:\ProgramData\InstallShield
2013-03-12 17:11:42 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-03-12 14:56:06 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-03-07 18:29:27 ----RD---- C:\Users
2013-03-07 18:19:33 ----D---- C:\Program Files (x86)\League of Legends
2013-03-07 18:12:51 ----D---- C:\Users\dom\AppData\Roaming\RenPy
2013-03-06 22:00:32 ----D---- C:\Windows\system32\wbem
2013-03-06 21:59:35 ----D---- C:\Windows\Tasks
2013-03-06 21:59:35 ----D---- C:\Windows\system32\wfp
2013-03-06 21:59:35 ----D---- C:\Windows\system32\DriverStore
2013-03-06 21:59:34 ----DC---- C:\Windows\system32\DRVSTORE
2013-03-06 21:59:34 ----D---- C:\Windows\system32\Tasks
2013-03-06 21:59:34 ----D---- C:\Windows\system32\CodeIntegrity
2013-03-06 21:59:32 ----D---- C:\Windows\Help
2013-03-06 21:59:26 ----D---- C:\Users\dom\AppData\Roaming\ijjigame
2013-03-06 21:59:25 ----D---- C:\Users\dom\AppData\Roaming\GG
2013-03-06 21:59:25 ----D---- C:\Users\dom\AppData\Roaming\Gadu-Gadu 10
2013-03-06 21:59:25 ----D---- C:\Users\dom\AppData\Roaming\FunnyGames
2013-03-06 21:59:25 ----D---- C:\Users\dom\AppData\Roaming\Downloaded Installations
2013-03-06 21:59:25 ----D---- C:\Users\dom\AppData\Roaming\Condusiv_Technologies
2013-03-06 21:59:21 ----D---- C:\Program Files\Condusiv Technologies
2013-03-06 21:59:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-03-06 21:59:19 ----D---- C:\Program Files (x86)\Diskeeper Setup Files
2013-03-06 21:59:04 ----D---- C:\Windows\registration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
R0 DKDFM;Device Filter Manager Driver; C:\Windows\system32\drivers\DKDFM.sys [2012-04-05 40752]
R0 DKTLFSMF;Telemetry File System Mini Filter Driver; C:\Windows\system32\drivers\DKTLFSMF.sys [2012-07-09 106832]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-11-27 564824]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-08-17 1235968]
S1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-08-12 2715824]
S1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-03-09 123408]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 DKRtWrt;DKRtWrt; C:\Windows\system32\DRIVERS\DKRtWrt.sys [2012-06-18 52048]
S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
S3 LVUVC64;Logitech Webcam C160(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-02 4682]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-07 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-11-07 57856]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-07-26 76888]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S3 aspnet_state;„Usługa stanu ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2010-06-15 3583592]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1255736]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-04 238080]
S4 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-08-12 551896]
S4 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S4 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-07 115608]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-01-29 541608]
S4 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
-----------------EOF-----------------Drugi z OTLOTL logfile created on: 2013-03-16 20:15:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,99% Memory free
8,00 Gb Paging File | 7,04 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 24,29 Gb Free Space | 12,44% Space Free | Partition Type: NTFS
Drive D: | 146,39 Gb Total Space | 146,28 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 121,09 Gb Total Space | 120,99 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Computer Name: DOM-KOMPUTER | User Name: dom | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-03-16 14:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dom\Desktop\OTL.exe
PRC - [2013-02-10 15:44:12 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012-12-14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-01-09 19:53:19 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2012-07-04 07:20:54 | 000,238,080 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2010-08-12 14:32:42 | 000,551,896 | ---- | M] (Protection Technology) [Disabled | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV - [2013-03-07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-29 16:58:21 | 000,541,608 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-08-21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012-08-13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012-07-26 21:17:03 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-06-27 11:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-02-14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-04-01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010-06-15 16:19:03 | 003,583,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2012-12-14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-11-27 20:00:20 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2012-11-07 22:09:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-11-07 22:09:18 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-09-04 12:34:14 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:[b]64bit:[/b] - [2012-08-24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2012-07-26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2012-07-09 14:54:58 | 000,106,832 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DKTLFSMF.sys -- (DKTLFSMF)
DRV:[b]64bit:[/b] - [2012-07-04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2012-07-04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012-07-04 06:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012-06-18 19:14:34 | 000,052,048 | ---- | M] (Condusiv Technologies) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:[b]64bit:[/b] - [2012-04-19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2012-04-05 02:32:54 | 000,040,752 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DKDFM.sys -- (DKDFM)
DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012-02-23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2012-01-31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2011-12-23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2011-12-23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:[b]64bit:[/b] - [2011-12-23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2011-04-01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-08-12 14:32:43 | 002,715,824 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:[b]64bit:[/b] - [2010-03-09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009-08-17 12:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2009-07-16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-05-22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2008-04-22 07:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005-01-02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://searchfunmoods.com/?f=1&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtBtC0DyEtD0DtBtA0EtN0D0Tzu0CtAyDtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=911712656"]Funmoods Search[/url]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = [url="http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtBtC0DyEtD0DtBtA0EtN0D0Tzu0CtAyDtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=911712656"]Funmoods Search[/url]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]{searchTerms} - Bing[/url]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = [url="http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtBtC0DyEtD0DtBtA0EtN0D0Tzu0CtBtAtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2048707667"]Searchya Search[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com"]Google[/url]
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]{searchTerms} - Bing[/url]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = [url="http://search.babylon.com/?affID=110809&tt=bandext_3312_8&babsrc=HP_ss&mntrId=44dbd23e00000000000000ffe5264df8"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = [url="http://search.babylon.com/?affID=110809&tt=bandext_3312_8&babsrc=HP_ss&mntrId=44dbd23e00000000000000ffe5264df8"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = [url="http://search.babylon.com/?affID=110809&tt=bandext_3312_8&babsrc=HP_ss&mntrId=44dbd23e00000000000000ffe5264df8"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1342608838_220770
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=hp&babsrc=lnkry_nt"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]{searchTerms} - Bing[/url]
IE - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dom\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dom\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012-09-11 12:47:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-03-12 14:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011-12-31 11:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dom\AppData\Roaming\mozilla\Extensions
[2012-12-16 22:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\afss4h8w.default\extensions
[2012-12-16 22:15:50 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\afss4h8w.default\extensions\ffxtlbr@funmoods.com
[2012-08-17 19:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\afss4h8w.default\extensions\staged
[2012-02-05 14:46:21 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\afss4h8w.default\extensions\toolbar@ask.com
[2012-12-16 22:15:49 | 000,000,777 | ---- | M] () -- C:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\afss4h8w.default\searchplugins\Funmoods.xml
[2012-08-17 19:07:49 | 000,000,777 | ---- | M] () -- C:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\afss4h8w.default\searchplugins\Search.xml
[2013-03-12 14:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-11-01 22:49:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-03-07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013-03-07 17:48:47 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2013-03-07 17:48:47 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2013-03-07 17:48:47 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2013-03-07 17:48:47 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2013-03-07 17:48:47 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-03-07 17:48:47 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=hp&babsrc=lnkry"]Babylon Search[/url]
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"]Babylon Search[/url]
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [url="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=92d654ad-8e8a-48ea-8b5c-46abd9a276b4&affid=111583&searchtype=hp&babsrc=lnkry"]Babylon Search[/url]
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dom\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dom\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dom\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dom\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dom\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Linkury Smartbar = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Funmoods = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0\
CHR - Extension: Zoomex = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihgkpinpdipaabjllhocmhmicfnbmdl\1\
CHR - Extension: New Tab = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.19_0\
CHR - Extension: Ptasie Radio = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijligoemhhgfdldpnhfpbacahbjafpo\1.3_0\
CHR - Extension: SweetIM for Facebook = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Linkury Smartbar = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Funmoods = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0\
CHR - Extension: Zoomex = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihgkpinpdipaabjllhocmhmicfnbmdl\1\
CHR - Extension: New Tab = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.19_0\
CHR - Extension: Ptasie Radio = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijligoemhhgfdldpnhfpbacahbjafpo\1.3_0\
CHR - Extension: SweetIM for Facebook = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:[b]64bit:[/b] - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (Zoomex) - {67BF155D-7896-43A3-1C8B-B3F619E820B1} - C:\ProgramData\Zoomex\50fd51e662695.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3625104046-687358821-1933599865-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-3625104046-687358821-1933599865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:[b]64bit:[/b] - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:[b]64bit:[/b] - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81022E93-1FC7-4565-916F-AB4D30895698}: NameServer = 62.179.1.62
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\zoomex\sprote~1.dll) - File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\Fh59IZN.bat) - C:\ProgramData\Fh59IZN.bat ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{11978c38-5a30-11e1-bd8e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{11978c38-5a30-11e1-bd8e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -auto
O33 - MountPoints2\{1d900ee7-38cc-11e2-8536-e0cb4ec21d40}\Shell - "" = AutoRun
O33 - MountPoints2\{1d900ee7-38cc-11e2-8536-e0cb4ec21d40}\Shell\AutoRun\command - "" = G:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{9f2043ef-61a8-11df-beca-e0cb4ec21d40}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2043ef-61a8-11df-beca-e0cb4ec21d40}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-03-16 19:57:00 | 000,000,000 | ---D | C] -- C:\Users\dom\Desktop\Nowy folder
[2013-03-16 18:12:10 | 000,000,000 | ---D | C] -- C:\Users\dom\AppData\Roaming\Malwarebytes
[2013-03-16 18:12:03 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-03-16 18:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-03-16 18:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-03-16 18:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-03-16 18:11:50 | 000,000,000 | ---D | C] -- C:\Users\dom\AppData\Local\Programs
[2013-03-16 15:40:45 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\dom\Documents\antizeroaccess.exe
[2013-03-16 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013-03-16 15:31:10 | 000,000,000 | ---D | C] -- C:\rsit
[2013-03-16 15:12:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\dom\Desktop\dds.com
[2013-03-16 14:41:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dom\Desktop\OTL.exe
[2013-03-15 14:38:52 | 000,000,000 | ---D | C] -- C:\Users\dom\AppData\Local\Torch
[2013-03-15 14:38:40 | 001,159,144 | ---- | C] (Torch Media Inc.) -- C:\Users\dom\Desktop\TorchSetup.exe
[2013-03-14 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\dom\Desktop\Windołsałkę ;-;
[2013-03-12 14:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013-03-12 14:12:44 | 021,328,680 | ---- | C] (Mozilla) -- C:\Users\dom\Desktop\Firefox Setup 19.0.2.exe
[2013-03-09 06:45:29 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013-03-09 06:45:26 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-03-09 06:45:25 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-03-09 06:45:25 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-03-07 18:22:33 | 000,000,000 | ---D | C] -- C:\Users\dom\AppData\Local\PMB Files
[2013-03-07 18:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013-03-07 18:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013-03-07 18:21:51 | 000,000,000 | ---D | C] -- C:\Users\dom\.swt
[2011-12-15 09:21:43 | 002,161,160 | ---- | C] (DownVision ) -- C:\Users\dom\AppData\Local\setup.exe
[2011-06-03 15:44:52 | 029,451,264 | ---- | C] (Take-Two Interactive Software, Inc.) -- C:\Users\dom\Borderlands.exe
[2011-06-03 15:44:52 | 000,121,984 | ---- | C] (Valve Corporation) -- C:\Users\dom\steam_api.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013-03-16 20:22:48 | 005,242,880 | ---- | M] () -- C:\Users\dom\ntuser.dat
[2013-03-16 20:09:59 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013-03-16 20:09:49 | 000,305,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-03-16 20:09:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-16 20:09:17 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-16 19:54:11 | 000,068,224 | ---- | M] () -- C:\Users\dom\AppData\Local\GDIPFONTCACHEV1.DAT
[2013-03-16 19:44:30 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-16 19:44:29 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-16 19:42:44 | 000,000,358 | -H-- | M] () -- C:\Windows\tasks\ZoomExUpdaterTask{DAED68F5-436B-4787-8ECB-67A74F866FE0}.job
[2013-03-16 19:42:44 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013-03-16 19:37:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013-03-16 18:12:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-16 18:08:24 | 000,430,184 | ---- | M] () -- C:\Users\dom\Documents\Malwarebytes-AntiMalware(13117).exe
[2013-03-16 15:40:45 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\dom\Documents\antizeroaccess.exe
[2013-03-16 15:16:42 | 000,935,175 | ---- | M] () -- C:\Users\dom\Desktop\RSITx64.exe
[2013-03-16 15:12:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\dom\Desktop\dds.com
[2013-03-16 15:10:44 | 000,377,856 | ---- | M] () -- C:\Users\dom\Desktop\gmer.exe
[2013-03-16 14:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dom\Desktop\OTL.exe
[2013-03-15 14:38:40 | 001,159,144 | ---- | M] (Torch Media Inc.) -- C:\Users\dom\Desktop\TorchSetup.exe
[2013-03-14 06:27:33 | 000,755,448 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-03-14 06:27:33 | 000,668,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-03-14 06:27:33 | 000,163,964 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-03-14 06:27:33 | 000,127,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-03-14 06:27:33 | 000,006,610 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-03-13 20:34:38 | 000,282,014 | ---- | M] () -- C:\Users\dom\Desktop\quadełę.jpg
[2013-03-12 14:56:18 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-03-12 14:12:57 | 021,328,680 | ---- | M] (Mozilla) -- C:\Users\dom\Desktop\Firefox Setup 19.0.2.exe
[2013-03-07 19:08:01 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013-03-07 18:21:40 | 003,510,632 | ---- | M] () -- C:\Users\dom\Desktop\LeagueofLegends.exe
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-03-16 20:09:31 | 000,305,704 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-03-16 19:54:11 | 000,068,224 | ---- | C] () -- C:\Users\dom\AppData\Local\GDIPFONTCACHEV1.DAT
[2013-03-16 18:12:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-16 18:08:24 | 000,430,184 | ---- | C] () -- C:\Users\dom\Documents\Malwarebytes-AntiMalware(13117).exe
[2013-03-16 15:16:42 | 000,935,175 | ---- | C] () -- C:\Users\dom\Desktop\RSITx64.exe
[2013-03-16 15:10:44 | 000,377,856 | ---- | C] () -- C:\Users\dom\Desktop\gmer.exe
[2013-03-13 20:34:34 | 000,282,014 | ---- | C] () -- C:\Users\dom\Desktop\quadełę.jpg
[2013-03-12 14:56:18 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013-03-12 14:56:18 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-03-07 18:21:39 | 003,510,632 | ---- | C] () -- C:\Users\dom\Desktop\LeagueofLegends.exe
[2013-02-06 20:53:18 | 000,003,150 | ---- | C] () -- C:\ProgramData\RWvESYd.js
[2013-02-06 20:53:18 | 000,000,153 | ---- | C] () -- C:\ProgramData\RWvESYd.reg
[2013-02-06 20:53:18 | 000,000,077 | ---- | C] () -- C:\ProgramData\RWvESYd.bat
[2013-02-06 20:40:54 | 000,003,149 | ---- | C] () -- C:\ProgramData\Fh59IZN.js
[2013-02-06 20:40:54 | 000,000,153 | ---- | C] () -- C:\ProgramData\Fh59IZN.reg
[2013-02-06 20:40:54 | 000,000,077 | ---- | C] () -- C:\ProgramData\Fh59IZN.bat
[2013-01-29 19:27:14 | 000,000,008 | ---- | C] () -- C:\Windows\313231.INI
[2013-01-26 01:14:46 | 000,524,288 | -HS- | C] () -- C:\Users\dom\ntuser.dat{5705bf44-6743-11e2-8a2b-e0cb4ec21d40}.TMContainer00000000000000000002.regtrans-ms
[2013-01-26 01:14:46 | 000,524,288 | -HS- | C] () -- C:\Users\dom\ntuser.dat{5705bf44-6743-11e2-8a2b-e0cb4ec21d40}.TMContainer00000000000000000001.regtrans-ms
[2013-01-26 01:14:46 | 000,065,536 | -HS- | C] () -- C:\Users\dom\ntuser.dat{5705bf44-6743-11e2-8a2b-e0cb4ec21d40}.TM.blf
[2012-11-15 21:20:14 | 000,000,741 | ---- | C] () -- C:\Users\dom\.recently-used.xbel
[2012-11-09 18:26:58 | 004,792,320 | ---- | C] () -- C:\Users\dom\ntuser.dat.iobit
[2012-11-07 21:59:00 | 005,242,880 | ---- | C] () -- C:\Users\dom\ntuser.dat
[2012-08-17 19:07:54 | 000,384,835 | ---- | C] () -- C:\Users\dom\AppData\Local\speeddial.crx
[2012-07-04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-07-04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-04-18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-03-16 14:42:18 | 000,524,288 | -HS- | C] () -- C:\Users\dom\ntuser.dat{bc2529e7-6f6d-11e1-87da-e0cb4ec21d40}.TMContainer00000000000000000002.regtrans-ms
[2012-03-16 14:42:18 | 000,524,288 | -HS- | C] () -- C:\Users\dom\ntuser.dat{bc2529e7-6f6d-11e1-87da-e0cb4ec21d40}.TMContainer00000000000000000001.regtrans-ms
[2012-03-16 14:42:18 | 000,065,536 | -HS- | C] () -- C:\Users\dom\ntuser.dat{bc2529e7-6f6d-11e1-87da-e0cb4ec21d40}.TM.blf
[2012-01-01 14:00:23 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011-12-15 09:21:32 | 000,460,624 | ---- | C] () -- C:\Users\dom\AppData\Local\promo.exe
[2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-07-09 21:21:59 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2011-06-03 15:44:52 | 000,198,144 | ---- | C] () -- C:\Users\dom\rld.dll
[2011-06-03 15:44:52 | 000,037,752 | ---- | C] () -- C:\Users\dom\SetupHelper.exe
[2011-04-09 15:53:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011-04-01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011-04-01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011-04-01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010-08-25 11:30:35 | 000,007,603 | ---- | C] () -- C:\Users\dom\AppData\Local\Resmon.ResmonCfg
[2010-08-09 16:25:09 | 000,000,091 | ---- | C] () -- C:\Users\dom\AppData\Local\fusioncache.dat
[2010-05-14 19:29:45 | 000,046,080 | ---- | C] () -- C:\Users\dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-07 11:54:54 | 000,524,288 | -HS- | C] () -- C:\Users\dom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010-05-07 11:54:54 | 000,524,288 | -HS- | C] () -- C:\Users\dom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010-05-07 11:54:54 | 000,065,536 | -HS- | C] () -- C:\Users\dom\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010-05-07 11:54:54 | 000,000,020 | -HS- | C] () -- C:\Users\dom\ntuser.ini
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2012-07-07 09:24:17 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\.minecraft
[2013-01-21 15:20:06 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\.mono
[2013-01-21 20:02:00 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\.spoutcraft
[2012-02-18 16:24:38 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\AVG2012
[2011-12-15 14:07:08 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Babylon
[2013-03-15 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\BitTorrent
[2013-03-06 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Condusiv_Technologies
[2013-03-15 14:19:08 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\DAEMON Tools Lite
[2013-03-06 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Downloaded Installations
[2012-12-16 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Funmoods
[2013-03-06 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\FunnyGames
[2013-03-06 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Gadu-Gadu 10
[2013-03-06 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\GG
[2013-03-06 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\ijjigame
[2013-01-21 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\inkscape
[2012-11-15 20:12:55 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\IObit
[2010-09-01 19:46:20 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\LolClient
[2012-05-17 07:57:38 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\LolClient2
[2010-05-10 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Nowe Gadu-Gadu
[2012-11-27 19:59:23 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\OpenCandy
[2010-05-10 21:50:30 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\OpenFM
[2012-09-16 16:21:05 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Opera
[2012-03-08 20:29:05 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Origin
[2012-12-16 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\PDFCreatorPackages
[2013-03-07 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\RenPy
[2013-01-25 10:35:49 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\SplitMediaLabs
[2011-12-30 22:20:53 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Stykz
[2011-12-30 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Stykz Help
[2011-02-27 14:08:52 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\The Creative Assembly
[2010-08-24 19:55:02 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Touchstone
[2012-11-15 16:46:08 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\TS3Client
[2012-11-27 19:59:58 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\TuneUp Software
[2012-07-02 19:36:06 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\Tunngle
[2010-08-09 11:21:59 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\W
[2010-08-09 10:44:45 | 000,000,000 | ---D | M] -- C:\Users\dom\AppData\Roaming\wargaming.net
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 824041 bytes -> C:\Windows\Temp:temp
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >Warto jeszcze wspomnieć, że nie działają te "zaawansowane" funkcje. Sam program może się otworzyć ale funkcje w nim zawarte nie działają np. w odkurzaczu albo ccleanerze, sam program się otwiera ale nie reaguje gdy chcę go użyć do skanowania.
Użytkownik pawel315 edytował ten post 16 03 2013 - 21:46
ogarnąłem temat
