1. Logfile of random's system information tool 1.09 (written by random/random)
  2. Run by user at 2012-02-11 14:18:52
  3. Microsoft Windows 7 Ultimate
  4. System drive C: has 57 GB (24%) free of 235 GB
  5. Total RAM: 4095 MB (64% free)
  6.  
  7. Logfile of Trend Micro HijackThis v2.0.4
  8. Scan saved at 14:18:56, on 2012-02-11
  9. Platform: Windows 7 (WinNT 6.00.3504)
  10. MSIE: Internet Explorer v8.00 (8.00.7600.16385)
  11. Boot mode: Normal
  12.  
  13. Running processes:
  14. C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
  15. C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  16. C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
  17. C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
  18. C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
  19. C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
  20. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  21. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  22. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  23. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  24. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  25. C:\Windows\SysWOW64\rundll32.exe
  26. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  27. C:\Program Files\trend micro\user.exe
  28.  
  29. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  30. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  31. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  32. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  33. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  34. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  35. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
  36. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
  37. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  38. R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
  39. O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
  40. O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  41. O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
  42. O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
  43. O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
  44. O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
  45. O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  46. O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
  47. O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL
  48. O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
  49. O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
  50. O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
  51. O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  52. O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  53. O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
  54. O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
  55. O4 - HKLM\..\Run: [QuickTime Task] "C:\Windows\SysWOW64\qttask.exe" -atboottime
  56. O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
  57. O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
  58. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  59. O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" /r
  60. O4 - HKLM\..\Run: [CtaMon] Rundll32 CtaMon.dll,RunMonitor
  61. O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
  62. O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
  63. O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
  64. O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
  65. O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
  66. O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
  67. O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
  68. O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
  69. O4 - HKUS\S-1-5-21-2885973618-1506388084-555397745-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
  70. O4 - HKUS\S-1-5-21-2885973618-1506388084-555397745-1002\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (User 'UpdatusUser')
  71. O4 - HKUS\S-1-5-21-2885973618-1506388084-555397745-1002\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (User 'UpdatusUser')
  72. O4 - HKUS\S-1-5-21-2885973618-1506388084-555397745-1002\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED (User 'UpdatusUser')
  73. O4 - HKUS\S-1-5-21-2885973618-1506388084-555397745-1002\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent (User 'UpdatusUser')
  74. O4 - HKUS\S-1-5-21-2885973618-1506388084-555397745-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
  75. O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  76. O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
  77. O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
  78. O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
  79. O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
  80. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
  81. O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
  82. O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
  83. O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
  84. O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
  85. O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
  86. O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
  87. O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
  88. O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
  89. O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
  90. O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
  91. O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
  92. O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
  93. O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  94. O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  95. O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
  96. O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  97. O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
  98. O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
  99. O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  100. O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
  101. O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
  102. O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
  103. O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  104. O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
  105. O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  106. O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
  107. O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
  108. O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
  109. O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
  110. O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  111. O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
  112. O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
  113. O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  114. O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
  115. O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
  116. O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
  117. O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
  118. O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
  119.  
  120. --
  121. End of file - 12148 bytes
  122.  
  123. ======Listing Processes======
  124.  
  125. \SystemRoot\System32\smss.exe
  126. %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
  127. wininit.exe
  128. %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
  129. C:\Windows\system32\services.exe
  130. C:\Windows\system32\lsass.exe
  131. C:\Windows\system32\lsm.exe
  132. winlogon.exe
  133. C:\Windows\system32\svchost.exe -k DcomLaunch
  134. C:\Windows\system32\nvvsvc.exe
  135. "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
  136. C:\Windows\system32\svchost.exe -k RPCSS
  137. C:\Windows\system32\atiesrxx.exe
  138. C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  139. C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  140. C:\Windows\system32\svchost.exe -k netsvcs
  141. C:\Windows\system32\AUDIODG.EXE 0x300
  142. "C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
  143. C:\Windows\system32\svchost.exe -k LocalService
  144. C:\Windows\system32\svchost.exe -k NetworkService
  145. "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
  146. atieclxx
  147. "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
  148. "C:\Windows\system32\Dwm.exe"
  149. C:\Windows\Explorer.EXE
  150. C:\Windows\System32\spoolsv.exe
  151. "taskhost.exe"
  152. C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  153. "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
  154. C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
  155. C:\Windows\System32\svchost.exe -k HPZ12
  156. C:\Windows\System32\svchost.exe -k HPZ12
  157. C:\Windows\SysWOW64\PnkBstrA.exe
  158. C:\Windows\system32\svchost.exe -k imgsvc
  159. "C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
  160. "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
  161. WLIDSvcM.exe 2748
  162. C:\Windows\system32\SearchIndexer.exe /Embedding
  163. "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5f3575de-55cc-4a11-93c0-b2b59451fe0b -SystemEventPortName:HostProcess-8d532ff2-668a-4936-84f3-bcbb33cfb21a -IoCancelEventPortName:HostProcess-97350431-b671-48c7-bf8e-bcbd78553192 -NonStateChangingEventPortName:HostProcess-694c0c78-ffab-4ae6-986d-269a698b44ae -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b762838c-c8f3-4466-9e3c-eb9dcc105b05
  164. C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
  165. "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
  166. "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
  167. "C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe"
  168. "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
  169. "C:\Program Files\Windows Media Player\wmpnetwk.exe"
  170. C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
  171. "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F735#1318016007" -Startup
  172. "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
  173. "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
  174. "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
  175. C:\Windows\system32\sppsvc.exe
  176. HIDEC SWSC START Schedule
  177. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
  178. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=4324.042CAA80.509645128 /prefetch:3
  179. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=4324.042CAC00.99318622 /prefetch:3
  180. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll" --lang=pl --channel=4324.061441C0.368839126 /prefetch:4
  181. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=4324.060F8180.944358589 /prefetch:3
  182. C:\Windows\system32\rundll32.exe "C:\PROGRA~2\Google\Chrome\APPLIC~1\160912~1.77\gcswf32.dll",BrokerMain browser=chrome
  183. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll" --lang=pl --channel=4324.07E3F000.875689858 --flash-broker=1696 /prefetch:4
  184. "C:\Windows\notepad.exe" C:\Users\user\Downloads\Extras.Txt
  185. "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  186. "C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
  187. "C:\Users\user\Downloads\RSITx64.exe"
  188. C:\Windows\system32\wbem\wmiprvse.exe
  189.  
  190. ======Scheduled tasks folder======
  191.  
  192. C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  193. C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  194. C:\Windows\tasks\Norton Security Scan for user.job
  195.  
  196. =========Mozilla firefox=========
  197.  
  198. ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5qtp0qiq.default
  199.  
  200. prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT2928751&SearchSource=13"
  201.  
  202. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
  203. "Description"=Adobe® Flash® Player 10.1 Plugin
  204. "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
  205.  
  206. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
  207. "Description"=Adobe Shockwave Player
  208. "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
  209.  
  210. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
  211. "Description"=ESN Sonar browser plugin
  212. "Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
  213.  
  214. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.110.0]
  215. "Description"=
  216. "Path"=C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
  217.  
  218. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
  219. "Description"=Google Earth in your browser
  220. "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
  221.  
  222. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
  223. "Description"=Oracle® Next Generation Java™ Plug-In
  224. "Path"=C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
  225.  
  226. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
  227. "Description"=Ag Player Plugin
  228. "Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
  229.  
  230. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
  231. "Description"=NVIDIA stereo images plugin for Mozilla browsers
  232. "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
  233.  
  234. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
  235. "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  236. "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
  237.  
  238. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
  239. "Description"=This plugin detects and launches Pando Media Booster
  240. "Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
  241.  
  242. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@protectdisc.com/NPMPDRM]
  243. "Description"=MPDRM License Acquisition Plugin
  244. "Path"=C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
  245.  
  246. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669]
  247. "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
  248. "Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
  249.  
  250. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669]
  251. "Description"=RealJukebox Netscape Plugin
  252. "Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
  253.  
  254. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669]
  255. "Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
  256. "Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
  257.  
  258. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669]
  259. "Description"=RealPlayer(tm) HTML5VideoShim Plug-In
  260. "Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
  261.  
  262. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669]
  263. "Description"=12.0.1.669
  264. "Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
  265.  
  266. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
  267. "Description"=
  268. "Path"=
  269.  
  270. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
  271. "Description"=Google Update
  272. "Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
  273.  
  274. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
  275. "Description"=Google Update
  276. "Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
  277.  
  278. C:\Program Files (x86)\Mozilla Firefox\extensions\
  279. {972ce4c6-7e08-4474-a285-3208198ce6fd}
  280.  
  281. C:\Program Files (x86)\Mozilla Firefox\components\
  282. binary.manifest
  283. browsercomps.dll
  284. flashplayer.xpt
  285. nppl3260.xpt
  286. nsIQTScriptablePlugin.xpt
  287. nsJSRealPlayerPlugin.xpt
  288.  
  289. C:\Program Files (x86)\Mozilla Firefox\plugins\
  290. npdeployJava1.dll
  291. npjp2.dll
  292. nppl3260.dll
  293. nppl3260.xpt
  294. npqtplugin.dll
  295. npqtplugin2.dll
  296. npqtplugin3.dll
  297. npqtplugin4.dll
  298. npqtplugin5.dll
  299. npqtplugin6.dll
  300. npqtplugin7.dll
  301. nprjplug.dll
  302. nprpjplug.dll
  303. NPSWF32.dll
  304. nsjsrealplayerplugin.xpt
  305. QuickTimePlugin.class
  306.  
  307. C:\Program Files (x86)\Mozilla Firefox\searchplugins\
  308. amazondotcom.xml
  309. bing.xml
  310. eBay.xml
  311. google.xml
  312. twitter.xml
  313. wikipedia.xml
  314. yahoo.xml
  315.  
  316. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5qtp0qiq.default\extensions\
  317. {ff65fdbc-5683-4dfd-9113-1fcb5b0a3447}
  318.  
  319. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5qtp0qiq.default\searchplugins\
  320. conduit.xml
  321.  
  322. ======Registry dump======
  323.  
  324. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
  325. avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-09-06 959432]
  326.  
  327. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
  328. Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
  329.  
  330. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
  331. HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]
  332.  
  333. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
  334. Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
  335.  
  336. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
  337. RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-25 414416]
  338.  
  339. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
  340. Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
  341.  
  342. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
  343. BitTorrentBar Toolbar - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll [2011-05-09 176936]
  344.  
  345. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
  346. avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
  347.  
  348. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
  349. Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
  350.  
  351. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
  352. Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2011-10-03 57224]
  353.  
  354. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
  355. IplexToALLPlayer - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL [2011-02-09 400384]
  356.  
  357. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
  358. HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]
  359.  
  360. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  361. {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-09-06 959432]
  362.  
  363. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
  364. {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
  365. {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll [2011-05-09 176936]
  366.  
  367. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  368. "Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-10-03 3077528]
  369. "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]
  370. "Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-10-21 1242448]
  371. "ALLUpdate"=C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2011-08-16 1379840]
  372.  
  373. [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
  374. "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
  375. "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
  376. "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
  377. "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
  378. "QuickTime Task"=C:\Windows\SysWOW64\qttask.exe [2011-10-03 98304]
  379. "hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
  380. "HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
  381. "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]
  382. "VolPanel"=C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe [2009-05-04 241789]
  383. "CtaMon"=Rundll32 CtaMon.dll,RunMonitor []
  384. "TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2011-10-25 273528]
  385. "PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2011-11-15 312376]
  386. "LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-07 1987976]
  387. "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-12-05 343168]
  388.  
  389. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
  390. HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  391. McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
  392.  
  393. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  394. WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
  395.  
  396. [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  397. "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
  398.  
  399. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
  400. "SecurityProviders"=credssp.dll
  401.  
  402. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
  403.  
  404. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
  405.  
  406. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
  407.  
  408. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
  409.  
  410. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
  411.  
  412. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
  413.  
  414. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
  415. "ConsentPromptBehaviorAdmin"=5
  416. "ConsentPromptBehaviorUser"=3
  417. "EnableUIADesktopToggle"=0
  418. "dontdisplaylastusername"=0
  419. "legalnoticecaption"=
  420. "legalnoticetext"=
  421. "shutdownwithoutlogon"=1
  422. "undockwithoutlogon"=1
  423.  
  424. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
  425. "NoDrives"=0
  426.  
  427. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
  428. "NoDrives"=0
  429.  
  430. [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  431.  
  432. [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
  433.  
  434. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
  435. "vidc.mrle"=msrle32.dll
  436. "vidc.msvc"=msvidc32.dll
  437. "msacm.imaadpcm"=imaadp32.acm
  438. "msacm.msg711"=msg711.acm
  439. "msacm.msgsm610"=msgsm32.acm
  440. "msacm.msadpcm"=msadp32.acm
  441. "midimapper"=midimap.dll
  442. "wavemapper"=msacm32.drv
  443. "vidc.uyvy"=msyuv.dll
  444. "vidc.yuy2"=msyuv.dll
  445. "vidc.yvyu"=msyuv.dll
  446. "vidc.iyuv"=iyuv_32.dll
  447. "vidc.i420"=iyuv_32.dll
  448. "vidc.yvu9"=tsbyuv.dll
  449. "msacm.l3acm"=C:\Windows\System32\l3codeca.acm
  450. "wave"=wdmaud.drv
  451. "midi"=wdmaud.drv
  452. "mixer"=wdmaud.drv
  453. "aux"=wdmaud.drv
  454. "wave3"=wdmaud.drv
  455. "midi3"=wdmaud.drv
  456. "mixer3"=wdmaud.drv
  457. "aux3"=wdmaud.drv
  458. "wave2"=wdmaud.drv
  459. "midi2"=wdmaud.drv
  460. "mixer2"=wdmaud.drv
  461. "aux2"=wdmaud.drv
  462. "wave1"=wdmaud.drv
  463. "midi1"=wdmaud.drv
  464. "mixer1"=wdmaud.drv
  465. "aux1"=wdmaud.drv
  466. "wave4"=wdmaud.drv
  467. "midi4"=wdmaud.drv
  468. "mixer4"=wdmaud.drv
  469. "aux4"=wdmaud.drv
  470. "VIDC.FPS1"=frapsv64.dll
  471. "wave5"=wdmaud.drv
  472. "midi5"=wdmaud.drv
  473. "mixer5"=wdmaud.drv
  474. "aux5"=wdmaud.drv
  475. "wave6"=wdmaud.drv
  476. "midi6"=wdmaud.drv
  477. "mixer6"=wdmaud.drv
  478. "aux6"=wdmaud.drv
  479.  
  480. ======File associations======
  481.  
  482. .inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
  483. .inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
  484. .js - edit - C:\Windows\System32\Notepad.exe %1
  485. .js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
  486. .vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
  487. .cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*
  488.  
  489. ======List of files/folders created in the last 1 month======
  490.  
  491. 2012-02-11 14:18:52 ----D---- C:\rsit
  492. 2012-02-11 14:18:52 ----D---- C:\Program Files\trend micro
  493. 2012-02-11 13:52:27 ----D---- C:\Windows\temp
  494. 2012-02-11 13:43:34 ----A---- C:\Windows\zip.exe
  495. 2012-02-11 13:43:34 ----A---- C:\Windows\SWSC.exe
  496. 2012-02-11 13:43:34 ----A---- C:\Windows\SWREG.exe
  497. 2012-02-11 13:43:34 ----A---- C:\Windows\sed.exe
  498. 2012-02-11 13:43:34 ----A---- C:\Windows\PEV.exe
  499. 2012-02-11 13:43:34 ----A---- C:\Windows\NIRCMD.exe
  500. 2012-02-11 13:43:34 ----A---- C:\Windows\MBR.exe
  501. 2012-02-11 13:43:34 ----A---- C:\Windows\grep.exe
  502. 2012-02-11 13:43:29 ----D---- C:\Windows\ERDNT
  503. 2012-02-11 13:43:28 ----D---- C:\ComboFix
  504. 2012-02-11 13:42:55 ----AD---- C:\Qoobox
  505. 2012-02-11 13:31:52 ----A---- C:\Windows\system32\drivers\sptd.sys
  506. 2012-02-11 04:39:00 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
  507. 2012-02-11 04:24:17 ----D---- C:\ProgramData\ATI
  508. 2012-02-11 04:24:14 ----D---- C:\Program Files (x86)\AMD APP
  509. 2012-02-11 04:11:20 ----D---- C:\ProgramData\EA Core
  510. 2012-02-11 02:27:41 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
  511. 2012-02-11 02:27:34 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
  512. 2012-02-11 02:27:30 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
  513. 2012-02-11 02:27:30 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
  514. 2012-02-11 02:27:30 ----A---- C:\Windows\system32\XAudio2_7.dll
  515. 2012-02-11 02:27:30 ----A---- C:\Windows\system32\XAPOFX1_5.dll
  516. 2012-02-11 02:27:29 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
  517. 2012-02-11 02:27:29 ----A---- C:\Windows\system32\xactengine3_7.dll
  518. 2012-02-11 02:27:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
  519. 2012-02-11 02:27:28 ----A---- C:\Windows\system32\D3DCompiler_43.dll
  520. 2012-02-11 02:27:27 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
  521. 2012-02-11 02:27:27 ----A---- C:\Windows\system32\d3dcsx_43.dll
  522. 2012-02-11 02:27:26 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
  523. 2012-02-11 02:27:26 ----A---- C:\Windows\system32\d3dx11_43.dll
  524. 2012-02-11 02:27:25 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
  525. 2012-02-11 02:27:25 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
  526. 2012-02-11 02:27:25 ----A---- C:\Windows\system32\D3DX9_43.dll
  527. 2012-02-11 02:27:25 ----A---- C:\Windows\system32\d3dx10_43.dll
  528. 2012-02-11 01:49:33 ----D---- C:\ProgramData\Electronic Arts
  529. 2012-02-11 01:49:33 ----D---- C:\Program Files (x86)\Origin Games
  530. 2012-02-10 21:17:06 ----D---- C:\Users\user\AppData\Roaming\Origin
  531. 2012-02-10 21:15:24 ----D---- C:\ProgramData\Origin
  532. 2012-02-10 16:06:53 ----D---- C:\Users\user\AppData\Roaming\ATI
  533. 2012-02-10 16:03:02 ----D---- C:\Program Files\Common Files\ATI Technologies
  534. 2012-02-10 16:02:40 ----D---- C:\Program Files (x86)\ATI Technologies
  535. 2012-02-10 16:02:30 ----D---- C:\Program Files\ATI Technologies
  536. 2012-02-10 16:02:27 ----D---- C:\Program Files\ATI
  537. 2012-02-10 16:01:41 ----D---- C:\AMD
  538. 2012-02-10 15:59:31 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
  539. 2012-02-06 08:55:46 ----AH---- C:\Windows\system32\hamachi.sys
  540. 2012-02-04 21:08:48 ----AH---- C:\Windows\SYSWOW64\mlfcache.dat
  541. 2012-02-04 16:42:21 ----D---- C:\Windows\_ISTMP1.DIR
  542. 2012-02-04 16:42:21 ----D---- C:\_ISTMP1.DIR
  543. 2012-02-04 15:36:17 ----D---- C:\Program Files (x86)\PowerISO
  544. 2012-02-04 15:36:17 ----A---- C:\Windows\system32\drivers\scdemu.sys
  545. 2012-02-03 20:36:18 ----A---- C:\Windows\SYSWOW64\CmdLineExt.dll
  546. 2012-01-29 14:56:07 ----D---- C:\Program Files (x86)\Electronic Arts
  547. 2012-01-28 17:35:55 ----D---- C:\Users\user\AppData\Roaming\hideip_firefox_plugin
  548. 2012-01-28 17:35:55 ----D---- C:\Users\user\AppData\Roaming\Hide IP NG
  549. 2012-01-28 17:35:55 ----D---- C:\Program Files (x86)\Hide IP NG
  550. 2012-01-27 16:37:40 ----D---- C:\Program Files (x86)\MTA San Andreas 1.2
  551. 2012-01-27 16:21:16 ----D---- C:\ProgramData\MTA San Andreas All
  552. 2012-01-27 16:21:16 ----D---- C:\Program Files (x86)\MTA San Andreas 1.3
  553. 2012-01-20 20:34:51 ----D---- C:\Program Files (x86)\Sanny Builder 3
  554. 2012-01-20 17:36:56 ----D---- C:\Fraps
  555.  
  556. ======List of files/folders modified in the last 1 month======
  557.  
  558. 2012-02-11 14:18:52 ----RD---- C:\Program Files
  559. 2012-02-11 14:01:13 ----D---- C:\Windows\System32
  560. 2012-02-11 14:01:13 ----D---- C:\Windows\inf
  561. 2012-02-11 14:01:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
  562. 2012-02-11 13:59:29 ----D---- C:\Users\user\AppData\Roaming\Skype
  563. 2012-02-11 13:55:14 ----D---- C:\Windows
  564. 2012-02-11 13:55:14 ----A---- C:\Windows\system.ini
  565. 2012-02-11 13:54:55 ----D---- C:\Program Files (x86)\Steam
  566. 2012-02-11 13:54:51 ----D---- C:\Windows\system32\drivers\etc
  567. 2012-02-11 13:54:25 ----D---- C:\ProgramData\NVIDIA
  568. 2012-02-11 13:52:03 ----D---- C:\Windows\SysWOW64
  569. 2012-02-11 13:49:49 ----D---- C:\Windows\SYSWOW64\drivers
  570. 2012-02-11 13:49:49 ----D---- C:\Windows\system32\drivers
  571. 2012-02-11 13:49:49 ----D---- C:\Windows\AppPatch
  572. 2012-02-11 13:49:46 ----D---- C:\Program Files\Common Files
  573. 2012-02-11 13:49:46 ----D---- C:\Program Files (x86)\Common Files
  574. 2012-02-11 13:33:55 ----D---- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
  575. 2012-02-11 13:33:45 ----D---- C:\Users\user\AppData\Roaming\BitTorrent
  576. 2012-02-11 13:32:58 ----D---- C:\Windows\Panther
  577. 2012-02-11 13:32:56 ----D---- C:\Windows\Minidump
  578. 2012-02-11 13:32:56 ----D---- C:\Windows\Logs
  579. 2012-02-11 13:32:56 ----D---- C:\Windows\debug
  580. 2012-02-11 13:31:44 ----SHD---- C:\System Volume Information
  581. 2012-02-11 13:31:10 ----D---- C:\Windows\system32\Tasks
  582. 2012-02-11 13:30:36 ----RD---- C:\Program Files (x86)
  583. 2012-02-11 13:30:23 ----D---- C:\Windows\system32\DriverStore
  584. 2012-02-11 13:30:23 ----D---- C:\Windows\system32\catroot
  585. 2012-02-11 06:41:11 ----RSD---- C:\Windows\assembly
  586. 2012-02-11 04:29:13 ----D---- C:\Config.Msi
  587. 2012-02-11 04:24:17 ----D---- C:\ProgramData
  588. 2012-02-11 04:24:16 ----SHD---- C:\Windows\Installer
  589. 2012-02-11 04:22:05 ----D---- C:\Windows\system32\catroot2
  590. 2012-02-11 02:27:33 ----D---- C:\Windows\system32\LogFiles
  591. 2012-02-11 01:36:51 ----D---- C:\ProgramData\PMB Files
  592. 2012-02-10 21:16:46 ----D---- C:\Windows\Prefetch
  593. 2012-02-10 21:16:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
  594. 2012-02-10 18:47:11 ----D---- C:\Users\user\AppData\Roaming\.minecraft
  595. 2012-02-10 16:43:56 ----D---- C:\Program Files (x86)\JDownloader
  596. 2012-02-06 10:59:06 ----D---- C:\Windows\system32\config
  597. 2012-02-05 14:45:25 ----D---- C:\Windows\system32\NDF
  598. 2012-01-29 15:05:32 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
  599. 2012-01-20 17:33:40 ----D---- C:\Program Files (x86)\BitTorrent
  600. 2012-01-13 20:00:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
  601.  
  602. ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
  603.  
  604. R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
  605. R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
  606. R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-02-11 564792]
  607. R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 42328]
  608. R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 601944]
  609. R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 301912]
  610. R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 58200]
  611. R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 514048]
  612. R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2011-11-15 125376]
  613. R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 24408]
  614. R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
  615. R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
  616. R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
  617. R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
  618. R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
  619. R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
  620. R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
  621. S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
  622. S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
  623. S3 Ctafiltv;Ctafiltv; C:\Windows\system32\drivers\Ctafiltv.sys [2008-08-14 24064]
  624. S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
  625. S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
  626. S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
  627. S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
  628. S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
  629. S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
  630. S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 6656]
  631. S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
  632. S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
  633. S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
  634. S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
  635. S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 21760]
  636. S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
  637.  
  638. ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
  639.  
  640. R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-12-06 235520]
  641. R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
  642. R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
  643. R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]
  644. R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816]
  645. R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
  646. R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
  647. R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-03 980072]
  648. R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
  649. R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
  650. R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-02-11 75136]
  651. R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
  652. R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
  653. R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
  654. R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
  655. S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
  656. S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
  657. S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-23 79360]
  658. S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-23 79360]
  659. S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
  660. S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
  661. S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
  662. S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
  663. S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
  664. S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
  665. S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-02-10 481064]
  666. S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
  667.  
  668. -----------------EOF-----------------