Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 26-07-2012 15:21:39 Running from H:\WIRUS Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated) HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-10-20] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-10-20] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-10-20] (Intel Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-03-08] (Advanced Micro Devices, Inc.) HKU\Robert\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd) HKU\Robert\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Robert\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15028104 2011-01-03] (Skype Technologies S.A.) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{67901FF7-967A-45FD-943D-AEBF6A283DAF}: [NameServer]89.108.195.21 217.17.34.10 Tcpip\..\Interfaces\{CCAF06F1-FD41-4EE6-A65A-62CF2A6A84D7}: [NameServer]89.108.195.20 217.17.34.10 Startup: C:\Users\Robert\Start Menu\Programs\Startup\Wilq - Kalendarz 2012.lnk ShortcutTarget: Wilq - Kalendarz 2012.lnk -> C:\Program Files (x86)\Wilq - Kalendarz 2012\Wilq - Kalendarz 2012.exe () ==================== Services (Whitelisted) ====== 2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [901184 2011-01-24] (Intel Corporation) 3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2011-01-24] (Intel Corporation) 2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [991296 2011-01-24] (Intel Corporation) 2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel(R) Corporation) 3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.) 2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] () 4 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2012-04-26] () 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-16] () 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-22] (Intel Corporation) 2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [x] 2 HPClientSvc; "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe" [x] ========================== Drivers (Whitelisted) ============= 3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-17] (Google Inc) 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-23] (DT Soft Ltd) 3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [421376 2012-04-26] (Huawei Technologies Co., Ltd.) 3 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-04-26] (Huawei Technologies Co., Ltd.) 3 ew_usbenumfilter; C:\Windows\System32\Drivers\ew_usbenumfilter.sys [13952 2012-04-26] (Huawei Technologies Co., Ltd.) 3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [86016 2012-04-26] (Huawei Technologies Co., Ltd.) 3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-01-23] (Intel Corporation) 3 RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2012-04-24] () 3 tizeqdrv; \??\C:\Users\Robert\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-06-13] () 3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org) 3 zghsdiag; C:\Windows\System32\Drivers\zghsdiag.sys [122624 2011-01-12] (ZTE Incorporated) 3 zghsmdm; C:\Windows\System32\Drivers\zghsmdm.sys [122624 2011-01-12] (ZTE Incorporated) 3 zghsnmea; C:\Windows\System32\Drivers\zghsnmea.sys [122624 2011-01-12] (ZTE Incorporated) 3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [x] 3 tizekdrv; \??\C:\Users\Robert\AppData\Roaming\TZAC\tizek64.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-26 04:08 - 2012-07-26 04:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50E698C929761C14 2012-07-26 04:04 - 2012-07-26 04:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51759B39D55C96D5 2012-07-26 03:57 - 2012-07-26 04:02 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-07-26 03:57 - 2012-07-26 03:57 - 01805736 ____A (Symantec Corporation) C:\Users\Robert\Downloads\FixZeroAccess.exe 2012-07-26 03:30 - 2012-07-26 03:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66E8FEBC4FD03230 2012-07-26 03:18 - 2012-07-26 03:18 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-07-26 03:18 - 2012-07-26 03:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-07-26 03:17 - 2012-07-26 03:17 - 12633984 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\mseinstall(1).exe 2012-07-26 03:13 - 2012-07-26 03:15 - 00000000 ____D C:\Users\All Users\7531CCA903080DDE00077421F875F002 2012-07-25 16:05 - 2012-07-25 16:05 - 00000000 ____D C:\Users\Robert\AppData\Local\{7E20C62F-58C7-4AD8-8975-8199F0C34417} 2012-07-25 11:15 - 2012-07-25 11:15 - 00000000 ____D C:\Users\Robert\AppData\Local\{FE275241-E4D3-40EC-AA3E-4816193E94B5} 2012-07-25 11:15 - 2012-07-25 11:15 - 00000000 ____D C:\Users\Robert\AppData\Local\{BA51B126-4AC8-436E-B801-94FA37CCB89B} 2012-07-25 00:57 - 2012-07-25 00:57 - 00000165 ___AH C:\Users\Robert\Desktop\~$lankurwa.xlsx 2012-07-25 00:06 - 2012-07-25 00:06 - 00000000 ____D C:\Users\Robert\AppData\Local\{881C1840-30C6-4800-AB34-B03E5D3EE453} 2012-07-24 14:25 - 2012-07-24 14:25 - 00000000 ____A C:\Users\Robert\Documents\ts3_clientui-win64-1340260499-2012-07-25 00_25_28.555430.dmp 2012-07-24 11:16 - 2012-07-24 11:16 - 00000000 ____D C:\Users\Robert\AppData\Local\{FBDBA34E-3CE7-472A-9E92-73C3F2A1B5C3} 2012-07-24 11:16 - 2012-07-24 11:16 - 00000000 ____D C:\Users\Robert\AppData\Local\{5923816E-B1DE-49C1-9A65-4CD3B73FD374} 2012-07-24 03:34 - 2012-07-24 03:34 - 00000000 ____D C:\Users\Robert\AppData\Local\{7779A871-775A-430E-B378-83617CEF2F9A} 2012-07-23 14:21 - 2012-07-23 14:21 - 00000000 ____D C:\Users\Robert\AppData\Local\{A943CB4F-6D0C-48C3-96B5-18CA6CBB2B53} 2012-07-23 01:55 - 2012-07-23 01:55 - 00001933 ____A C:\Users\Robert\Downloads\s2.m3u 2012-07-23 01:54 - 2012-07-23 01:54 - 00000000 ____D C:\Users\Robert\AppData\Local\{E5DA613A-9E8E-4D92-9A72-29E960CFE649} 2012-07-22 12:42 - 2012-07-22 12:42 - 00000000 ____D C:\Users\Robert\AppData\Local\{3C690710-9DA3-49E0-9AD7-B3D834D05617} 2012-07-22 11:38 - 2012-07-22 11:41 - 00000000 ____D C:\Users\Robert\Desktop\Wilhelma - Ola 2012-07-22 11:35 - 2012-07-22 11:37 - 00000000 ____D C:\Users\Robert\Desktop\Wilhelma 2012 2012-07-22 10:16 - 2012-07-22 10:16 - 00000000 ____D C:\Users\Robert\AppData\Local\{E20A17F8-270D-4ECF-9389-3766DA9BF6E6} 2012-07-21 12:01 - 2012-07-21 12:01 - 00000000 ____D C:\Users\Robert\AppData\Local\{BF5A7A26-4CDF-4935-98B9-A709F9116429} 2012-07-21 02:20 - 2012-07-21 02:20 - 00000000 ____D C:\Users\Robert\AppData\Local\{4432AC01-B2B3-458A-B87D-369ECD7C5E7D} 2012-07-20 07:15 - 2012-07-20 07:15 - 00000000 ____D C:\Users\Robert\AppData\Local\{3E1652F2-A345-4C4D-855E-B00321804201} 2012-07-20 07:15 - 2012-07-20 07:15 - 00000000 ____D C:\Users\Robert\AppData\Local\{2F50E620-020C-42CB-8F16-89265C98D23F} 2012-07-20 02:40 - 2012-07-20 02:40 - 00000000 ____D C:\Users\Robert\AppData\Local\{FF765A94-9E77-4EE0-9DB6-FAF9A9916E45} 2012-07-19 15:05 - 2012-07-19 15:05 - 00000000 ____D C:\Users\Robert\AppData\Local\{55F4547A-D07E-4FAB-A517-D89E0C375EED} 2012-07-19 04:55 - 2012-07-19 04:55 - 00000000 ____D C:\Users\Robert\AppData\Local\{253F20E3-FE38-4F9E-972D-9966528EDF34} 2012-07-19 04:55 - 2012-07-19 04:55 - 00000000 ____D C:\Users\Robert\AppData\Local\{05D10C61-1E28-4367-942D-C7E429CD1219} 2012-07-19 02:23 - 2012-07-19 02:23 - 00000000 ____D C:\Users\Robert\AppData\Local\{11D52B8F-2004-434B-9A07-58BF11348C44} 2012-07-18 14:16 - 2012-07-18 14:16 - 00000000 ____D C:\Users\Robert\AppData\Local\{B4FBE641-1622-43DE-B57C-15A5EAD75F79} 2012-07-18 01:34 - 2012-07-18 01:34 - 00000000 ____D C:\Users\Robert\AppData\Local\{63307E42-D85F-48AD-9745-D636F126BB08} 2012-07-17 04:38 - 2012-07-26 02:46 - 00012482 ____A C:\Users\Robert\Desktop\lankurwa.xlsx 2012-07-17 01:45 - 2012-07-17 01:45 - 00000000 ____D C:\Users\Robert\AppData\Local\{CA2F971B-E87E-472D-A9EE-7443FEDE3F5F} 2012-07-17 01:45 - 2012-07-17 01:45 - 00000000 ____D C:\Users\Robert\AppData\Local\{34131F45-DADD-4F33-A0DB-ACFC80013D1E} 2012-07-16 07:45 - 2012-07-16 07:45 - 00000000 ____D C:\Users\Robert\AppData\Local\{D289CADA-6715-499E-B24A-07DE20FD7CF8} 2012-07-16 07:45 - 2012-07-16 07:45 - 00000000 ____D C:\Users\Robert\AppData\Local\{81E915F3-9727-436F-B424-BA66D30D7516} 2012-07-15 12:23 - 2012-07-15 12:23 - 00000000 ____D C:\Users\Robert\AppData\Local\{24A0542B-B9C1-4779-ABC6-7345FA3F77E3} 2012-07-15 11:54 - 2012-07-15 12:03 - 405265588 ____A C:\Users\Robert\Downloads\Lazio & Griim - Can't Stop.mkv 2012-07-15 10:27 - 2012-07-15 10:27 - 00000000 ____D C:\Users\Robert\AppData\Local\{49F17700-C7DC-42C0-8E86-1C3F87536F5D} 2012-07-15 03:00 - 2012-07-15 03:00 - 00000000 ____D C:\Users\Robert\AppData\Local\{39054D24-3A63-4055-82F9-9CD73B25022F} 2012-07-14 13:34 - 2012-07-14 13:34 - 00000000 ____D C:\Users\Robert\AppData\Local\{1812642B-4C5F-45EB-ACB3-A9A658772B07} 2012-07-14 06:24 - 2012-07-14 06:24 - 00000000 ____D C:\Users\Robert\AppData\Local\{4B6BCE71-0D85-4A8F-8CB7-1BBCA74C5B12} 2012-07-14 00:48 - 2012-07-14 00:48 - 00000000 ____D C:\Users\Robert\AppData\Local\{784EF20B-CC9A-463F-BB1A-568CE22C2EBC} 2012-07-12 13:11 - 2012-07-12 13:11 - 00000000 ____D C:\Users\Robert\AppData\Local\{738E9FD5-3CA8-4793-BC82-D1AE5959D23A} 2012-07-12 13:11 - 2012-07-12 13:11 - 00000000 ____D C:\Users\Robert\AppData\Local\{25C200C4-80FA-45AB-B52B-BD2C0C1B8A17} 2012-07-12 02:51 - 2012-07-12 02:51 - 00000000 ____D C:\Users\Robert\AppData\Local\{DC76A1F2-EDA3-4D35-8C17-A2B2E9C9CF38} 2012-07-11 07:52 - 2012-07-11 07:52 - 00000000 ____D C:\Users\Robert\AppData\Local\{C1CBA539-B88C-4E61-B36C-BD54B71CC8DF} 2012-07-11 07:52 - 2012-07-11 07:52 - 00000000 ____D C:\Users\Robert\AppData\Local\{9825D606-4436-420C-98CB-9DD6536CCEC6} 2012-07-10 17:06 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-10 17:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-10 17:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-10 17:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-10 17:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-10 17:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-10 17:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-10 17:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-10 17:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-10 17:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-10 17:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-10 17:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-10 17:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-10 17:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-10 17:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-10 17:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-10 17:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-10 17:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-10 17:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-10 17:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-10 17:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-10 17:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-10 17:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-10 17:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-10 17:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-10 17:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-10 17:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-10 17:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-10 17:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-10 16:47 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 16:47 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-10 16:47 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 16:47 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 16:47 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-10 16:47 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-10 16:47 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-10 16:47 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-10 16:47 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-10 16:47 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-10 16:47 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 16:47 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 16:47 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 16:47 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-10 16:47 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-10 16:47 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-10 16:47 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-10 16:47 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-10 16:47 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-10 11:52 - 2012-07-10 11:53 - 00000000 ____D C:\Users\Robert\AppData\Local\{E64A34BF-585F-40A3-9B1C-79C47E6BEF1C} 2012-07-10 11:52 - 2012-07-10 11:52 - 00000000 ____D C:\Users\Robert\AppData\Local\{2794CB86-2B2D-4C22-ACE8-E61DBA80CDE1} 2012-07-10 00:39 - 2012-07-10 00:39 - 00000000 ____D C:\Users\Robert\AppData\Local\{953948B3-9F44-48D2-BA82-88AC965B7917} 2012-07-09 17:00 - 2010-02-23 00:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe 2012-07-08 11:10 - 2012-07-08 11:10 - 00000000 ____D C:\Users\Robert\AppData\Local\{2A6B2C0A-3E81-46EF-A162-0B1D48099CA2} 2012-07-08 11:09 - 2012-07-08 11:10 - 00000000 ____D C:\Users\Robert\AppData\Local\{09D101EB-C67C-467C-AF8A-D5313174E4FA} 2012-07-07 05:54 - 2012-07-07 05:54 - 00000000 ____D C:\Users\Robert\AppData\Local\{C7B07DD8-8A19-4958-8A9A-36757568BE9C} 2012-07-06 04:42 - 2012-07-06 04:42 - 00000000 ____D C:\Users\Robert\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} 2012-07-06 04:14 - 2012-07-06 04:14 - 00000000 ____D C:\Users\Robert\AppData\Local\{3903603F-7DA4-4ECB-BA06-8D98C15443F6} 2012-07-06 04:14 - 2012-07-06 04:14 - 00000000 ____D C:\Users\Robert\AppData\Local\{0B344E57-A080-4429-BCFC-C17E108AB17F} 2012-07-05 13:47 - 2012-07-05 13:52 - 308600002 ____A C:\Users\Robert\Downloads\Edit_16(1).avi 2012-07-05 13:23 - 2012-07-05 13:23 - 00035490 ____A C:\Users\Robert\Downloads\Edit_16.avi 2012-07-05 13:07 - 2012-07-05 13:21 - 57453442 ____A C:\Users\Robert\Downloads\Edit_16.avi.part 2012-07-05 12:42 - 2012-07-05 12:42 - 00000000 ____D C:\Users\Robert\AppData\Local\{37993E13-8AA4-49C7-831F-CF5A9F2ABE59} 2012-07-04 02:18 - 2012-07-04 02:19 - 00000000 ____D C:\Users\Robert\AppData\Local\{DF8453B6-01DC-4DAA-A638-BAD9D71E2E32} 2012-07-04 02:18 - 2012-07-04 02:18 - 00000000 ____D C:\Users\Robert\AppData\Local\{9DFB4904-A1FB-4A68-88F6-41910F800943} 2012-07-03 14:13 - 2012-07-03 14:13 - 00314880 ____A C:\Users\Robert\AppData\Local\yksbs.exe 2012-07-03 03:41 - 2012-07-03 03:41 - 00000000 ____D C:\Users\Robert\AppData\Local\{D539D8F6-2AA6-4D7D-B809-6ACD6CF00655} 2012-07-03 03:40 - 2012-07-03 03:41 - 00000000 ____D C:\Users\Robert\AppData\Local\{89C5123D-019C-415E-929C-5B6F098A313A} 2012-07-03 02:15 - 2012-07-03 02:15 - 00000000 ____D C:\Users\Robert\AppData\Local\{AC01D961-EED4-4CC3-BBB2-1C665C7FD5D8} 2012-07-02 02:47 - 2012-07-02 02:47 - 00000000 ____D C:\Users\Robert\AppData\Local\{20E08938-CD70-4CD4-AEBB-6E577F3B061B} 2012-07-02 02:47 - 2012-07-02 02:47 - 00000000 ____D C:\Users\Robert\AppData\Local\{0F701FE8-4473-4408-93F7-8D37237C9E9E} 2012-07-01 13:12 - 2012-07-01 13:14 - 68304860 ____A C:\Users\Robert\Downloads\Edit_8.avi 2012-07-01 03:01 - 2012-07-01 03:01 - 00000000 ____D C:\Users\Robert\AppData\Local\{84401C95-AA85-4ADC-A29B-8FAB71CBA9C0} 2012-06-30 05:37 - 2012-06-30 05:37 - 00000000 ____D C:\Users\Robert\AppData\Local\{4B6E40C7-BEEB-48AE-AF9C-F189D20FC84A} 2012-06-30 05:37 - 2012-06-30 05:37 - 00000000 ____D C:\Users\Robert\AppData\Local\{19734D1C-9992-47BD-AD80-115A744333BB} 2012-06-29 17:53 - 2012-06-29 17:53 - 00000000 ____D C:\Users\Robert\AppData\Local\{F71197D4-0958-4E9F-936F-504BDD2A1139} 2012-06-29 08:24 - 2012-06-29 08:24 - 00000000 ____D C:\Users\Robert\AppData\Local\{D9596B6D-4FBF-4176-AE98-F2AF81DD27F9} 2012-06-29 03:17 - 2012-06-29 03:17 - 00000000 ____D C:\Users\Robert\AppData\Local\{1E989878-DB8D-43AD-9FA7-24FFE0C88123} 2012-06-29 03:17 - 2012-06-29 03:17 - 00000000 ____D C:\Users\Robert\AppData\Local\{1943950C-49A9-4C0A-ADFB-631B0BC2DAFE} 2012-06-28 04:21 - 2012-06-28 04:22 - 00000000 ____D C:\Users\Robert\AppData\Local\{71C18F05-4FE0-4FAA-B2AC-B042B2910B68} 2012-06-28 04:21 - 2012-06-28 04:21 - 00000000 ____D C:\Users\Robert\AppData\Local\{E1EC6BEF-4FF9-4EE8-BDA4-5EE6E5984522} 2012-06-27 02:06 - 2012-06-27 02:06 - 00000000 ____D C:\Users\Robert\AppData\Local\{A8D805C4-FA77-402F-868C-9F8FB2C8506B} 2012-06-27 02:06 - 2012-06-27 02:06 - 00000000 ____D C:\Users\Robert\AppData\Local\{7319012B-CAD8-45B9-BC7E-07CE2245F6DF} ============ 3 Months Modified Files ======================== 2012-07-26 05:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-26 05:00 - 2009-07-13 20:51 - 00103395 ____A C:\Windows\setupact.log 2012-07-26 04:58 - 2009-07-13 21:13 - 00006476 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-26 04:55 - 2011-07-10 10:32 - 01359794 ____A C:\Windows\WindowsUpdate.log 2012-07-26 04:08 - 2012-07-26 04:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50E698C929761C14 2012-07-26 04:04 - 2012-07-26 04:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51759B39D55C96D5 2012-07-26 04:02 - 2012-07-26 03:57 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-07-26 04:01 - 2010-11-20 19:47 - 00381214 ____A C:\Windows\PFRO.log 2012-07-26 03:57 - 2012-07-26 03:57 - 01805736 ____A (Symantec Corporation) C:\Users\Robert\Downloads\FixZeroAccess.exe 2012-07-26 03:30 - 2012-07-26 03:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66E8FEBC4FD03230 2012-07-26 03:25 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-07-26 03:18 - 2011-09-29 07:40 - 00006442 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-07-26 03:18 - 2011-09-29 07:40 - 00001945 ____A C:\Windows\epplauncher.mif 2012-07-26 03:17 - 2012-07-26 03:17 - 12633984 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\mseinstall(1).exe 2012-07-26 02:46 - 2012-07-17 04:38 - 00012482 ____A C:\Users\Robert\Desktop\lankurwa.xlsx 2012-07-26 01:54 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-26 01:54 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-25 00:57 - 2012-07-25 00:57 - 00000165 ___AH C:\Users\Robert\Desktop\~$lankurwa.xlsx 2012-07-24 14:25 - 2012-07-24 14:25 - 00000000 ____A C:\Users\Robert\Documents\ts3_clientui-win64-1340260499-2012-07-25 00_25_28.555430.dmp 2012-07-24 11:38 - 2011-10-05 13:05 - 00282472 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-07-24 11:38 - 2011-10-05 13:04 - 00282472 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-07-23 01:55 - 2012-07-23 01:55 - 00001933 ____A C:\Users\Robert\Downloads\s2.m3u 2012-07-21 15:57 - 2012-01-17 01:40 - 00232642 ____A C:\Users\Robert\Downloads\allmp3.m3u 2012-07-19 15:04 - 2011-10-07 12:02 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForRobert.job 2012-07-17 02:48 - 2011-10-08 09:07 - 00000433 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2012-07-15 12:03 - 2012-07-15 11:54 - 405265588 ____A C:\Users\Robert\Downloads\Lazio & Griim - Can't Stop.mkv 2012-07-14 15:26 - 2011-10-12 13:49 - 00022557 ____A C:\Users\Robert\Downloads\mp3.m3u 2012-07-12 09:57 - 2011-10-05 13:05 - 00282472 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-07-10 21:55 - 2009-07-13 20:45 - 00286208 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 17:01 - 2011-10-23 17:36 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-05 13:52 - 2012-07-05 13:47 - 308600002 ____A C:\Users\Robert\Downloads\Edit_16(1).avi 2012-07-05 13:23 - 2012-07-05 13:23 - 00035490 ____A C:\Users\Robert\Downloads\Edit_16.avi 2012-07-05 13:21 - 2012-07-05 13:07 - 57453442 ____A C:\Users\Robert\Downloads\Edit_16.avi.part 2012-07-03 14:13 - 2012-07-03 14:13 - 00314880 ____A C:\Users\Robert\AppData\Local\yksbs.exe 2012-07-01 13:14 - 2012-07-01 13:12 - 68304860 ____A C:\Users\Robert\Downloads\Edit_8.avi 2012-06-25 12:49 - 2012-06-25 12:49 - 00442368 ____A C:\Users\Robert\AppData\Local\yxehk.exe 2012-06-22 12:02 - 2012-06-22 12:02 - 13085120 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\Silverlight_x64.exe 2012-06-21 16:08 - 2012-06-21 16:08 - 02095104 ____A C:\Users\Robert\Downloads\QuakeLiveNP_520.msi 2012-06-21 04:31 - 2012-06-21 04:31 - 00000033 ____A C:\Users\Robert\Documents\bet.txt 2012-06-20 04:34 - 2011-04-24 07:30 - 00336300 ____A C:\Windows\DirectX.log 2012-06-18 10:20 - 2012-06-18 10:20 - 00000000 ____A C:\Windows\ativpsrm.bin 2012-06-18 10:12 - 2012-06-18 10:02 - 284703496 ____A (leshcat ) C:\Users\Robert\Downloads\Catalyst_12.3_UP2_UnifL.exe 2012-06-18 09:57 - 2012-06-18 09:57 - 00000547 ____A C:\Users\Robert\Documents\addon_remove.reg 2012-06-18 09:26 - 2012-06-18 09:26 - 00011348 ____A C:\Users\Robert\Downloads\SafeMSI.zip 2012-06-18 08:40 - 2012-06-18 08:37 - 168763241 ____A (Advanced Micro Devices, Inc.) C:\Users\Robert\Downloads\12-3_mobility_vista_win7_64_dd_ccc.exe 2012-06-12 16:24 - 2012-06-12 16:24 - 00000000 ____A C:\Windows\SysWOW64\shoAF81.tmp 2012-06-12 02:28 - 2012-06-12 02:25 - 128605140 ____A C:\Users\Robert\Downloads\LAN_TARILER_FINAL_BY_SAMAEL.mp4 2012-06-11 19:08 - 2012-07-10 17:06 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-11 12:32 - 2012-06-11 12:32 - 00000029 ____A C:\Users\Robert\Documents\windows.txt 2012-06-11 09:54 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-10 09:54 - 2012-06-10 09:52 - 108246209 ____A C:\Users\Robert\Downloads\LAN_TARILER_FINAL.mp4 2012-06-09 09:12 - 2012-06-09 09:12 - 00653380 ____A C:\Users\Robert\Downloads\_brak_tematu_.rar 2012-06-09 08:07 - 2012-06-09 08:07 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo 2012-06-09 08:03 - 2012-06-09 08:03 - 02135728 ____A C:\Users\Robert\Downloads\installspeedfan446.exe 2012-06-09 06:52 - 2012-06-09 06:52 - 00672192 ____A C:\Users\Robert\Downloads\RBE_128.exe 2012-06-09 06:34 - 2012-06-09 06:34 - 01058784 ____A (techPowerUp (www.techpowerup.com)) C:\Users\Robert\Downloads\GPU-Z.0.6.2.exe 2012-06-08 21:43 - 2012-07-10 16:47 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-10 16:47 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-10 16:47 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-10 16:47 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-10 16:47 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-10 16:47 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-10 16:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-10 16:47 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 08:10 - 2011-09-29 06:55 - 00060528 ____A C:\Users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-04 10:50 - 2012-06-04 10:50 - 01158444 ____A C:\Users\Robert\Downloads\18912-setup.zip 2012-06-02 14:19 - 2012-06-22 07:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-22 07:38 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-22 07:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-22 07:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-22 07:38 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-22 07:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-22 07:38 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 05:19 - 2012-06-22 07:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 05:15 - 2012-06-22 07:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-10 17:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-10 17:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-10 17:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-10 17:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-10 17:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-10 17:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-10 17:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-10 17:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-10 17:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-10 17:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-10 17:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-10 17:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-10 17:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-10 17:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-10 17:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-10 17:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-10 17:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-10 17:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-10 17:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-10 17:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-10 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-10 17:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-10 17:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-10 17:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-10 17:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-10 17:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-10 17:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-10 17:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-10 16:47 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-10 16:47 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-10 16:47 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-10 16:47 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-10 16:47 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-10 16:47 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-10 16:47 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-10 16:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-10 16:47 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-27 06:05 - 2012-05-27 06:04 - 00262144 ____A C:\Windows\Minidump\052712-27939-01.dmp 2012-05-27 06:04 - 2011-11-13 04:12 - 602300509 ____A C:\Windows\MEMORY.DMP 2012-05-24 14:54 - 2012-05-24 14:54 - 04359432 ____A (IObit ) C:\Users\Robert\Downloads\gb3-setup.exe 2012-05-24 12:24 - 2012-05-24 12:24 - 00005768 ____A C:\Users\Robert\Downloads\ENOEWO_CONFIG_MP!(1).zip 2012-05-24 11:56 - 2012-05-24 11:50 - 355441048 ____A (InstallShield Software Corporation ) C:\Users\Robert\Downloads\sp55092.exe 2012-05-24 11:23 - 2012-05-24 11:22 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Robert\Downloads\12-4_vista_win7_64_dd_ccc.exe 2012-05-24 11:20 - 2012-05-24 11:20 - 00792704 ____A (AMD) C:\Users\Robert\Downloads\amddriverdownloader(1).exe 2012-05-24 11:13 - 2012-05-24 11:13 - 01173832 ____A (AMD Inc.) C:\Users\Robert\Downloads\catalyst_mobility_64-bit_util(1).exe 2012-05-24 11:12 - 2012-05-24 11:12 - 01173832 ____A (AMD Inc.) C:\Users\Robert\Downloads\catalyst_mobility_64-bit_util.exe 2012-05-24 11:07 - 2012-05-24 11:07 - 00792704 ____A (AMD) C:\Users\Robert\Downloads\amddriverdownloader.exe 2012-05-24 11:02 - 2012-05-24 11:03 - 05429372 ____A (Phyxion.net ) C:\Users\Robert\Downloads\DriverSweeper_3.2.0.exe 2012-05-24 11:02 - 2012-05-24 11:02 - 00463080 ____A (CNET Download.com) C:\Users\Robert\Downloads\cnet_DriverSweeper_3_2_0_exe.exe 2012-05-19 03:37 - 2012-05-19 03:37 - 00319352 ____A C:\Users\Robert\Downloads\Setup(2).exe 2012-05-19 03:02 - 2011-10-01 02:51 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-05-17 12:28 - 2012-05-17 12:27 - 00267968 ____A C:\Windows\Minidump\051712-21730-01.dmp 2012-05-17 09:24 - 2012-05-17 09:23 - 00266728 ____A C:\Windows\Minidump\051712-29078-01.dmp 2012-05-17 05:46 - 2011-07-10 10:33 - 00044932 ____A C:\Windows\DPINST.LOG 2012-05-17 05:45 - 2012-05-17 05:45 - 26256336 ____A (Intel(R) Corporation) C:\Users\Robert\Downloads\Wireless_15.1.1_Ds64.exe 2012-05-17 05:40 - 2012-05-17 05:39 - 15274544 ____A (Hewlett-Packard Company ) C:\Users\Robert\Downloads\sp52308.exe 2012-05-16 12:43 - 2011-10-05 13:04 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2012-05-16 06:56 - 2012-05-16 06:56 - 00641248 ____A C:\Users\Robert\Downloads\Warioland 3 (J) (M2) [C][!].zip 2012-05-12 08:08 - 2012-05-12 08:08 - 00270856 ____A C:\Windows\Minidump\051212-19734-01.dmp 2012-05-12 03:49 - 2012-05-12 03:49 - 00005768 ____A C:\Users\Robert\Downloads\ENOEWO_CONFIG_MP!.zip 2012-05-11 06:30 - 2012-05-11 06:30 - 00301608 ____A (Softonic) C:\Users\Robert\Downloads\SoftonicDownloader_dla_ap-tuner.exe 2012-05-06 04:39 - 2012-05-06 04:39 - 00000000 ____A C:\Users\Robert\Documents\ts3_clientui-win64-1334913258-2012-05-06 14_39_10.218422.dmp 2012-05-05 04:12 - 2012-05-05 04:12 - 00316616 ____A C:\Users\Robert\Downloads\Setup(1).exe 2012-05-04 03:06 - 2012-06-14 05:35 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:03 - 2012-06-14 05:35 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-14 05:35 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-02 18:54 - 2012-05-02 18:54 - 00042392 ____A C:\Windows\SysWOW64\xfcodec.dll 2012-05-02 18:54 - 2012-05-02 18:54 - 00028056 ____A C:\Windows\System32\xfcodec64.dll 2012-05-02 16:17 - 2012-05-02 16:16 - 08920483 ____A C:\Users\Robert\Downloads\56.rar 2012-04-30 21:40 - 2012-06-14 05:35 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-30 00:31 - 2012-04-30 00:31 - 00707504 ____A C:\Users\Robert\AppData\Local\unins000.exe 2012-04-30 00:31 - 2012-04-30 00:31 - 00485560 ____A (Ministerstwo Finansów ) C:\Users\Robert\Downloads\e-Deklaracje-wtyczka_v2-0-1.exe 2012-04-30 00:31 - 2012-04-30 00:31 - 00011761 ____A C:\Users\Robert\AppData\Local\unins000.msg 2012-04-30 00:31 - 2012-04-30 00:31 - 00002175 ____A C:\Users\Robert\AppData\Local\unins000.dat 2012-04-28 14:34 - 2012-04-28 14:32 - 23411968 ____A (NEONET CONSULTING S.C. ) C:\Users\Robert\Downloads\pity.exe ZeroAccess: C:\Windows\Installer\{9c459d59-6a0d-e3a3-df51-574505781692} C:\Windows\Installer\{9c459d59-6a0d-e3a3-df51-574505781692}\@ C:\Windows\Installer\{9c459d59-6a0d-e3a3-df51-574505781692}\L C:\Windows\Installer\{9c459d59-6a0d-e3a3-df51-574505781692}\n C:\Windows\Installer\{9c459d59-6a0d-e3a3-df51-574505781692}\U C:\Windows\Installer\{9c459d59-6a0d-e3a3-df51-574505781692}\U\00000001.@ C:\Windows\Installer\{9c459d59-6a0d-e3a3-df51-574505781692}\U\80000000.@ C:\Windows\Installer\{9c459d59-6a0d-e3a3-df51-574505781692}\U\800000cb.@ ZeroAccess: C:\Users\Robert\AppData\Local\{9c459d59-6a0d-e3a3-df51-574505781692} C:\Users\Robert\AppData\Local\{9c459d59-6a0d-e3a3-df51-574505781692}\@ C:\Users\Robert\AppData\Local\{9c459d59-6a0d-e3a3-df51-574505781692}\L C:\Users\Robert\AppData\Local\{9c459d59-6a0d-e3a3-df51-574505781692}\n C:\Users\Robert\AppData\Local\{9c459d59-6a0d-e3a3-df51-574505781692}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 13% Total physical RAM: 6091.86 MB Available physical RAM: 5248.7 MB Total Pagefile: 6090.01 MB Available Pagefile: 5244.35 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:450.55 GB) (Free:118.93 GB) NTFS ==>[System with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:14.92 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 5 Drive h: () (Removable) (Total:1.87 GB) (Free:1.19 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 1912 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 450 GB 200 MB Partition 3 Primary 14 GB 450 GB Partition 4 Primary 103 MB 465 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 450 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E RECOVERY NTFS Partition 14 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1911 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT Removable 1911 MB Healthy ================================================================================== testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! ========================================================== Last Boot: 2012-07-19 03:45 ======================= End Of Log ==========================