Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 01-08-2012 04:58:00 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3168336 2009-11-03] (Dell Inc.) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated) HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-09-06] (Saitek) HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-09-06] (Saitek) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] () HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.) HKLM-x32\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-19] (Panda Security) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-30] () HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [idzwtvacsuuxwcc] C:\ProgramData\idzwtvac.exe [75776 2012-07-30] () HKU\Pawel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-21] (Google Inc.) HKU\Pawel\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd) HKU\Pawel\...\Run: [Gadu-Gadu] "C:\Program Files (x86)\Gadu-Gadu\gg.exe" /tray [2127296 2008-03-20] (Gadu-Gadu S.A.) HKU\Pawel\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-07] () HKU\Pawel\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] () HKU\Pawel\...\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum [2642432 2009-11-24] () HKU\Pawel\...\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork [1103216 2009-10-27] (IGN Entertainment) HKU\Pawel\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-09-27] (Valve Corporation) HKU\Pawel\...\Run: [Akamai NetSession Interface] "C:\Users\Pawel\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc) HKU\Pawel\...\Run: [] [x] HKU\Pawel\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1084840 2012-05-16] (Nokia) HKU\Pawel\...\Run: [idzwtvacsuuxwcc] C:\ProgramData\idzwtvac.exe [75776 2012-07-30] () Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Orbit.lnk ShortcutTarget: Orbit.lnk -> C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) ==================== Services (Whitelisted) ====== 3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation) 3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation) 2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-29] () 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.) 2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation) 3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ========================== Drivers (Whitelisted) ============= 2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-08-30] () 2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-03-30] (Windows (R) Win 7 DDK provider) 2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-08-30] () 0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.) 3 SaiK0CCB; C:\Windows\System32\Drivers\SaiK0CCB.sys [171016 2010-08-10] (Saitek) 3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [22792 2010-09-07] (Saitek) 3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-09-07] (Saitek) 3 SaiU0CCB; C:\Windows\System32\Drivers\SaiU0CCB.sys [41096 2010-08-10] (Saitek) 1 setup_9.0.0.722_12.07.2010_10-03drv; C:\Windows\System32\DRIVERS\0672743.sys [352784 2009-10-09] (Kaspersky Lab) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-21] (Duplex Secure Ltd.) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] () 3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2012-01-09] (Nokia) 3 ALSysIO; \??\C:\Users\Pawel\AppData\Local\Temp\ALSysIO64.sys [x] 3 cpuz130; \??\C:\Users\Pawel\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] 3 dump_wmimmc; \??\C:\gPotato\PriusOnline\GameGuard\dump_wmimmc.sys [x] 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] 3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] 3 vtany; \??\C:\Windows\vtany.sys [x] 3 X6va002; \??\C:\Users\Pawel\AppData\Local\Temp\00233BE.tmp [x] 3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x] 3 xsherlock; C:\Windows\system32\xsherlock.xem [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-01 04:57 - 2012-08-01 04:58 - 00000000 ____D C:\FRST 2012-07-30 14:03 - 2012-07-30 14:03 - 00075776 ____A C:\Users\Pawel\0.5495441342434803.exe 2012-07-30 14:03 - 2012-07-30 14:03 - 00075776 ____A C:\Users\All Users\idzwtvac.exe 2012-07-30 14:03 - 2012-07-30 14:03 - 00000051 ____A C:\Users\All Users\kipvqnkpocsxcvf 2012-07-30 14:03 - 2012-07-30 14:03 - 00000000 ____D C:\Users\All Users\hqtebmmkspnwdyx 2012-07-28 04:32 - 2012-07-28 04:32 - 00030566 ____A C:\dxdiag.txt 2012-07-25 22:16 - 2012-07-25 22:16 - 00001088 ____A C:\Windows\PFRO.log 2012-07-25 12:45 - 2012-07-31 16:41 - 00001344 ____A C:\Windows\setupact.log 2012-07-25 12:45 - 2012-07-25 12:45 - 00000000 ____A C:\Windows\setuperr.log 2012-07-17 11:58 - 2012-07-17 12:05 - 143285680 ____A C:\Users\Pawel\Desktop\setup_11.0.0.1245.x01_2012_07_17_22_56.exe 2012-07-17 07:38 - 2012-07-17 07:38 - 00000000 ____D C:\Users\All Users\Overwolf 2012-07-12 15:15 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 15:09 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-12 15:09 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-12 15:09 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-12 15:09 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-12 15:09 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-12 15:09 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-12 15:09 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-12 15:09 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-12 15:09 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-12 15:09 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-12 15:09 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-12 15:09 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-12 15:09 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-12 15:09 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-12 15:09 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-12 15:09 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-12 15:09 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-12 15:09 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-12 15:09 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-12 15:09 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-12 15:09 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-12 15:09 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-12 15:09 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-12 15:09 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-12 15:09 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-12 15:09 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-12 15:09 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-12 15:09 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 13:43 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 13:43 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 13:43 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 13:43 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 13:43 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 13:43 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 13:43 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-11 13:42 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 13:42 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 13:42 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 13:42 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 13:42 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 13:42 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 13:42 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 13:42 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 13:42 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 13:42 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 13:42 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 13:42 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-02 20:52 - 2012-07-17 12:40 - 00000000 ____D C:\Users\Pawel\AppData\Local\Overwolf ============ 3 Months Modified Files ======================== 2012-07-31 16:45 - 2011-08-20 08:55 - 01644041 ____A C:\Windows\WindowsUpdate.log 2012-07-31 16:45 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-31 16:45 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-31 16:41 - 2012-07-25 12:45 - 00001344 ____A C:\Windows\setupact.log 2012-07-31 16:41 - 2010-04-21 19:27 - 00001042 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-31 16:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-30 14:48 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-30 14:03 - 2012-07-30 14:03 - 00075776 ____A C:\Users\Pawel\0.5495441342434803.exe 2012-07-30 14:03 - 2012-07-30 14:03 - 00075776 ____A C:\Users\All Users\idzwtvac.exe 2012-07-30 14:03 - 2012-07-30 14:03 - 00000051 ____A C:\Users\All Users\kipvqnkpocsxcvf 2012-07-30 13:26 - 2010-04-21 19:28 - 00001046 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-30 12:18 - 2012-02-29 09:40 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-07-30 12:18 - 2010-04-22 01:22 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-07-30 08:39 - 2010-04-22 01:22 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-07-28 04:32 - 2012-07-28 04:32 - 00030566 ____A C:\dxdiag.txt 2012-07-25 22:17 - 2010-04-21 13:04 - 00075552 ____A C:\Users\Pawel\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-25 22:16 - 2012-07-25 22:16 - 00001088 ____A C:\Windows\PFRO.log 2012-07-25 22:16 - 2009-07-13 20:45 - 00319752 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-25 12:46 - 2010-11-18 23:44 - 00026934 ____A C:\Windows\SysWOW64\temp.txt 2012-07-25 12:45 - 2012-07-25 12:45 - 00000000 ____A C:\Windows\setuperr.log 2012-07-17 12:05 - 2012-07-17 11:58 - 143285680 ____A C:\Users\Pawel\Desktop\setup_11.0.0.1245.x01_2012_07_17_22_56.exe 2012-07-12 15:10 - 2010-04-22 00:13 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 20:52 - 2012-04-01 22:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-11 20:52 - 2011-05-16 22:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-09 09:19 - 2009-07-14 09:55 - 00707756 ____A C:\Windows\System32\perfh015.dat 2012-07-09 09:19 - 2009-07-14 09:55 - 00140738 ____A C:\Windows\System32\perfc015.dat 2012-07-09 09:19 - 2009-07-13 21:13 - 01578950 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-30 15:21 - 2010-04-21 22:25 - 00046592 ____A C:\Users\Pawel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-25 11:09 - 2010-05-05 02:16 - 00004064 ____A C:\Users\Pawel\AppData\Roaming\wklnhst.dat 2012-06-22 03:08 - 2012-06-22 03:08 - 04533264 ____A (www.orbitdownloader.com ) C:\Users\Pawel\Downloads\Orbit_Downloader4.1.1.0.exe 2012-06-22 03:07 - 2012-06-22 03:07 - 01614923 ____A (Conduit) C:\Users\Pawel\Downloads\bs_Orbit_Downloader.exe 2012-06-21 03:42 - 2012-06-21 03:42 - 00670816 ____A (Wellbia.com Co., Ltd.) C:\Windows\SysWOW64\xsherlock.xem 2012-06-16 02:03 - 2012-06-16 02:02 - 1771725467 ____A C:\Users\Pawel\Desktop\RAIL TO RAIL The Movie HD 720 1080.mp4 2012-06-15 01:32 - 2012-06-15 01:30 - 00000090 ____A C:\Users\Pawel\Desktop\kody do bety c9.txt 2012-06-14 11:41 - 2012-06-15 01:18 - 00039656 ____A C:\Windows\System32\OEMLOGO.bmp 2012-06-13 22:02 - 2012-06-13 22:02 - 00002091 ____A C:\Users\Public\Desktop\Nokia Suite.lnk 2012-06-11 19:08 - 2012-07-12 15:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-11 13:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 13:42 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-11 13:43 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 13:43 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 13:42 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 13:43 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 13:43 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 13:42 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-24 08:50 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-24 08:50 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-24 08:50 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-24 08:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-24 08:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-24 08:50 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-24 08:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 05:19 - 2012-06-24 08:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 05:15 - 2012-06-24 08:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-12 15:09 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-12 15:09 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-12 15:09 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-12 15:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-12 15:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-12 15:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-12 15:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-12 15:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-12 15:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-12 15:09 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-12 15:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-12 15:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-12 15:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-12 15:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-12 15:09 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-12 15:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-12 15:09 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-12 15:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-12 15:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-12 15:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-12 15:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-12 15:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-12 15:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-12 15:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-12 15:09 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-12 15:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-12 15:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-12 15:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-11 13:42 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 13:42 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 13:42 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 13:42 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 13:42 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 13:42 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 13:42 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 13:42 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 13:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 02:25 - 2010-04-21 12:22 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-16 06:38 - 2012-05-16 06:38 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll 2012-05-16 06:38 - 2012-05-16 06:38 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2012-05-16 06:38 - 2012-05-16 06:38 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2012-05-16 06:38 - 2012-05-16 06:38 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2012-05-16 06:38 - 2010-04-21 19:02 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll 2012-05-04 03:06 - 2012-06-13 08:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 03:00 - 2012-06-14 07:43 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-05-04 02:03 - 2012-06-13 08:05 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-13 08:05 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-04 01:59 - 2012-06-14 07:43 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 20% Total physical RAM: 3956.55 MB Available physical RAM: 3140.45 MB Total Pagefile: 3954.7 MB Available Pagefile: 3141.93 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:97.46 GB) NTFS 2 Drive e: (WIN_7_HOMEPREMIUM) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF 3 Drive f: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.82 GB) NTFS ==>[System with boot components (obtained from reading drive)] Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 465 GB 0 B Dysk 1 Online 3819 MB 0 B Trwa opuszczanie programu DiskPart... ========================================================== Last Boot: 2012-07-28 06:21 ======================= End Of Log ==========================