Logfile of random's system information tool 1.09 (written by random/random) Run by Igor at 2013-11-11 22:50:13 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 103 GB (68%) free of 153 GB Total RAM: 8189 MB (53% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:50:21, on 2013-11-11 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Users\Igor\AppData\Roaming\Paradox Interactive\Paradox Interactive.exe C:\Users\Igor\AppData\Local\GG\Application\gghub.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\eMule\emule.exe C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Igor\AppData\Local\GG\Application\ggapp.exe C:\Users\Igor\AppData\Local\GG\Application\ggdrive\ggdrive.exe H:\Steam\Steam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.48_windows_x86_64.exe C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.48_windows_x86_64.exe C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.48_windows_x86_64.exe C:\Program Files\trend micro\Igor.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/?utm_source=appliki&utm_medium=31665&utm_campaign=onetsg_start_pliki R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Steam] "H:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [C:\Users\Igor\AppData\Roaming\Paradox Interactive\Paradox Interactive.exe] C:\Users\Igor\AppData\Roaming\Paradox Interactive\Paradox Interactive.exe O4 - HKCU\..\Run: [GG] "C:\Users\Igor\AppData\Local\GG\Application\gghub.exe" O4 - HKCU\..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\Igor\AppData\Local\Temp\\tsiVi132.dll,start O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-21-4207609899-1859822031-2785219281-1064\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-4207609899-1859822031-2785219281-1064\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Paradox Interactive.lnk = Igor\AppData\Roaming\Paradox Interactive\Paradox Interactive.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - TP-LINK TECHNOLOGIES CO., LTD. - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswpsapi.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10709 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Windows\system32\nvvsvc.exe" "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe "taskhost.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "C:\Program Files\BOINC\boincmgr.exe" /a /s "C:\Program Files\BOINC\boinctray.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe" "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp \??\C:\Windows\system32\conhost.exe "9022799989124438881788987061-567172361901696303-2073475459-2004132096782398907 "C:\Program Files\BOINC\\boinc.exe" --redirectio --launched_by_manager \??\C:\Windows\system32\conhost.exe "1637961557-1715116198-1941406982-2109151377-366756255-11404133972953368900363044 "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden "C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Users\Igor\AppData\Roaming\Paradox Interactive\Paradox Interactive.exe" "C:\Users\Igor\AppData\Local\GG\Application\gghub.exe" "C:\Windows\SysWOW64\rundll32.exe" C:\Users\Igor\AppData\Local\Temp\\tsiVi132.dll,start "C:\Program Files (x86)\eMule\emule.exe" -AutoStart C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui C:\Users\Igor\AppData\Local\GG\Application\ggapp.exe -port 56261 -profile C:\Users\Igor\AppData\Roaming\GG\Profiles\2mav0mm0.25560058 -purgecaches -no-remote -token AhK9UB35 C:\Users\Igor\AppData\Local\GG\Application\ggdrive\ggdrive.exe 56261 25560058 C:\Users\Igor\AppData\Local\GG\Application\gghub.exe C:\Windows\System32\svchost.exe -k secsvcs "H:\Steam\Steam.exe" "-silent" "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4864.cdf5f00.1112152300 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4864 "\\.\pipe\gecko-crash-server-pipe.4864" plugin "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe" --proxy-stub-channel=Flash6040.572BCA40.25947 --host-broker-channel=Flash6040.572BCA40.3387 --host-pid=6040 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe" --channel=3756.0037F564.1649201533 --proxy-stub-channel=Flash6040.572BCA40.25947 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll" --host-npapi-version=27 --type=renderer projects/boinc.bakerlab.org_rosetta/minirosetta_3.48_windows_x86_64.exe -abinitio::use_filters true -abinitio::increase_cycles 10 -silent_gz -mute all -abinitio::fastrelax -abinitio::rg_reweight 0.5 -abinitio::rsd_wt_helix 0.5 -abinitio::rsd_wt_loop 0.5 -psipred_ss2 rb_11_11_43157_83912_t000__glo_t000_.psipred_ss2 -in::file::fasta rb_11_11_43157_83912_t000__glo_t000_.fasta -kill_hairpins rb_11_11_43157_83912_t000__glo_t000_.nobuformat.psipred_ss2 -frag3 rb_11_11_43157_83912_t000__glo_aat000_03_05.200_v1_3 -fragA rb_11_11_43157_83912_t000__glo_aat000_05_05.200_v1_3 -fragB rb_11_11_43157_83912_t000__glo_aat000_09_05.200_v1_3 -nstruct 10000 -cpu_run_time 10800 -checkpoint_interval 120 -database minirosetta_database -in::file::zip minirosetta_database.zip -boinc::watchdog -run::rng mt19937 -constant_seed -jran 1147859 "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8fd75505-ca78-4820-938d-cfe3d4541bad -SystemEventPortName:HostProcess-2acdb220-2470-4ab9-a853-f14909d42fd2 -IoCancelEventPortName:HostProcess-317d0593-521a-463e-8c2e-7822e91f6ae4 -NonStateChangingEventPortName:HostProcess-3770b814-1fc2-4dd0-b8ee-3dfcb939f338 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8a58d821-5bc0-47b8-b4e0-72b4e352145d -DeviceGroupId: projects/boinc.bakerlab.org_rosetta/minirosetta_3.48_windows_x86_64.exe -frag3 start.200.3mers -frag9 start.200.9mers -abinitio::increase_cycles 10 -mute all -abinitio::fastrelax -relax::default_repeats 5 -abinitio::rsd_wt_helix 0.5 -abinitio::rsd_wt_loop 0.5 -abinitio::use_filters false -ex1 -ex2aro -in:file:boinc_wu_zip tj_10_3_1D0QA_fold_data.zip -out:file:silent default.out -silent_gz -mute all -in:file:native start.pdb -out:file:silent_struct_type binary -nstruct 10000 -cpu_run_time 10800 -checkpoint_interval 120 -database minirosetta_database -in::file::zip minirosetta_database.zip -boinc::watchdog -run::rng mt19937 -constant_seed -jran 1740294 "taskhost.exe" projects/boinc.bakerlab.org_rosetta/minirosetta_3.48_windows_x86_64.exe -frag3 start.200.3mers -frag9 start.200.9mers -abinitio::increase_cycles 10 -mute all -abinitio::fastrelax -relax::default_repeats 5 -abinitio::rsd_wt_helix 0.5 -abinitio::rsd_wt_loop 0.5 -abinitio::use_filters false -ex1 -ex2aro -in:file:boinc_wu_zip tj_10_3_3FP5A_fold_data.zip -out:file:silent default.out -silent_gz -mute all -in:file:native start.pdb -out:file:silent_struct_type binary -nstruct 10000 -cpu_run_time 10800 -checkpoint_interval 120 -database minirosetta_database -in::file::zip minirosetta_database.zip -boinc::watchdog -run::rng mt19937 -constant_seed -jran 1182054 "C:\Users\Igor\Desktop\RIST\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\FoxTab.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\4il1me7w.default prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.117 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nullsoft.com/winampDetector;version=1] "Description"=Winamp Detector "Path"=C:\Program Files (x86)\Winamp Detect\npwachk.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision] "Description"=NVIDIA stereo images plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.117 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\4il1me7w.default\extensions\ {1018e4d6-728f-4b20-ad56-37578a4de76b} {5ebdca98-43b3-45bb-87e0-716029fb42ab} C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\4il1me7w.default\searchplugins\ yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-11 1567016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-19 553384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-19 210856] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-19 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-11 606544] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-19 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-11 1567016] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-11 606544] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-24 11780712] "boincmgr"=C:\Program Files\BOINC\boincmgr.exe [2013-04-16 5868688] "boinctray"=C:\Program Files\BOINC\boinctray.exe [2013-04-16 72848] "Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-10-18 1028384] "ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2013-10-18 1063200] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392] "Steam"=H:\Steam\Steam.exe [2013-10-30 1820584] "KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-09-04 1564528] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] "C:\Users\Igor\AppData\Roaming\Paradox Interactive\Paradox Interactive.exe"=C:\Users\Igor\AppData\Roaming\Paradox Interactive\Paradox Interactive.exe [2013-09-06 344576] "GG"=C:\Users\Igor\AppData\Local\GG\Application\gghub.exe [2013-11-10 4033088] "tsiVideo"=C:\Windows\SysWOW64\rundll32.exe [2009-07-14 44544] "eMuleAutoStart"=C:\Program Files (x86)\eMule\emule.exe [2010-04-07 5758976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd] C:\Program Files (x86)\Gigabyte\UpdManager\PreRun.exe [2008-04-03 297480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe [2008-10-01 548864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-15 91432] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtection] C:\Users\Igor\AppData\Roaming\Search Protection\SearchProtection.EXE [2013-05-22 740712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-09-29 210216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk] C:\PROGRA~2\Gigabyte\GIGABY~1\OC_GURU.exe [2010-09-15 9650176] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "jswtrayutil"=C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe [2008-01-11 41045] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-09-04 311152] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-11-11 3568312] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Paradox Interactive.lnk - C:\Users\Igor\AppData\Roaming\Paradox Interactive\Paradox Interactive.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-11-11 17:17:33 ----D---- C:\Users\Igor\AppData\Roaming\AVAST Software 2013-11-11 16:27:25 ----D---- C:\rsit 2013-11-11 16:27:25 ----D---- C:\Program Files\trend micro 2013-11-11 14:43:01 ----A---- C:\Windows\system32\nvspcap64.dll 2013-11-11 14:43:00 ----A---- C:\Windows\SYSWOW64\nvspcap.dll 2013-11-11 14:41:58 ----D---- C:\Program Files (x86)\AGEIA Technologies 2013-11-11 14:33:44 ----A---- C:\Windows\system32\drivers\nvvad64v.sys 2013-11-11 14:33:43 ----A---- C:\Windows\system32\nvaudcap64v.dll 2013-11-11 14:33:42 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll 2013-11-11 14:33:33 ----A---- C:\Windows\system32\nvhdagenco64.dll 2013-11-11 14:33:23 ----A---- C:\Windows\system32\nvdispgenco6433165.dll 2013-11-11 14:33:22 ----A---- C:\Windows\system32\nvdispco6433165.dll 2013-11-11 14:33:20 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys 2013-11-11 14:33:18 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll 2013-11-11 14:33:18 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll 2013-11-11 14:33:18 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll 2013-11-11 14:33:18 ----A---- C:\Windows\system32\nvoglv64.dll 2013-11-11 14:33:18 ----A---- C:\Windows\system32\nvoglshim64.dll 2013-11-11 14:33:17 ----A---- C:\Windows\SYSWOW64\nvinit.dll 2013-11-11 14:33:17 ----A---- C:\Windows\SYSWOW64\NvIFR.dll 2013-11-11 14:33:17 ----A---- C:\Windows\SYSWOW64\NvFBC.dll 2013-11-11 14:33:17 ----A---- C:\Windows\system32\nvinitx.dll 2013-11-11 14:33:17 ----A---- C:\Windows\system32\NvIFR64.dll 2013-11-11 14:33:17 ----A---- C:\Windows\system32\NvFBC64.dll 2013-11-11 14:33:16 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll 2013-11-11 14:33:16 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll 2013-11-11 14:33:16 ----A---- C:\Windows\SYSWOW64\nvcuda.dll 2013-11-11 14:33:16 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll 2013-11-11 14:33:16 ----A---- C:\Windows\system32\nvcuvid.dll 2013-11-11 14:33:16 ----A---- C:\Windows\system32\nvcuvenc.dll 2013-11-11 14:33:16 ----A---- C:\Windows\system32\nvcompiler.dll 2013-11-11 11:19:34 ----D---- C:\Users\Igor\AppData\Roaming\FoxTab 2013-11-11 11:18:13 ----A---- C:\Windows\system32\drivers\tap0901.sys 2013-11-11 11:18:11 ----D---- C:\Program Files\CyberGhost VPN 2013-11-11 11:17:11 ----D---- C:\Program Files (x86)\Foxtab 2013-11-10 13:58:12 ----D---- C:\ProgramData\GG 2013-11-03 20:31:02 ----D---- C:\Users\Igor\AppData\Roaming\GG 2013-11-01 13:03:12 ----D---- C:\Program Files\CPUID 2013-11-01 12:57:08 ----D---- C:\Program Files (x86)\SpeedFan 2013-11-01 12:35:45 ----D---- C:\Program Files\Core Temp 2013-11-01 12:33:56 ----D---- C:\ProgramData\APN 2013-11-01 12:05:31 ----D---- C:\ProgramData\BOINC 2013-11-01 12:05:31 ----D---- C:\Program Files\BOINC 2013-11-01 12:04:23 ----D---- C:\Windows\Downloaded Installations 2013-10-30 23:29:33 ----D---- C:\ProgramData\firebird 2013-10-23 03:02:36 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe 2013-10-20 17:36:39 ----D---- C:\Users\Igor\AppData\Roaming\Sports Interactive 2013-10-20 17:28:14 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2013-10-20 17:23:59 ----A---- C:\Windows\SYSWOW64\MRT.exe 2013-10-19 11:43:02 ----A---- C:\Windows\system32\javaws.exe 2013-10-19 11:42:54 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll 2013-10-19 11:42:54 ----A---- C:\Windows\system32\javaw.exe 2013-10-19 11:42:54 ----A---- C:\Windows\system32\java.exe 2013-10-19 11:42:39 ----D---- C:\Program Files\Java 2013-10-19 11:39:14 ----D---- C:\ProgramData\Oracle 2013-10-19 11:39:01 ----A---- C:\Windows\SYSWOW64\javaws.exe 2013-10-19 11:38:57 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2013-10-19 11:38:57 ----A---- C:\Windows\SYSWOW64\javaw.exe 2013-10-19 11:38:57 ----A---- C:\Windows\SYSWOW64\java.exe 2013-10-19 11:38:50 ----D---- C:\Program Files (x86)\Java 2013-10-13 23:24:37 ----D---- C:\ProgramData\Sun 2013-10-13 18:24:11 ----A---- C:\Windows\system32\drivers\aswSP.sys 2013-10-13 18:24:11 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys 2013-10-13 18:24:08 ----A---- C:\Windows\system32\drivers\aswRdr2.sys 2013-10-13 18:24:05 ----A---- C:\Windows\system32\drivers\aswTdi.sys 2013-10-13 18:24:02 ----A---- C:\Windows\system32\drivers\aswSnx.sys 2013-10-13 18:24:00 ----A---- C:\Windows\system32\drivers\aswVmm.sys 2013-10-13 18:23:59 ----A---- C:\Windows\system32\drivers\aswRvrt.sys 2013-10-13 18:23:58 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys 2013-10-13 18:23:28 ----A---- C:\Windows\avastSS.scr 2013-10-12 15:07:25 ----SD---- C:\Windows\SYSWOW64\Microsoft ======List of files/folders modified in the last 1 month====== 2013-11-11 22:50:20 ----D---- C:\Windows\Temp 2013-11-11 18:40:50 ----D---- C:\ProgramData\NVIDIA 2013-11-11 17:39:24 ----D---- C:\Windows\system32\config 2013-11-11 16:27:25 ----D---- C:\Program Files 2013-11-11 16:08:10 ----D---- C:\Windows\system32\Tasks 2013-11-11 16:07:52 ----D---- C:\Windows\winsxs 2013-11-11 16:07:51 ----D---- C:\Windows 2013-11-11 16:07:48 ----A---- C:\Windows\system32\aswBoot.exe 2013-11-11 16:00:25 ----SHD---- C:\System Volume Information 2013-11-11 15:59:24 ----D---- C:\ProgramData\AVAST Software 2013-11-11 15:46:31 ----D---- C:\Windows\SysWOW64 2013-11-11 15:46:31 ----D---- C:\Windows\System32 2013-11-11 14:43:08 ----D---- C:\ProgramData\NVIDIA Corporation 2013-11-11 14:43:00 ----D---- C:\Program Files\NVIDIA Corporation 2013-11-11 14:42:58 ----D---- C:\Program Files (x86)\NVIDIA Corporation 2013-11-11 14:42:54 ----RSD---- C:\Windows\assembly 2013-11-11 14:42:04 ----SHD---- C:\Windows\Installer 2013-11-11 14:41:58 ----RD---- C:\Program Files (x86) 2013-11-11 14:41:19 ----D---- C:\Windows\system32\drivers 2013-11-11 14:41:18 ----D---- C:\Windows\inf 2013-11-11 14:41:12 ----D---- C:\Windows\system32\catroot 2013-11-11 14:41:11 ----D---- C:\Windows\system32\DriverStore 2013-11-11 14:39:52 ----RD---- C:\Users 2013-11-11 14:39:35 ----D---- C:\temp 2013-11-11 14:30:41 ----D---- C:\NVIDIA 2013-11-11 11:19:35 ----D---- C:\Windows\Tasks 2013-11-11 00:41:24 ----D---- C:\Windows\pss 2013-11-10 13:58:12 ----HD---- C:\ProgramData 2013-11-04 09:41:54 ----D---- C:\Windows\system32\catroot2 2013-11-03 20:52:14 ----SD---- C:\Users\Igor\AppData\Roaming\Microsoft 2013-11-01 21:17:08 ----D---- C:\Windows\Prefetch 2013-11-01 17:45:37 ----D---- C:\Program Files (x86)\Opera 2013-11-01 15:04:19 ----D---- C:\Windows\rescache 2013-11-01 14:58:08 ----D---- C:\Windows\Logs 2013-10-31 16:49:39 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-10-30 23:26:01 ----D---- C:\Program Files (x86)\Common Files 2013-10-30 16:24:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-29 18:47:15 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-10-25 17:36:51 ----D---- C:\Windows\Microsoft.NET 2013-10-23 17:33:19 ----D---- C:\Users\Igor\AppData\Roaming\Paradox Interactive 2013-10-23 11:30:23 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll 2013-10-23 11:30:23 ----A---- C:\Windows\SYSWOW64\nvopencl.dll 2013-10-23 11:30:23 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll 2013-10-23 11:30:23 ----A---- C:\Windows\SYSWOW64\nvapi.dll 2013-10-23 11:30:23 ----A---- C:\Windows\system32\nvwgf2umx.dll 2013-10-23 11:30:23 ----A---- C:\Windows\system32\nvumdshimx.dll 2013-10-23 11:30:23 ----A---- C:\Windows\system32\nvopencl.dll 2013-10-23 11:30:23 ----A---- C:\Windows\system32\nvd3dumx.dll 2013-10-23 11:30:23 ----A---- C:\Windows\system32\nvcuda.dll 2013-10-23 11:30:23 ----A---- C:\Windows\system32\nvapi64.dll 2013-10-23 09:20:08 ----A---- C:\Windows\system32\nvcpl.dll 2013-10-23 09:20:07 ----A---- C:\Windows\system32\nvsvc64.dll 2013-10-23 09:20:05 ----A---- C:\Windows\system32\nvvsvc.exe 2013-10-23 09:20:05 ----A---- C:\Windows\system32\nvsvcr.dll 2013-10-23 09:20:05 ----A---- C:\Windows\system32\nvshext.dll 2013-10-23 09:20:05 ----A---- C:\Windows\system32\nvmctray.dll 2013-10-13 18:23:13 ----D---- C:\Program Files\AVAST Software ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-11-11 65776] R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-11-11 205320] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664] R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104] R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-11-11 92544] R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-11-11 1032416] R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-11-11 409832] R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-11-11 65264] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560] R1 VirtDiskBus;3TB+ Unlock; C:\Windows\system32\DRIVERS\VirtDiskBus64.sys [2011-02-08 66160] R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-11-11 38984] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-11-11 84328] R3 athr;TP-LINK Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2008-05-19 1137152] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-08-20 103576] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280] R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-11-11 25640] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-24 2753512] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-06-16 196384] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-09-28 39200] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-08-20 204568] R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 31232] R3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168] S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2013-09-05 30528] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-11 50344] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728] R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-18 15122208] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-10-23 922912] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-10-18 1914656] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-15 271760] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496] R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-10-30 566696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11 257416] S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 aspnet_state;„Usługa stanu ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 CGVPNCliSrvc;CyberGhost VPN Client; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-05-04 2438696] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05 116648] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswpsapi.exe [2008-01-11 937984] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-29 119408] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-09-06 1255736] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF-----------------