Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Dropper.generic

  1. #1
    Member
    Join Date
    Jul 2012
    Posts
    13
    Points
    0

    Default Dropper.generic

    HI all yesterday my computer started to act weird it started popping up web pages and all sorts so I downloaded couple programs, it didnt help so here im gonna post malwarebytes report:

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 272517
    Time elapsed: 10 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

  2. #2
    Member
    Join Date
    Jul 2012
    Posts
    13
    Points
    0

    Default

    this is the Hijack log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:16:19, on 2012-07-09
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Windows\713xRMT.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    C:\Program Files (x86)\TV Expert\ADTVScheduleAgent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll
    O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\Windows\713xRMT.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-21-1687463245-3712307744-3469026734-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1687463245-3712307744-3469026734-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kreator menedżera zawartości dla PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    O4 - Global Startup: TV Expert Schedule Agent.lnk = ?
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O15 - Trusted IP range: http://192.168.2.1
    O15 - ESC Trusted IP range: http://192.168.2.1
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - BitComet - A free C++ BitTorrent/HTTP/FTP Download Client - C:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15527 bytes

  3. #3
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    Do you have access to a USB Flash Drive?

    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. #4
    Member
    Join Date
    Jul 2012
    Posts
    13
    Points
    0

    Default

    Here are the two logs requested and yes i do have a flash drive.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Dawid at 12:13:21 on 2012-07-10
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.4094.2044 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RAVCpl64.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    C:\Program Files (x86)\TV Expert\ADTVScheduleAgent.exe
    C:\Windows\713xRMT.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Prevx\prevx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Prevx\prevx.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Pomocnik logowania za pomocą identyfikatora Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Ant.com Video Downloader toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll
    TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    mRun: [TV Card Remote Control Device Monitor] C:\Windows\713xRMT.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [<NO NAME>]
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Dawid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KREATO~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TVEXPE~1.LNK - C:\Program Files (x86)\TV Expert\ADTVScheduleAgent.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{8E6B366B-CD5F-468B-8C86-A10D599526D3} : DhcpNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    {0347C33E-8762-4905-BF09-768834316C61}
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
    {326E768D-4182-46FD-9C16-1449A49795F4}
    {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF}
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {F3FEE66E-E034-436a-86E4-9690573BEE8A}
    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
    {2E924F4F-67F0-4BD8-9560-49F468E843D2}
    {F3FEE66E-E034-436a-86E4-9690573BEE8A}
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [TV Card Remote Control Device Monitor] C:\Windows\713xRMT.exe
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun-x64: [(domyślny)]
    mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\0gvrsulb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - wp.pl
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Dawid\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AntUpdaterService;Ant Toolbar updater service;C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-6-29 520216]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-27 791488]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
    R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2012-7-9 6724632]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-2 2343816]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-9 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-11 2218600]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-4-3 382272]
    R3 3xHybr64;SAA713x TV Card Service;C:\Windows\system32\DRIVERS\3xHybr64.sys --> C:\Windows\system32\DRIVERS\3xHybr64.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\DRIVERS\nvstusb.sys --> C:\Windows\system32\DRIVERS\nvstusb.sys [?]
    R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
    R3 SaiK0CEA;SaiK0CEA;C:\Windows\system32\DRIVERS\SaiK0CEA.sys --> C:\Windows\system32\DRIVERS\SaiK0CEA.sys [?]
    R3 SaiU0CEA;SaiU0CEA;C:\Windows\system32\DRIVERS\SaiU0CEA.sys --> C:\Windows\system32\DRIVERS\SaiU0CEA.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Usługa Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-14 1431888]
    S3 GES_CoreDriver;GES_CoreDriver;C:\Windows\system32\drivers\GES_CoreDriver.sys --> C:\Windows\system32\drivers\GES_CoreDriver.sys [?]
    S3 gupdatem;Usługa Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    .
    =============== Created Last 30 ================
    .
    2012-07-10 09:32:49 -------- d-----w- C:\Users\Dawid\AppData\Local\{61F71A1D-12D7-409D-96EE-9F1E49588596}
    2012-07-10 09:32:34 -------- d-----w- C:\Users\Dawid\AppData\Local\{8BD97B9F-1CFF-4A9A-A0A0-B93B6C37DC7A}
    2012-07-10 09:24:20 -------- d-----w- C:\Users\Dawid\AppData\Local\{B6EF0361-368E-46CD-9D41-EE8144A277D0}
    2012-07-10 09:24:05 -------- d-----w- C:\Users\Dawid\AppData\Local\{0FA3BFE5-A121-4979-9801-859B581E9E0E}
    2012-07-09 12:43:21 -------- d-----w- C:\Users\Dawid\AppData\Local\{4614EEB5-88EB-4F4E-AB3E-4C0E2E494CB2}
    2012-07-09 12:43:04 -------- d-----w- C:\Users\Dawid\AppData\Local\{4C31D128-9E47-46A8-B2CB-7BD6B74E04A2}
    2012-07-09 00:34:06 -------- d-----w- C:\Users\Dawid\AppData\Local\{8CB8FC3A-D529-42A4-A36B-EA046EA3D2CB}
    2012-07-09 00:33:40 -------- d-----w- C:\Users\Dawid\AppData\Local\{DB3C3B62-7F43-4E22-8EFD-FE721A17B3BD}
    2012-07-09 00:25:56 -------- d-----w- C:\Users\Dawid\AppData\Roaming\Malwarebytes
    2012-07-09 00:25:47 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-09 00:25:47 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-09 00:25:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-09 00:10:14 -------- d-----w- C:\Program Files (x86)\ToniArts
    2012-07-09 00:10:08 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
    2012-07-09 00:10:08 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
    2012-07-09 00:10:08 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
    2012-07-09 00:10:08 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
    2012-07-09 00:10:08 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
    2012-07-09 00:10:08 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
    2012-07-09 00:10:08 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
    2012-07-09 00:09:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-07-08 23:55:16 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
    2012-07-08 23:55:15 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
    2012-07-08 23:55:15 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
    2012-07-08 23:55:14 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
    2012-07-08 23:55:14 -------- d-----w- C:\Program Files\Prevx
    2012-07-08 23:55:06 -------- d-----w- C:\ProgramData\PrevxCSI
    2012-07-08 10:09:10 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-08 09:26:36 -------- d-----w- C:\Users\Dawid\AppData\Local\{A93610B9-4F1A-4670-8151-A912DACD6977}
    2012-07-08 09:25:36 -------- d-----w- C:\Users\Dawid\AppData\Local\{0C6C915C-4F1C-4787-8B58-F99D5230C59E}
    2012-07-07 21:24:44 -------- d-----w- C:\Users\Dawid\AppData\Local\{FE938416-1C06-4D1C-BF96-7F99F11778D0}
    2012-07-07 09:24:06 -------- d-----w- C:\Users\Dawid\AppData\Local\{3C12220A-9B5B-4DA5-9B3F-4917B38E5B7E}
    2012-07-07 09:23:52 -------- d-----w- C:\Users\Dawid\AppData\Local\{94CC218F-11A2-4D67-BD46-4D2675A19D64}
    2012-07-06 20:46:10 -------- d-----w- C:\Users\Dawid\AppData\Local\{210E1FE5-5F5B-4BCC-9C73-FF61B3DC3C1E}
    2012-07-06 08:45:26 -------- d-----w- C:\Users\Dawid\AppData\Local\{44999461-CBAB-46A6-B986-97F193CD3127}
    2012-07-06 08:45:12 -------- d-----w- C:\Users\Dawid\AppData\Local\{1B14D673-F6D8-4372-9A3E-11E42A71E153}
    2012-07-06 06:14:39 -------- d-----w- C:\Users\Dawid\AppData\Local\{D7176398-DD51-439B-8EA3-E3C73FB1F48F}
    2012-07-06 06:14:15 -------- d-----w- C:\Users\Dawid\AppData\Local\{B07085B5-7B65-48A3-8607-6F7D3BC19B69}
    2012-07-04 22:28:48 -------- d-----w- C:\Users\Dawid\AppData\Local\{0E125332-B888-4E57-A3B3-CDFBAF0EA390}
    2012-07-04 22:28:26 -------- d-----w- C:\Users\Dawid\AppData\Local\{DEF5031F-4741-4062-90BF-FEE671A43BF8}
    2012-07-04 10:27:56 -------- d-----w- C:\Users\Dawid\AppData\Local\{7DF7A43E-478E-448D-8DF6-1E44328643C7}
    2012-07-04 10:27:09 -------- d-----w- C:\Users\Dawid\AppData\Local\{4F4306CF-06B8-4B80-8C1F-B016160A38E4}
    2012-07-03 12:36:04 -------- d-----w- C:\Users\Dawid\AppData\Local\{EE8A9B80-3F7C-42AC-AEC3-321C52A0170B}
    2012-07-03 12:35:52 -------- d-----w- C:\Users\Dawid\AppData\Local\{BC4706B7-9255-46B2-B8A7-13070DF6C8A4}
    2012-07-03 00:35:24 -------- d-----w- C:\Users\Dawid\AppData\Local\{183EA1FC-E55D-4DFF-8825-0AFD0D68CF51}
    2012-07-03 00:35:01 -------- d-----w- C:\Users\Dawid\AppData\Local\{A4DF48B7-E1B2-499D-9563-E9BAA60DEDEC}
    2012-07-02 18:58:24 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
    2012-07-02 18:58:24 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
    2012-07-02 18:58:24 -------- d-----w- C:\Program Files (x86)\Application Updater
    2012-07-02 12:34:34 -------- d-----w- C:\Users\Dawid\AppData\Local\{38ACE13B-5DDB-4FD2-8A70-4BCFCBC0B95F}
    2012-07-02 12:34:12 -------- d-----w- C:\Users\Dawid\AppData\Local\{577DF8CA-66BC-4182-93EA-CFCBD1C4EE8B}
    2012-07-02 00:33:45 -------- d-----w- C:\Users\Dawid\AppData\Local\{C1CDC51C-DEC2-4EBE-A476-2BDD41EB66AC}
    2012-07-01 12:32:53 -------- d-----w- C:\Users\Dawid\AppData\Local\{2CA33F56-1528-4AD6-AF73-DCBEF1121AEF}
    2012-07-01 12:32:04 -------- d-----w- C:\Users\Dawid\AppData\Local\{8E84B9B0-5568-492B-B0D9-AF5920763170}
    2012-06-30 10:29:21 -------- d-----w- C:\Users\Dawid\AppData\Local\{1058A6A5-30B9-4493-9CA5-0399867564E9}
    2012-06-30 10:28:58 -------- d-----w- C:\Users\Dawid\AppData\Local\{74FC1046-0CB0-43EB-9866-B963B2007C1F}
    2012-06-29 22:28:29 -------- d-----w- C:\Users\Dawid\AppData\Local\{BE0913CA-3D29-42E9-85C9-762AF74617FB}
    2012-06-29 22:28:07 -------- d-----w- C:\Users\Dawid\AppData\Local\{681F7E78-A762-41EB-BAB4-812BA3C55479}
    2012-06-29 10:27:30 -------- d-----w- C:\Users\Dawid\AppData\Local\{D8A97E54-677C-4A5E-8D2A-D0E4D0377FA6}
    2012-06-29 10:27:13 -------- d-----w- C:\Users\Dawid\AppData\Local\{D14381A5-B2AB-43A1-B301-866419F5CA3E}
    2012-06-29 10:22:32 -------- d-----w- C:\Users\Dawid\AppData\Local\{90AC3D66-42E9-4134-8444-8C4E8975172D}
    2012-06-29 10:22:06 -------- d-----w- C:\Users\Dawid\AppData\Local\{556741CA-9CBB-4881-B702-2B3AC1D95184}
    2012-06-29 09:12:12 -------- d-----w- C:\Users\Dawid\AppData\Local\{F0FF334E-019D-4F9A-96BF-30F40E9211F3}
    2012-06-29 09:11:56 -------- d-----w- C:\Users\Dawid\AppData\Local\{0CCCE410-CA6C-4B36-B995-9F49593D660C}
    2012-06-28 11:42:56 -------- d-----w- C:\Users\Dawid\AppData\Local\{DB09FFFE-FD76-43F7-BE2C-2A4A9B3B4B05}
    2012-06-28 11:42:37 -------- d-----w- C:\Users\Dawid\AppData\Local\{90EAC84E-1ED9-44F6-9B90-8AD98781A29C}
    2012-06-28 11:36:49 -------- d-----w- C:\Users\Dawid\AppData\Local\{E215224B-EC71-4BC7-B19F-AF7444A1B869}
    2012-06-28 11:36:29 -------- d-----w- C:\Users\Dawid\AppData\Local\{89FC84E3-0F1E-49DA-9BD0-61069A8E3991}
    2012-06-28 10:31:37 -------- d-----w- C:\Windows\en
    2012-06-28 10:30:47 -------- d-----w- C:\Windows\pl
    2012-06-28 10:18:04 -------- d-----w- C:\Users\Dawid\AppData\Local\{BAD7037C-7F0E-4C43-B067-081CA1531C8E}
    2012-06-28 10:17:40 -------- d-----w- C:\Users\Dawid\AppData\Local\{B2AB507E-C78A-4DE5-95A0-F5E5EC56231A}
    2012-06-28 10:13:51 -------- d-----w- C:\Users\Dawid\AppData\Local\{AA2FA7AE-687B-41A0-8408-6E33E68B7DE7}
    2012-06-28 10:10:17 -------- d-----w- C:\Users\Dawid\AppData\Local\{19889FF8-D103-4DC7-AEAA-6CCE6545D0AA}
    2012-06-28 10:08:31 -------- d-----w- C:\Users\Dawid\AppData\Local\{84A932A7-5B9F-4DF4-8710-5E784AC17F3E}
    2012-06-27 09:49:30 -------- d-----w- C:\Users\Dawid\AppData\Local\{3A0289DD-476F-419C-B3B4-26C7922AADE0}
    2012-06-27 09:49:15 -------- d-----w- C:\Users\Dawid\AppData\Local\{FE60EBEE-0481-4E0B-9560-B1368D476093}
    2012-06-27 07:55:22 -------- d-----w- C:\Users\Dawid\AppData\Local\{61D57555-EE2F-41FC-8FBB-97A156242CAE}
    2012-06-27 07:54:49 -------- d-----w- C:\Users\Dawid\AppData\Local\{D51AA0E7-EA24-478E-A97E-FFB2F31E026D}
    2012-06-27 07:50:15 -------- d-----w- C:\Users\Dawid\AppData\Local\{FD0FF3D3-2319-478A-9824-10B0B54C9CE0}
    2012-06-27 07:48:16 -------- d-----w- C:\Users\Dawid\AppData\Local\{03657BCD-BB85-4C17-9F0A-D3B66E45DEFD}
    2012-06-26 18:54:40 -------- d-----w- C:\Users\Dawid\AppData\Local\{AA2B68E6-877E-48A8-BA5E-353B5AD9FAFE}
    2012-06-26 18:54:07 -------- d-----w- C:\Users\Dawid\AppData\Local\{B7F637AA-C568-4262-8FEF-6FE81640EF12}
    2012-06-26 14:23:41 -------- d-----w- C:\Users\Dawid\AppData\Local\{95B1238A-5F9D-4737-878F-E894F7A074BF}
    2012-06-26 14:23:20 -------- d-----w- C:\Users\Dawid\AppData\Local\{9C8551C9-FC99-4A03-B9FC-1276ACE3EE5B}
    2012-06-26 10:17:37 -------- d-----w- C:\Users\Dawid\AppData\Local\{B273A880-2195-418E-8E8A-2E058252AA05}
    2012-06-26 10:17:20 -------- d-----w- C:\Users\Dawid\AppData\Local\{497F1950-0F96-4718-965A-0BA5E099602C}
    2012-06-26 10:00:46 -------- d-----w- C:\Users\Dawid\AppData\Local\{5A4D1CBC-7F26-4E50-943C-D8FA0B8C5236}
    2012-06-26 10:00:23 -------- d-----w- C:\Users\Dawid\AppData\Local\{50042972-5076-4BFC-A2FC-5C5A20620253}
    2012-06-26 09:38:05 -------- d-----w- C:\Users\Dawid\AppData\Local\{A34A04F2-16D4-4ACC-809E-6F0A4CA20909}
    2012-06-26 09:37:43 -------- d-----w- C:\Users\Dawid\AppData\Local\{DAC59657-357A-430F-AF42-C22E5B0E2A33}
    2012-06-25 09:03:00 -------- d-----w- C:\Users\Dawid\AppData\Local\{FF758372-0791-4018-9EBF-C8CEDB819CD1}
    2012-06-25 09:02:36 -------- d-----w- C:\Users\Dawid\AppData\Local\{653256B2-7201-421B-8AA2-06A7B22B2493}
    2012-06-25 08:56:59 -------- d-----w- C:\Users\Dawid\AppData\Local\{3E173094-DB73-49FF-82FA-E68E599518A3}
    2012-06-25 08:56:36 -------- d-----w- C:\Users\Dawid\AppData\Local\{99ECDF13-F67C-47BC-8E7D-80AB07BB5D7B}
    2012-06-25 08:48:16 -------- d-----w- C:\Users\Dawid\AppData\Local\{E66073A2-7D31-4945-A211-3F84D1938A28}
    2012-06-25 08:47:53 -------- d-----w- C:\Users\Dawid\AppData\Local\{A0F2532B-DD10-4EEA-A8B4-AFF5711C966A}
    2012-06-24 10:24:15 -------- d-----w- C:\Users\Dawid\AppData\Local\{DCC5F8E7-ED50-4ED8-AFCA-D55FBFC8C16A}
    2012-06-24 10:23:56 -------- d-----w- C:\Users\Dawid\AppData\Local\{28224957-549E-4E26-8DFB-B39C6979F412}
    2012-06-24 09:44:19 -------- d-----w- C:\Users\Dawid\AppData\Local\{DE83738B-7220-4FE5-912A-D08D345D6E12}
    2012-06-23 13:21:12 -------- d-----w- C:\Users\Dawid\AppData\Local\Macromedia
    2012-06-23 11:30:01 -------- d-----w- C:\Users\Dawid\AppData\Local\{1F305A9C-7057-489C-94CF-A321525222C0}
    2012-06-23 11:29:16 -------- d-----w- C:\Users\Dawid\AppData\Local\{81898A02-3383-4089-8614-D2B6CBE85670}
    2012-06-23 11:11:48 -------- d-----w- C:\Users\Dawid\AppData\Local\{335392EA-17AB-42A4-A258-F57C1A79E110}
    2012-06-23 11:03:35 -------- d-----w- C:\Users\Dawid\AppData\Local\{D3E4F2C5-E22D-4EED-9E37-DF61734B09BB}
    2012-06-23 11:03:07 -------- d-----w- C:\Users\Dawid\AppData\Local\{4892B502-419A-4F8D-A1A3-BDB3640899EC}
    2012-06-22 12:00:54 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\acd3d0c91cd506e01\DSETUP.dll
    2012-06-22 12:00:54 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\acd3d0c91cd506e01\DXSETUP.exe
    2012-06-22 12:00:54 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\acd3d0c91cd506e01\dsetup32.dll
    2012-06-22 11:57:21 -------- d-----w- C:\Users\Dawid\AppData\Local\{40C288C5-CEA5-429D-9A9C-8FFCEF105095}
    2012-06-22 11:57:00 -------- d-----w- C:\Users\Dawid\AppData\Local\{98A5201A-C045-4A8F-81A8-B4A51962EDBD}
    2012-06-22 11:50:03 -------- d-----w- C:\Users\Dawid\AppData\Local\{B1E2FE7D-6486-488A-ACFA-970D5F703C05}
    2012-06-22 11:49:39 -------- d-----w- C:\Users\Dawid\AppData\Local\{20AD74D6-DB7D-40FB-A894-BFF6DBE94BD5}
    2012-06-22 11:35:31 -------- d-----w- C:\Users\Dawid\AppData\Local\{FBC49D97-AC0D-4CFD-B8F2-1A3A7AAE67D9}
    2012-06-21 10:14:33 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 10:14:19 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 10:13:48 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 10:13:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 10:09:28 -------- d-----w- C:\Users\Dawid\AppData\Local\{5678C27F-A4FC-4628-8203-09E7A476ED4A}
    2012-06-21 10:08:38 -------- d-----w- C:\Users\Dawid\AppData\Local\{13CB17FD-A744-4184-8B85-5AD5796F0EDF}
    2012-06-20 07:50:37 -------- d-----w- C:\Users\Dawid\AppData\Local\{967D47C0-F9CE-43E7-BBA3-E1889604C711}
    2012-06-20 07:50:02 -------- d-----w- C:\Users\Dawid\AppData\Local\{577323AE-70F0-42F0-BC93-3496D068DC6A}
    2012-06-20 07:44:47 -------- d-----w- C:\Users\Dawid\AppData\Local\{BA82EC1B-50AC-4E32-9922-E49BE0E59589}
    2012-06-20 07:44:27 -------- d-----w- C:\Users\Dawid\AppData\Local\{AE1E8ABC-FA99-4638-B98A-2D5B9E29A349}
    2012-06-20 07:25:35 -------- d-----w- C:\Users\Dawid\AppData\Local\{389178F0-816F-41C5-B066-41BFDB065A92}
    2012-06-20 07:24:45 -------- d-----w- C:\Users\Dawid\AppData\Local\{9BDC9FF7-880B-4F2E-8848-4A8793DDF66A}
    2012-06-19 10:36:36 -------- d-----w- C:\Users\Dawid\AppData\Local\{651460B7-A38D-4514-BDBB-34022D93A984}
    2012-06-19 10:36:11 -------- d-----w- C:\Users\Dawid\AppData\Local\{292DC0EC-82A2-4C29-8AEF-9D56CBEBE005}
    2012-06-19 10:31:15 -------- d-----w- C:\Users\Dawid\AppData\Local\{855B713F-E6CB-4257-AE38-156A2DEA4E62}
    2012-06-19 10:30:39 -------- d-----w- C:\Users\Dawid\AppData\Local\{891056F1-04F7-48B4-9425-144FDBF752F1}
    2012-06-18 22:17:03 -------- d-----w- C:\Users\Dawid\AppData\Local\{BEED1022-12F1-46E9-BB61-B2AD321110CF}
    2012-06-18 08:24:31 -------- d-----w- C:\Users\Dawid\AppData\Local\{F37DB341-D3A8-4E08-B633-F7F849659B89}
    2012-06-17 10:34:38 -------- d-----w- C:\Users\Dawid\AppData\Local\{81DC8EDA-1607-47E9-A0F0-7672CA1C287E}
    2012-06-16 09:44:26 -------- d-----w- C:\Users\Dawid\AppData\Local\{4DA6001D-9817-4CED-A1AC-21B6BE441B7A}
    2012-06-15 09:29:04 -------- d-----w- C:\Users\Dawid\AppData\Local\{C5667E6A-25C8-449C-9520-1C2922C35D0F}
    2012-06-14 20:49:54 -------- d-----w- C:\Users\Dawid\AppData\Local\{97A8B2EE-EC10-453E-9D20-D8F32BFA79EC}
    2012-06-14 20:49:24 -------- d-----w- C:\Users\Dawid\AppData\Local\{85F5ACF8-53BE-40FC-B8C7-D89613B335F2}
    2012-06-14 20:43:17 -------- d-----w- C:\Users\Dawid\AppData\Local\{42F4C9E3-B5C2-44EF-A837-7778E8DA9E87}
    2012-06-14 20:42:44 -------- d-----w- C:\Users\Dawid\AppData\Local\{4CDD6624-DB0F-45FA-8851-B19AE6E92285}
    2012-06-14 19:49:39 -------- d-----w- C:\Users\Dawid\AppData\Local\{8C00B376-ECCC-4F06-BCA1-0EC178533804}
    2012-06-14 19:49:27 -------- d-----w- C:\Users\Dawid\AppData\Local\{B08F52D6-D4F5-4CF1-914C-CE1E94A85120}
    2012-06-14 19:37:14 -------- d-----w- C:\Users\Dawid\AppData\Local\{5B8223EF-81C9-42C9-8199-CEA1A9FED3BA}
    2012-06-14 19:36:49 -------- d-----w- C:\Users\Dawid\AppData\Local\{51CB3CA6-FB04-4FEB-A3AA-4F7AE4E7756A}
    2012-06-14 18:03:15 -------- d-----w- C:\Users\Dawid\AppData\Local\{97F8309B-735F-4CF7-ACD1-1403AA6A61AF}
    2012-06-14 18:02:51 -------- d-----w- C:\Users\Dawid\AppData\Local\{A4680132-5E5E-4807-BF33-3BC7AB6C596B}
    2012-06-13 12:59:15 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 12:59:15 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-13 12:59:15 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 12:59:10 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-13 12:59:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-13 12:59:05 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 12:59:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 12:59:03 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-13 12:58:59 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 12:58:59 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-06-13 12:58:57 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 12:58:57 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-13 12:58:48 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-13 12:58:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-13 12:58:47 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 12:58:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-13 12:58:47 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-13 12:58:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-12 08:43:10 -------- d-----w- C:\Users\Dawid\AppData\Local\{58DCCED6-5606-41EB-965F-762D747275CC}
    2012-06-12 08:42:39 -------- d-----w- C:\Users\Dawid\AppData\Local\{71CF4254-5430-495F-8E45-3F84BCF1014C}
    2012-06-11 16:37:19 -------- d-----w- C:\Users\Dawid\AppData\Local\{960442BD-D496-414E-B6FF-864E82505FDE}
    2012-06-11 16:36:00 -------- d-----w- C:\Users\Dawid\AppData\Local\{369887D6-CDFF-4C6D-B4CC-25E8416C9214}
    2012-06-10 12:15:31 -------- d-----w- C:\Users\Dawid\AppData\Local\{A48A30F6-0830-4858-900B-7EC41946004A}
    2012-06-10 12:14:52 -------- d-----w- C:\Users\Dawid\AppData\Local\{D8AE852D-BD1D-45E6-BDE8-9D583B81A11F}
    .
    ==================== Find3M ====================
    .
    2012-07-08 09:59:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-08 09:59:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-29 07:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
    2012-05-23 17:50:06 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2012-05-23 17:49:34 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
    2012-05-23 17:49:34 30568 ----a-w- C:\Windows\MusiccityDownload.exe
    2012-05-23 17:49:30 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
    2012-05-21 02:09:00 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2012-05-21 02:09:00 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-19 03:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-04-12 10:13:55 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    .
    ============= FINISH: 12:14:58,03 ===============

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-10 12:16:58
    -----------------------------
    12:16:58.246 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:16:58.258 Number of processors: 4 586 0xF07
    12:16:58.259 ComputerName: DAWID-KOMPUTER UserName: Dawid
    12:17:00.625 Initialize success
    12:17:14.124 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    12:17:14.126 Disk 0 Vendor: SAMSUNG_HD105SI 1AJ10001 Size: 953868MB BusType: 3
    12:17:14.128 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-5
    12:17:14.130 Disk 1 Vendor: TOSHIBA_MK8052GSX LV010A Size: 76318MB BusType: 3
    12:17:14.196 Disk 1 MBR read successfully
    12:17:14.199 Disk 1 MBR scan
    12:17:14.201 Disk 1 Windows 7 default MBR code
    12:17:14.225 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
    12:17:14.260 Disk 1 scanning C:\Windows\system32\drivers
    12:17:26.576 Service scanning
    12:17:47.075 Service pxkbf C:\Windows\System32\drivers\pxkbf.sys **LOCKED** 32
    12:17:47.262 Service pxscan C:\Windows\System32\drivers\pxscan.sys **LOCKED** 32
    12:17:58.545 Modules scanning
    12:17:58.556 Disk 1 trace - called modules:
    12:17:58.608 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    12:17:58.615 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80048c0060]
    12:17:58.622 3 CLASSPNP.SYS[fffff8800199643f] -> nt!IofCallDriver -> [0xfffffa800380c750]
    12:17:58.628 5 ACPI.sys[fffff88000e1a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa8004286680]
    12:17:58.635 Scan finished successfully
    12:19:48.920 Disk 1 MBR has been saved successfully to "C:\Users\Dawid\Desktop\MBR.dat"
    12:19:48.926 The log file has been saved successfully to "C:\Users\Dawid\Desktop\aswMBR.txt"

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.


    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    [/quote]
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member
    Join Date
    Jul 2012
    Posts
    13
    Points
    0

    Default

    Here is the log from FRST:
    Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
    Ran by SYSTEM at 11-07-2012 16:53:15
    Running from F:\
    Windows 7 Ultimate (X64) OS Language: Polish
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
    HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [AllShare Play] "C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe" [397728 2012-06-29] (Samsung Electronics)
    HKLM-x32\...\Run: [TV Card Remote Control Device Monitor] C:\Windows\713xRMT.exe [466944 2008-06-17] ()
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-02] (LogMeIn Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-30] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1090440 2012-06-27] (Spigot, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKU\Dawid\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Dawid\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
    HKU\Dawid\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
    HKU\Dawid\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
    HKU\Dawid\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-30] ()
    HKU\UpdatusUser\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe" [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kreator menedżera zawartości dla PlayStation(R).lnk
    ShortcutTarget: Kreator menedżera zawartości dla PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\TV Expert Schedule Agent.lnk
    ShortcutTarget: TV Expert Schedule Agent.lnk -> C:\Program Files (x86)\TV Expert\ADTVScheduleAgent.exe ()

    ==================== Services (Whitelisted) ======

    2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.0.93\AllShareFrameworkManagerDMS.exe [32768 2012-06-25] (Samsung)
    2 AllShare Play Install Service; C:\Program Files\Samsung\AllShare Play\utils\AllSharePlayInstallSvc.exe [16896 2012-06-29] ()
    2 AntUpdaterService; "C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe" [520216 2011-06-29] (Ant.com)
    2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [791488 2012-06-27] (Spigot, Inc.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (BitComet - A free C++ BitTorrent/HTTP/FTP Download Client)
    2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6724632 2012-07-09] (Prevx)
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-02] (LogMeIn Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
    2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
    3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
    3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
    3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    3 3xHybr64; C:\Windows\System32\Drivers\3xHybr64.sys [1425920 2010-12-01] (NXP Semiconductors Germany GmbH)
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-12] (DT Soft Ltd)
    3 gdrv; \??\C:\Windows\gdrv.sys [24072 2011-06-09] (Windows (R) Server 2003 DDK provider)
    3 GES_CoreDriver; C:\Windows\System32\Drivers\GES_CoreDriver.sys [259080 2011-11-19] (Jungo)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    3 pxkbf; C:\Windows\System32\Drivers\pxkbf.sys [24024 2012-07-09] (Prevx)
    1 pxrts; C:\Windows\System32\Drivers\pxrts.sys [65736 2012-07-09] (Prevx)
    0 pxscan; C:\Windows\System32\Drivers\pxscan.sys [36384 2012-07-09] (Prevx)
    3 SaiK0CEA; C:\Windows\System32\Drivers\SaiK0CEA.sys [129024 2008-04-04] (Saitek)
    3 SaiU0CEA; C:\Windows\System32\Drivers\SaiU0CEA.sys [34432 2008-04-04] (Saitek)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-11 16:53 - 2012-07-11 16:53 - 00000000 ____D C:\FRST
    2012-07-11 16:41 - 2012-07-11 16:41 - 01434551 ____A (Farbar) C:\Users\Dawid\Desktop\FRST64.exe
    2012-07-11 11:21 - 2012-07-11 11:21 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0FF9DBD5-D410-4E96-A167-41D01B784662}
    2012-07-11 11:20 - 2012-07-11 11:21 - 00000000 ____D C:\Users\Dawid\AppData\Local\{238D5842-DE62-48C8-9983-14EB149BD211}
    2012-07-11 11:16 - 2012-07-11 11:16 - 00000000 ____D C:\Users\Dawid\AppData\Local\{AADE74C0-B9FC-40AB-9D37-D4A159DD485B}
    2012-07-11 11:15 - 2012-07-11 11:16 - 00000000 ____D C:\Users\Dawid\AppData\Local\{E893F07C-00CB-497D-9D3D-C070332B7134}
    2012-07-10 21:02 - 2012-07-10 21:02 - 82380696 ____A (Flexera Software) C:\Users\Dawid\Desktop\AllSharePlay_Installer64.exe
    2012-07-10 20:54 - 2012-07-10 20:54 - 00000000 ____D C:\Upload
    2012-07-10 20:53 - 2012-07-10 21:06 - 00000000 ____D C:\Program Files\Samsung
    2012-07-10 20:53 - 2012-07-10 21:06 - 00000000 ____D C:\AllShare Play
    2012-07-10 20:53 - 2012-07-10 20:53 - 00000000 ___HD C:\Users\Dawid\InstallAnywhere
    2012-07-10 20:53 - 2012-07-10 20:53 - 00000000 ___HD C:\Program Files\Zero G Registry
    2012-07-10 20:53 - 2012-07-10 20:53 - 00000000 ____D C:\Program Files\jre
    2012-07-10 12:19 - 2012-07-10 12:22 - 00001878 ____A C:\Users\Dawid\Desktop\aswMBR.txt
    2012-07-10 12:19 - 2012-07-10 12:19 - 00000512 ____A C:\Users\Dawid\Desktop\MBR.dat
    2012-07-10 10:32 - 2012-07-10 10:33 - 00000000 ____D C:\Users\Dawid\AppData\Local\{61F71A1D-12D7-409D-96EE-9F1E49588596}
    2012-07-10 10:32 - 2012-07-10 10:32 - 00000000 ____D C:\Users\Dawid\AppData\Local\{8BD97B9F-1CFF-4A9A-A0A0-B93B6C37DC7A}
    2012-07-10 10:24 - 2012-07-10 10:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B6EF0361-368E-46CD-9D41-EE8144A277D0}
    2012-07-10 10:24 - 2012-07-10 10:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0FA3BFE5-A121-4979-9801-859B581E9E0E}
    2012-07-09 14:17 - 2012-07-09 14:17 - 00015529 ____A C:\Users\Dawid\Desktop\hijackthis.log
    2012-07-09 13:43 - 2012-07-09 13:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4C31D128-9E47-46A8-B2CB-7BD6B74E04A2}
    2012-07-09 13:43 - 2012-07-09 13:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4614EEB5-88EB-4F4E-AB3E-4C0E2E494CB2}
    2012-07-09 01:34 - 2012-07-09 01:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{8CB8FC3A-D529-42A4-A36B-EA046EA3D2CB}
    2012-07-09 01:33 - 2012-07-09 01:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DB3C3B62-7F43-4E22-8EFD-FE721A17B3BD}
    2012-07-09 01:25 - 2012-07-09 01:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-09 01:25 - 2012-07-09 01:25 - 00000000 ____D C:\Users\Dawid\AppData\Roaming\Malwarebytes
    2012-07-09 01:25 - 2012-07-09 01:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-09 01:25 - 2012-07-09 01:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-09 01:25 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-09 01:10 - 2012-07-09 01:10 - 00000000 ____D C:\Program Files (x86)\ToniArts
    2012-07-09 01:09 - 2012-07-09 01:09 - 00002097 ____A C:\Users\Dawid\Desktop\HijackThis.lnk
    2012-07-09 01:09 - 2012-07-09 01:09 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2012-07-09 00:55 - 2012-07-09 00:59 - 00000000 ____D C:\Users\All Users\PrevxCSI
    2012-07-09 00:55 - 2012-07-09 00:55 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
    2012-07-09 00:55 - 2012-07-09 00:55 - 00036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00000050 ____A C:\Windows\wininit.ini
    2012-07-09 00:55 - 2012-07-09 00:55 - 00000000 ____D C:\Program Files\Prevx
    2012-07-09 00:54 - 2012-07-09 00:55 - 01044664 ____A (Prevx) C:\Users\Dawid\Desktop\prevxsafeonline.exe
    2012-07-08 22:07 - 2012-06-03 23:35 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-07-08 11:09 - 2012-07-08 11:09 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-08 10:26 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A93610B9-4F1A-4670-8151-A912DACD6977}
    2012-07-08 10:25 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0C6C915C-4F1C-4787-8B58-F99D5230C59E}
    2012-07-07 22:24 - 2012-07-07 22:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FE938416-1C06-4D1C-BF96-7F99F11778D0}
    2012-07-07 10:24 - 2012-07-07 10:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{3C12220A-9B5B-4DA5-9B3F-4917B38E5B7E}
    2012-07-07 10:23 - 2012-07-07 22:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{94CC218F-11A2-4D67-BD46-4D2675A19D64}
    2012-07-06 21:46 - 2012-07-06 21:46 - 00000000 ____D C:\Users\Dawid\AppData\Local\{210E1FE5-5F5B-4BCC-9C73-FF61B3DC3C1E}
    2012-07-06 09:45 - 2012-07-06 21:46 - 00000000 ____D C:\Users\Dawid\AppData\Local\{1B14D673-F6D8-4372-9A3E-11E42A71E153}
    2012-07-06 09:45 - 2012-07-06 09:45 - 00000000 ____D C:\Users\Dawid\AppData\Local\{44999461-CBAB-46A6-B986-97F193CD3127}
    2012-07-06 07:14 - 2012-07-06 07:14 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D7176398-DD51-439B-8EA3-E3C73FB1F48F}
    2012-07-06 07:14 - 2012-07-06 07:14 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B07085B5-7B65-48A3-8607-6F7D3BC19B69}
    2012-07-04 23:28 - 2012-07-04 23:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DEF5031F-4741-4062-90BF-FEE671A43BF8}
    2012-07-04 23:28 - 2012-07-04 23:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0E125332-B888-4E57-A3B3-CDFBAF0EA390}
    2012-07-04 11:27 - 2012-07-04 11:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{7DF7A43E-478E-448D-8DF6-1E44328643C7}
    2012-07-04 11:27 - 2012-07-04 11:27 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4F4306CF-06B8-4B80-8C1F-B016160A38E4}
    2012-07-03 13:36 - 2012-07-03 13:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{EE8A9B80-3F7C-42AC-AEC3-321C52A0170B}
    2012-07-03 13:35 - 2012-07-03 13:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BC4706B7-9255-46B2-B8A7-13070DF6C8A4}
    2012-07-03 01:35 - 2012-07-03 01:35 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A4DF48B7-E1B2-499D-9563-E9BAA60DEDEC}
    2012-07-03 01:35 - 2012-07-03 01:35 - 00000000 ____D C:\Users\Dawid\AppData\Local\{183EA1FC-E55D-4DFF-8825-0AFD0D68CF51}
    2012-07-02 19:58 - 2012-07-02 19:58 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
    2012-07-02 19:58 - 2012-07-02 19:58 - 00000000 ____D C:\Program Files (x86)\Application Updater
    2012-07-02 13:34 - 2012-07-02 13:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{577DF8CA-66BC-4182-93EA-CFCBD1C4EE8B}
    2012-07-02 13:34 - 2012-07-02 13:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{38ACE13B-5DDB-4FD2-8A70-4BCFCBC0B95F}
    2012-07-02 01:33 - 2012-07-02 01:33 - 00000000 ____D C:\Users\Dawid\AppData\Local\{C1CDC51C-DEC2-4EBE-A476-2BDD41EB66AC}
    2012-07-01 20:40 - 2012-07-01 20:40 - 309078029 ____A C:\Users\Dawid\Desktop\Diary of a badman 2.1.mp4
    2012-07-01 13:32 - 2012-07-02 01:33 - 00000000 ____D C:\Users\Dawid\AppData\Local\{8E84B9B0-5568-492B-B0D9-AF5920763170}
    2012-07-01 13:32 - 2012-07-01 13:33 - 00000000 ____D C:\Users\Dawid\AppData\Local\{2CA33F56-1528-4AD6-AF73-DCBEF1121AEF}
    2012-06-30 11:29 - 2012-06-30 11:29 - 00000000 ____D C:\Users\Dawid\AppData\Local\{1058A6A5-30B9-4493-9CA5-0399867564E9}
    2012-06-30 11:28 - 2012-06-30 11:29 - 00000000 ____D C:\Users\Dawid\AppData\Local\{74FC1046-0CB0-43EB-9866-B963B2007C1F}
    2012-06-30 10:08 - 2012-06-30 10:08 - 417962211 ____A C:\Windows\MEMORY.DMP
    2012-06-29 23:28 - 2012-06-29 23:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BE0913CA-3D29-42E9-85C9-762AF74617FB}
    2012-06-29 23:28 - 2012-06-29 23:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{681F7E78-A762-41EB-BAB4-812BA3C55479}
    2012-06-29 14:04 - 2012-06-29 14:04 - 00290888 ____A C:\Windows\Minidump\062912-59982-01.dmp
    2012-06-29 11:27 - 2012-06-29 11:27 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D8A97E54-677C-4A5E-8D2A-D0E4D0377FA6}
    2012-06-29 11:27 - 2012-06-29 11:27 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D14381A5-B2AB-43A1-B301-866419F5CA3E}
    2012-06-29 11:25 - 2012-06-29 11:26 - 00285784 ____A C:\Windows\Minidump\062912-50481-01.dmp
    2012-06-29 11:22 - 2012-06-29 11:22 - 00000000 ____D C:\Users\Dawid\AppData\Local\{90AC3D66-42E9-4134-8444-8C4E8975172D}
    2012-06-29 11:22 - 2012-06-29 11:22 - 00000000 ____D C:\Users\Dawid\AppData\Local\{556741CA-9CBB-4881-B702-2B3AC1D95184}
    2012-06-29 11:19 - 2012-06-29 11:19 - 00284344 ____A C:\Windows\Minidump\062912-49358-01.dmp
    2012-06-29 10:12 - 2012-06-29 10:12 - 00000000 ____D C:\Users\Dawid\AppData\Local\{F0FF334E-019D-4F9A-96BF-30F40E9211F3}
    2012-06-29 10:11 - 2012-06-29 10:12 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0CCCE410-CA6C-4B36-B995-9F49593D660C}
    2012-06-28 12:42 - 2012-06-28 12:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DB09FFFE-FD76-43F7-BE2C-2A4A9B3B4B05}
    2012-06-28 12:42 - 2012-06-28 12:42 - 00000000 ____D C:\Users\Dawid\AppData\Local\{90EAC84E-1ED9-44F6-9B90-8AD98781A29C}
    2012-06-28 12:36 - 2012-06-28 12:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{E215224B-EC71-4BC7-B19F-AF7444A1B869}
    2012-06-28 12:36 - 2012-06-28 12:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{89FC84E3-0F1E-49DA-9BD0-61069A8E3991}
    2012-06-28 12:34 - 2012-06-28 12:34 - 00262144 ____A C:\Windows\Minidump\062812-57845-01.dmp
    2012-06-28 11:31 - 2012-06-28 11:31 - 00000000 ____D C:\Windows\en
    2012-06-28 11:30 - 2012-06-28 11:30 - 00000000 ____D C:\Windows\pl
    2012-06-28 11:28 - 2012-06-28 11:28 - 00000000 ____D C:\Program Files\Windows Live
    2012-06-28 11:18 - 2012-06-28 11:18 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BAD7037C-7F0E-4C43-B067-081CA1531C8E}
    2012-06-28 11:17 - 2012-06-28 11:17 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B2AB507E-C78A-4DE5-95A0-F5E5EC56231A}
    2012-06-28 11:16 - 2012-06-28 11:16 - 00283816 ____A C:\Windows\Minidump\062812-42978-01.dmp
    2012-06-28 11:13 - 2012-06-28 11:14 - 00000000 ____D C:\Users\Dawid\AppData\Local\{AA2FA7AE-687B-41A0-8408-6E33E68B7DE7}
    2012-06-28 11:13 - 2012-06-28 11:13 - 00283976 ____A C:\Windows\Minidump\062812-37767-01.dmp
    2012-06-28 11:10 - 2012-06-28 11:10 - 00000000 ____D C:\Users\Dawid\AppData\Local\{19889FF8-D103-4DC7-AEAA-6CCE6545D0AA}
    2012-06-28 11:08 - 2012-06-28 11:10 - 00000000 ____D C:\Users\Dawid\AppData\Local\{84A932A7-5B9F-4DF4-8710-5E784AC17F3E}
    2012-06-27 10:49 - 2012-06-27 10:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FE60EBEE-0481-4E0B-9560-B1368D476093}
    2012-06-27 10:49 - 2012-06-27 10:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{3A0289DD-476F-419C-B3B4-26C7922AADE0}
    2012-06-27 10:48 - 2012-06-27 10:48 - 00290888 ____A C:\Windows\Minidump\062712-48017-01.dmp
    2012-06-27 08:55 - 2012-06-27 08:55 - 00000000 ____D C:\Users\Dawid\AppData\Local\{61D57555-EE2F-41FC-8FBB-97A156242CAE}
    2012-06-27 08:54 - 2012-06-27 08:55 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D51AA0E7-EA24-478E-A97E-FFB2F31E026D}
    2012-06-27 08:53 - 2012-06-27 08:54 - 00283816 ____A C:\Windows\Minidump\062712-50606-01.dmp
    2012-06-27 08:50 - 2012-06-27 08:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FD0FF3D3-2319-478A-9824-10B0B54C9CE0}
    2012-06-27 08:48 - 2012-06-27 08:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{03657BCD-BB85-4C17-9F0A-D3B66E45DEFD}
    2012-06-26 19:54 - 2012-06-26 19:54 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B7F637AA-C568-4262-8FEF-6FE81640EF12}
    2012-06-26 19:54 - 2012-06-26 19:54 - 00000000 ____D C:\Users\Dawid\AppData\Local\{AA2B68E6-877E-48A8-BA5E-353B5AD9FAFE}
    2012-06-26 19:53 - 2012-06-26 19:53 - 00262144 ____A C:\Windows\Minidump\062612-42432-01.dmp
    2012-06-26 15:23 - 2012-06-26 15:23 - 00000000 ____D C:\Users\Dawid\AppData\Local\{9C8551C9-FC99-4A03-B9FC-1276ACE3EE5B}
    2012-06-26 15:23 - 2012-06-26 15:23 - 00000000 ____D C:\Users\Dawid\AppData\Local\{95B1238A-5F9D-4737-878F-E894F7A074BF}
    2012-06-26 11:17 - 2012-06-26 11:18 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B273A880-2195-418E-8E8A-2E058252AA05}
    2012-06-26 11:17 - 2012-06-26 11:17 - 00000000 ____D C:\Users\Dawid\AppData\Local\{497F1950-0F96-4718-965A-0BA5E099602C}
    2012-06-26 11:00 - 2012-06-26 11:01 - 00000000 ____D C:\Users\Dawid\AppData\Local\{5A4D1CBC-7F26-4E50-943C-D8FA0B8C5236}
    2012-06-26 11:00 - 2012-06-26 11:00 - 00000000 ____D C:\Users\Dawid\AppData\Local\{50042972-5076-4BFC-A2FC-5C5A20620253}
    2012-06-26 10:59 - 2012-06-26 10:59 - 00262224 ____A C:\Windows\Minidump\062612-57314-01.dmp
    2012-06-26 10:38 - 2012-06-26 10:38 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A34A04F2-16D4-4ACC-809E-6F0A4CA20909}
    2012-06-26 10:37 - 2012-06-26 10:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DAC59657-357A-430F-AF42-C22E5B0E2A33}
    2012-06-26 10:36 - 2012-06-26 10:37 - 00283600 ____A C:\Windows\Minidump\062612-59015-01.dmp
    2012-06-25 11:13 - 2012-06-25 11:13 - 00900608 ____A C:\Windows\System32\ContentDirectoryPresenter64.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00699904 ____A C:\Windows\SysWOW64\ContentDirectoryPresenter.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00030720 ____A C:\Windows\System32\MediaDB64.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00025600 ____A C:\Windows\SysWOW64\MediaDB.dll
    2012-06-25 10:03 - 2012-06-25 10:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FF758372-0791-4018-9EBF-C8CEDB819CD1}
    2012-06-25 10:02 - 2012-06-25 10:02 - 00000000 ____D C:\Users\Dawid\AppData\Local\{653256B2-7201-421B-8AA2-06A7B22B2493}
    2012-06-25 09:56 - 2012-06-25 09:57 - 00000000 ____D C:\Users\Dawid\AppData\Local\{3E173094-DB73-49FF-82FA-E68E599518A3}
    2012-06-25 09:56 - 2012-06-25 09:56 - 00000000 ____D C:\Users\Dawid\AppData\Local\{99ECDF13-F67C-47BC-8E7D-80AB07BB5D7B}
    2012-06-25 09:55 - 2012-06-25 09:55 - 00281904 ____A C:\Windows\Minidump\062512-54069-01.dmp
    2012-06-25 09:50 - 2012-06-25 09:50 - 00283736 ____A C:\Windows\Minidump\062512-57798-01.dmp
    2012-06-25 09:48 - 2012-06-25 09:48 - 00000000 ____D C:\Users\Dawid\AppData\Local\{E66073A2-7D31-4945-A211-3F84D1938A28}
    2012-06-25 09:47 - 2012-06-25 09:48 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A0F2532B-DD10-4EEA-A8B4-AFF5711C966A}
    2012-06-24 11:24 - 2012-06-24 11:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DCC5F8E7-ED50-4ED8-AFCA-D55FBFC8C16A}
    2012-06-24 11:23 - 2012-06-24 11:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{28224957-549E-4E26-8DFB-B39C6979F412}
    2012-06-24 11:23 - 2012-06-24 11:23 - 00283736 ____A C:\Windows\Minidump\062412-56955-01.dmp
    2012-06-24 10:44 - 2012-06-24 10:44 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DE83738B-7220-4FE5-912A-D08D345D6E12}
    2012-06-23 14:21 - 2012-06-23 14:21 - 00000000 ____D C:\Users\Dawid\AppData\Local\Macromedia
    2012-06-23 12:30 - 2012-06-23 12:30 - 00000000 ____D C:\Users\Dawid\AppData\Local\{1F305A9C-7057-489C-94CF-A321525222C0}
    2012-06-23 12:29 - 2012-06-23 12:29 - 00000000 ____D C:\Users\Dawid\AppData\Local\{81898A02-3383-4089-8614-D2B6CBE85670}
    2012-06-23 12:11 - 2012-06-23 12:12 - 00000000 ____D C:\Users\Dawid\AppData\Local\{335392EA-17AB-42A4-A258-F57C1A79E110}
    2012-06-23 12:03 - 2012-06-23 12:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D3E4F2C5-E22D-4EED-9E37-DF61734B09BB}
    2012-06-23 12:03 - 2012-06-23 12:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4892B502-419A-4F8D-A1A3-BDB3640899EC}
    2012-06-23 12:02 - 2012-06-23 12:02 - 00262144 ____A C:\Windows\Minidump\062312-52556-01.dmp
    2012-06-22 12:57 - 2012-06-22 12:57 - 00000000 ____D C:\Users\Dawid\AppData\Local\{98A5201A-C045-4A8F-81A8-B4A51962EDBD}
    2012-06-22 12:57 - 2012-06-22 12:57 - 00000000 ____D C:\Users\Dawid\AppData\Local\{40C288C5-CEA5-429D-9A9C-8FFCEF105095}
    2012-06-22 12:56 - 2012-06-22 12:56 - 00290888 ____A C:\Windows\Minidump\062212-43555-01.dmp
    2012-06-22 12:50 - 2012-06-22 12:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B1E2FE7D-6486-488A-ACFA-970D5F703C05}
    2012-06-22 12:49 - 2012-06-22 12:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{20AD74D6-DB7D-40FB-A894-BFF6DBE94BD5}
    2012-06-22 12:45 - 2012-06-22 12:45 - 00302824 ____A C:\Windows\Minidump\062212-39265-01.dmp
    2012-06-22 12:39 - 2012-06-22 12:39 - 00283816 ____A C:\Windows\Minidump\062212-44382-01.dmp
    2012-06-22 12:35 - 2012-06-22 12:35 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FBC49D97-AC0D-4CFD-B8F2-1A3A7AAE67D9}
    2012-06-21 11:14 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 11:14 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 11:14 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 11:14 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 11:14 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 11:14 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 11:14 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 11:13 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 11:13 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 11:09 - 2012-06-21 11:09 - 00000000 ____D C:\Users\Dawid\AppData\Local\{5678C27F-A4FC-4628-8203-09E7A476ED4A}
    2012-06-21 11:08 - 2012-06-21 11:09 - 00000000 ____D C:\Users\Dawid\AppData\Local\{13CB17FD-A744-4184-8B85-5AD5796F0EDF}
    2012-06-20 08:50 - 2012-06-20 08:51 - 00000000 ____D C:\Users\Dawid\AppData\Local\{967D47C0-F9CE-43E7-BBA3-E1889604C711}
    2012-06-20 08:50 - 2012-06-20 08:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{577323AE-70F0-42F0-BC93-3496D068DC6A}
    2012-06-20 08:49 - 2012-06-20 08:49 - 00288944 ____A C:\Windows\Minidump\062012-44491-01.dmp
    2012-06-20 08:44 - 2012-06-20 08:45 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BA82EC1B-50AC-4E32-9922-E49BE0E59589}
    2012-06-20 08:44 - 2012-06-20 08:44 - 00000000 ____D C:\Users\Dawid\AppData\Local\{AE1E8ABC-FA99-4638-B98A-2D5B9E29A349}
    2012-06-20 08:43 - 2012-06-20 08:43 - 00281712 ____A C:\Windows\Minidump\062012-40763-01.dmp
    2012-06-20 08:25 - 2012-06-20 08:25 - 00000000 ____D C:\Users\Dawid\AppData\Local\{389178F0-816F-41C5-B066-41BFDB065A92}
    2012-06-20 08:24 - 2012-06-20 08:25 - 00000000 ____D C:\Users\Dawid\AppData\Local\{9BDC9FF7-880B-4F2E-8848-4A8793DDF66A}
    2012-06-19 11:36 - 2012-06-19 11:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{651460B7-A38D-4514-BDBB-34022D93A984}
    2012-06-19 11:36 - 2012-06-19 11:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{292DC0EC-82A2-4C29-8AEF-9D56CBEBE005}
    2012-06-19 11:31 - 2012-06-19 11:31 - 00000000 ____D C:\Users\Dawid\AppData\Local\{855B713F-E6CB-4257-AE38-156A2DEA4E62}
    2012-06-19 11:30 - 2012-06-19 11:31 - 00000000 ____D C:\Users\Dawid\AppData\Local\{891056F1-04F7-48B4-9425-144FDBF752F1}
    2012-06-19 11:28 - 2012-06-19 11:28 - 00262144 ____A C:\Windows\Minidump\061912-65442-01.dmp
    2012-06-19 11:22 - 2012-06-19 11:22 - 00284584 ____A C:\Windows\Minidump\061912-62494-01.dmp
    2012-06-18 23:17 - 2012-06-18 23:17 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BEED1022-12F1-46E9-BB61-B2AD321110CF}
    2012-06-18 11:14 - 2012-06-18 11:14 - 00262144 ____A C:\Windows\Minidump\061812-51620-01.dmp
    2012-06-18 11:09 - 2012-06-18 11:09 - 00284344 ____A C:\Windows\Minidump\061812-53586-01.dmp
    2012-06-18 11:05 - 2012-06-18 11:05 - 00262224 ____A C:\Windows\Minidump\061812-54865-01.dmp
    2012-06-18 09:24 - 2012-06-18 09:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{F37DB341-D3A8-4E08-B633-F7F849659B89}
    2012-06-17 11:34 - 2012-06-17 11:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{81DC8EDA-1607-47E9-A0F0-7672CA1C287E}
    2012-06-17 11:33 - 2012-06-17 11:33 - 00283600 ____A C:\Windows\Minidump\061712-40513-01.dmp
    2012-06-16 15:22 - 2012-06-16 15:22 - 00290056 ____A C:\Windows\Minidump\061612-41043-01.dmp
    2012-06-16 11:53 - 2012-06-16 11:53 - 00262144 ____A C:\Windows\Minidump\061612-68359-01.dmp
    2012-06-16 10:44 - 2012-06-16 10:44 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4DA6001D-9817-4CED-A1AC-21B6BE441B7A}
    2012-06-15 14:58 - 2012-06-15 14:58 - 00918016 ____A C:\Windows\System32\boost_regex-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00704000 ____A C:\Windows\SysWOW64\boost_regex-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00299520 ____A C:\Windows\System32\boost_serialization-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00227840 ____A C:\Windows\SysWOW64\boost_serialization-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00158720 ____A C:\Windows\System32\boost_filesystem-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00130048 ____A C:\Windows\SysWOW64\boost_filesystem-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00058880 ____A C:\Windows\System32\boost_thread-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00049152 ____A C:\Windows\System32\boost_date_time-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00046592 ____A C:\Windows\SysWOW64\boost_thread-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00038912 ____A C:\Windows\SysWOW64\boost_date_time-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00016896 ____A C:\Windows\System32\boost_system-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00012800 ____A C:\Windows\SysWOW64\boost_system-vc90-mt-1_47.dll
    2012-06-15 13:37 - 2012-06-15 13:37 - 111164587 ____A C:\Users\Dawid\Desktop\Professor Green - Remedy ft. Ruth Anne.mp4
    2012-06-15 10:44 - 2012-06-15 10:44 - 00262144 ____A C:\Windows\Minidump\061512-48765-01.dmp
    2012-06-15 10:29 - 2012-06-15 10:29 - 00000000 ____D C:\Users\Dawid\AppData\Local\{C5667E6A-25C8-449C-9520-1C2922C35D0F}
    2012-06-14 21:49 - 2012-06-14 21:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{97A8B2EE-EC10-453E-9D20-D8F32BFA79EC}
    2012-06-14 21:49 - 2012-06-14 21:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{85F5ACF8-53BE-40FC-B8C7-D89613B335F2}
    2012-06-14 21:43 - 2012-06-14 21:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{42F4C9E3-B5C2-44EF-A837-7778E8DA9E87}
    2012-06-14 21:42 - 2012-06-14 21:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4CDD6624-DB0F-45FA-8851-B19AE6E92285}
    2012-06-14 20:49 - 2012-06-14 20:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B08F52D6-D4F5-4CF1-914C-CE1E94A85120}
    2012-06-14 20:49 - 2012-06-14 20:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{8C00B376-ECCC-4F06-BCA1-0EC178533804}
    2012-06-14 20:37 - 2012-06-14 20:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{5B8223EF-81C9-42C9-8199-CEA1A9FED3BA}
    2012-06-14 20:36 - 2012-06-14 20:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{51CB3CA6-FB04-4FEB-A3AA-4F7AE4E7756A}
    2012-06-14 19:03 - 2012-06-14 19:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{97F8309B-735F-4CF7-ACD1-1403AA6A61AF}
    2012-06-14 19:02 - 2012-06-14 19:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A4680132-5E5E-4807-BF33-3BC7AB6C596B}
    2012-06-14 00:37 - 2012-05-18 03:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 00:37 - 2012-05-18 03:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 00:37 - 2012-05-18 03:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 00:37 - 2012-05-18 02:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 00:37 - 2012-05-18 02:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 00:37 - 2012-05-18 02:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 00:37 - 2012-05-18 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 00:37 - 2012-05-18 02:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 00:37 - 2012-05-18 02:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 00:37 - 2012-05-18 02:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 00:37 - 2012-05-18 02:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 00:37 - 2012-05-18 02:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 00:37 - 2012-05-18 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 00:37 - 2012-05-18 02:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 00:37 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 00:37 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 00:37 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 00:37 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 00:37 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 00:37 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 00:37 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 00:37 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 00:37 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 00:37 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 00:37 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 00:37 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 00:37 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 00:37 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 13:59 - 2012-05-15 02:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 13:59 - 2012-05-04 12:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 13:59 - 2012-05-04 11:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 13:59 - 2012-05-04 11:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 13:59 - 2012-05-01 06:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 13:59 - 2012-04-26 06:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 13:59 - 2012-04-26 06:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 13:59 - 2012-04-26 06:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 13:58 - 2012-04-28 06:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-13 13:58 - 2012-04-28 04:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 13:58 - 2012-04-24 06:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 13:58 - 2012-04-24 06:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 13:58 - 2012-04-24 06:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 13:58 - 2012-04-24 05:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 13:58 - 2012-04-24 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 13:58 - 2012-04-24 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 13:58 - 2012-04-07 13:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 13:58 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 13:45 - 2012-06-13 13:45 - 00282896 ____A C:\Windows\Minidump\061312-36020-01.dmp
    2012-06-12 09:43 - 2012-06-12 09:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{58DCCED6-5606-41EB-965F-762D747275CC}
    2012-06-12 09:42 - 2012-06-12 09:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{71CF4254-5430-495F-8E45-3F84BCF1014C}
    2012-06-11 17:37 - 2012-06-11 17:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{960442BD-D496-414E-B6FF-864E82505FDE}
    2012-06-11 17:36 - 2012-06-11 17:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{369887D6-CDFF-4C6D-B4CC-25E8416C9214}
    2012-06-11 17:34 - 2012-06-11 17:34 - 00262192 ____A C:\Windows\Minidump\061112-38750-01.dmp

    ============ 3 Months Modified Files ========================

    2012-07-11 16:48 - 2012-03-10 22:10 - 00000324 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
    2012-07-11 16:48 - 2011-06-09 14:58 - 01943201 ____A C:\Windows\WindowsUpdate.log
    2012-07-11 16:41 - 2012-07-11 16:41 - 01434551 ____A (Farbar) C:\Users\Dawid\Desktop\FRST64.exe
    2012-07-11 15:59 - 2011-12-15 00:41 - 00001046 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-11 12:59 - 2011-12-15 00:41 - 00001042 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-11 11:28 - 2009-07-14 05:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-11 11:28 - 2009-07-14 05:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-11 11:19 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-11 11:18 - 2009-07-14 05:51 - 00138678 ____A C:\Windows\setupact.log
    2012-07-11 11:13 - 2011-06-12 06:54 - 00032118 ____A C:\Windows\PFRO.log
    2012-07-10 21:02 - 2012-07-10 21:02 - 82380696 ____A (Flexera Software) C:\Users\Dawid\Desktop\AllSharePlay_Installer64.exe
    2012-07-10 12:22 - 2012-07-10 12:19 - 00001878 ____A C:\Users\Dawid\Desktop\aswMBR.txt
    2012-07-10 12:19 - 2012-07-10 12:19 - 00000512 ____A C:\Users\Dawid\Desktop\MBR.dat
    2012-07-09 14:17 - 2012-07-09 14:17 - 00015529 ____A C:\Users\Dawid\Desktop\hijackthis.log
    2012-07-09 01:25 - 2012-07-09 01:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-09 01:09 - 2012-07-09 01:09 - 00002097 ____A C:\Users\Dawid\Desktop\HijackThis.lnk
    2012-07-09 00:55 - 2012-07-09 00:55 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
    2012-07-09 00:55 - 2012-07-09 00:55 - 00036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00000050 ____A C:\Windows\wininit.ini
    2012-07-09 00:55 - 2012-07-09 00:54 - 01044664 ____A (Prevx) C:\Users\Dawid\Desktop\prevxsafeonline.exe
    2012-07-08 10:59 - 2012-04-01 10:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-08 10:59 - 2011-06-09 20:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-01 20:40 - 2012-07-01 20:40 - 309078029 ____A C:\Users\Dawid\Desktop\Diary of a badman 2.1.mp4
    2012-06-30 10:08 - 2012-06-30 10:08 - 417962211 ____A C:\Windows\MEMORY.DMP
    2012-06-29 18:17 - 2009-07-14 18:55 - 03083954 ____A C:\Windows\System32\perfh015.dat
    2012-06-29 18:17 - 2009-07-14 18:55 - 00950442 ____A C:\Windows\System32\perfc015.dat
    2012-06-29 18:17 - 2009-07-14 06:13 - 00006248 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-29 14:04 - 2012-06-29 14:04 - 00290888 ____A C:\Windows\Minidump\062912-59982-01.dmp
    2012-06-29 11:26 - 2012-06-29 11:25 - 00285784 ____A C:\Windows\Minidump\062912-50481-01.dmp
    2012-06-29 11:19 - 2012-06-29 11:19 - 00284344 ____A C:\Windows\Minidump\062912-49358-01.dmp
    2012-06-28 12:34 - 2012-06-28 12:34 - 00262144 ____A C:\Windows\Minidump\062812-57845-01.dmp
    2012-06-28 11:27 - 2011-06-11 08:33 - 00445818 ____A C:\Windows\DirectX.log
    2012-06-28 11:16 - 2012-06-28 11:16 - 00283816 ____A C:\Windows\Minidump\062812-42978-01.dmp
    2012-06-28 11:13 - 2012-06-28 11:13 - 00283976 ____A C:\Windows\Minidump\062812-37767-01.dmp
    2012-06-27 10:48 - 2012-06-27 10:48 - 00290888 ____A C:\Windows\Minidump\062712-48017-01.dmp
    2012-06-27 08:54 - 2012-06-27 08:53 - 00283816 ____A C:\Windows\Minidump\062712-50606-01.dmp
    2012-06-26 19:53 - 2012-06-26 19:53 - 00262144 ____A C:\Windows\Minidump\062612-42432-01.dmp
    2012-06-26 10:59 - 2012-06-26 10:59 - 00262224 ____A C:\Windows\Minidump\062612-57314-01.dmp
    2012-06-26 10:37 - 2012-06-26 10:36 - 00283600 ____A C:\Windows\Minidump\062612-59015-01.dmp
    2012-06-25 11:13 - 2012-06-25 11:13 - 00900608 ____A C:\Windows\System32\ContentDirectoryPresenter64.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00699904 ____A C:\Windows\SysWOW64\ContentDirectoryPresenter.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00030720 ____A C:\Windows\System32\MediaDB64.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00025600 ____A C:\Windows\SysWOW64\MediaDB.dll
    2012-06-25 09:55 - 2012-06-25 09:55 - 00281904 ____A C:\Windows\Minidump\062512-54069-01.dmp
    2012-06-25 09:55 - 2009-07-14 06:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-25 09:50 - 2012-06-25 09:50 - 00283736 ____A C:\Windows\Minidump\062512-57798-01.dmp
    2012-06-24 11:23 - 2012-06-24 11:23 - 00283736 ____A C:\Windows\Minidump\062412-56955-01.dmp
    2012-06-23 12:02 - 2012-06-23 12:02 - 00262144 ____A C:\Windows\Minidump\062312-52556-01.dmp
    2012-06-22 12:56 - 2012-06-22 12:56 - 00290888 ____A C:\Windows\Minidump\062212-43555-01.dmp
    2012-06-22 12:45 - 2012-06-22 12:45 - 00302824 ____A C:\Windows\Minidump\062212-39265-01.dmp
    2012-06-22 12:39 - 2012-06-22 12:39 - 00283816 ____A C:\Windows\Minidump\062212-44382-01.dmp
    2012-06-20 08:49 - 2012-06-20 08:49 - 00288944 ____A C:\Windows\Minidump\062012-44491-01.dmp
    2012-06-20 08:43 - 2012-06-20 08:43 - 00281712 ____A C:\Windows\Minidump\062012-40763-01.dmp
    2012-06-19 11:28 - 2012-06-19 11:28 - 00262144 ____A C:\Windows\Minidump\061912-65442-01.dmp
    2012-06-19 11:22 - 2012-06-19 11:22 - 00284584 ____A C:\Windows\Minidump\061912-62494-01.dmp
    2012-06-18 11:14 - 2012-06-18 11:14 - 00262144 ____A C:\Windows\Minidump\061812-51620-01.dmp
    2012-06-18 11:09 - 2012-06-18 11:09 - 00284344 ____A C:\Windows\Minidump\061812-53586-01.dmp
    2012-06-18 11:05 - 2012-06-18 11:05 - 00262224 ____A C:\Windows\Minidump\061812-54865-01.dmp
    2012-06-17 11:33 - 2012-06-17 11:33 - 00283600 ____A C:\Windows\Minidump\061712-40513-01.dmp
    2012-06-16 15:22 - 2012-06-16 15:22 - 00290056 ____A C:\Windows\Minidump\061612-41043-01.dmp
    2012-06-16 11:53 - 2012-06-16 11:53 - 00262144 ____A C:\Windows\Minidump\061612-68359-01.dmp
    2012-06-15 14:58 - 2012-06-15 14:58 - 00918016 ____A C:\Windows\System32\boost_regex-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00704000 ____A C:\Windows\SysWOW64\boost_regex-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00299520 ____A C:\Windows\System32\boost_serialization-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00227840 ____A C:\Windows\SysWOW64\boost_serialization-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00158720 ____A C:\Windows\System32\boost_filesystem-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00130048 ____A C:\Windows\SysWOW64\boost_filesystem-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00058880 ____A C:\Windows\System32\boost_thread-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00049152 ____A C:\Windows\System32\boost_date_time-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00046592 ____A C:\Windows\SysWOW64\boost_thread-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00038912 ____A C:\Windows\SysWOW64\boost_date_time-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00016896 ____A C:\Windows\System32\boost_system-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00012800 ____A C:\Windows\SysWOW64\boost_system-vc90-mt-1_47.dll
    2012-06-15 13:37 - 2012-06-15 13:37 - 111164587 ____A C:\Users\Dawid\Desktop\Professor Green - Remedy ft. Ruth Anne.mp4
    2012-06-15 10:44 - 2012-06-15 10:44 - 00262144 ____A C:\Windows\Minidump\061512-48765-01.dmp
    2012-06-14 18:59 - 2009-07-14 05:45 - 00327344 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 13:45 - 2012-06-13 13:45 - 00282896 ____A C:\Windows\Minidump\061312-36020-01.dmp
    2012-06-11 17:34 - 2012-06-11 17:34 - 00262192 ____A C:\Windows\Minidump\061112-38750-01.dmp
    2012-06-10 13:06 - 2012-06-10 13:06 - 00268632 ____A C:\Windows\Minidump\061012-42213-01.dmp
    2012-06-09 09:48 - 2012-06-09 09:48 - 00283656 ____A C:\Windows\Minidump\060912-43805-01.dmp
    2012-06-06 11:02 - 2012-06-06 11:02 - 00283656 ____A C:\Windows\Minidump\060612-61620-01.dmp
    2012-06-04 09:29 - 2011-06-10 16:41 - 00071656 ____A C:\Users\Dawid\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-04 06:12 - 2012-06-04 06:12 - 00262144 ____A C:\Windows\Minidump\060412-30763-01.dmp
    2012-06-03 23:35 - 2012-07-08 22:07 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-03 23:28 - 2011-06-26 08:45 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-03 10:36 - 2012-06-03 10:36 - 00284584 ____A C:\Windows\Minidump\060312-48984-01.dmp
    2012-06-03 10:26 - 2012-06-03 10:26 - 00262192 ____A C:\Windows\Minidump\060312-47268-01.dmp
    2012-06-02 23:19 - 2012-06-21 11:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 23:19 - 2012-06-21 11:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 23:19 - 2012-06-21 11:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 23:19 - 2012-06-21 11:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 23:19 - 2012-06-21 11:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 23:15 - 2012-06-21 11:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 23:15 - 2012-06-21 11:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 21:22 - 2012-06-02 21:22 - 00284344 ____A C:\Windows\Minidump\060212-40513-01.dmp
    2012-06-02 21:05 - 2012-06-02 21:05 - 00284504 ____A C:\Windows\Minidump\060212-38516-01.dmp
    2012-06-02 18:47 - 2012-06-02 18:47 - 00290912 ____A C:\Windows\Minidump\060212-37455-01.dmp
    2012-06-02 15:19 - 2012-06-21 11:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 15:15 - 2012-06-21 11:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 09:08 - 2012-06-02 09:08 - 00262144 ____A C:\Windows\Minidump\060212-44694-01.dmp
    2012-06-01 10:24 - 2012-06-01 10:24 - 00262144 ____A C:\Windows\Minidump\060112-32495-01.dmp
    2012-06-01 10:18 - 2012-06-01 10:18 - 00283416 ____A C:\Windows\Minidump\060112-35115-01.dmp
    2012-06-01 10:15 - 2012-06-01 10:15 - 00283416 ____A C:\Windows\Minidump\060112-35318-01.dmp
    2012-06-01 10:13 - 2012-06-01 10:12 - 00284424 ____A C:\Windows\Minidump\060112-38469-01.dmp
    2012-06-01 10:10 - 2012-06-01 10:10 - 00283360 ____A C:\Windows\Minidump\060112-31980-01.dmp
    2012-06-01 10:08 - 2012-06-01 10:08 - 00000000 ____A C:\Windows\Minidump\060112-34679-01.dmp
    2012-05-31 10:27 - 2012-05-31 10:27 - 00284152 ____A C:\Windows\Minidump\053112-30529-01.dmp
    2012-05-29 10:50 - 2012-05-29 10:50 - 00284424 ____A C:\Windows\Minidump\052912-48313-01.dmp
    2012-05-29 08:38 - 2012-05-23 18:49 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
    2012-05-29 00:01 - 2012-05-29 00:01 - 00262144 ____A C:\Windows\Minidump\052912-47767-01.dmp
    2012-05-23 18:50 - 2012-05-18 14:54 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
    2012-05-23 18:49 - 2012-06-04 09:25 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
    2012-05-23 18:49 - 2012-05-23 18:49 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
    2012-05-23 18:49 - 2012-05-23 18:49 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
    2012-05-21 03:09 - 2012-06-04 09:26 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
    2012-05-21 03:09 - 2012-06-04 09:26 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
    2012-05-18 16:34 - 2012-05-18 16:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-05-18 03:47 - 2012-06-14 00:37 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-18 03:16 - 2012-06-14 00:37 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-18 03:06 - 2012-06-14 00:37 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-18 02:59 - 2012-06-14 00:37 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-18 02:59 - 2012-06-14 00:37 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-18 02:58 - 2012-06-14 00:37 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-18 02:58 - 2012-06-14 00:37 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-18 02:56 - 2012-06-14 00:37 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-18 02:55 - 2012-06-14 00:37 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-18 02:55 - 2012-06-14 00:37 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-18 02:54 - 2012-06-14 00:37 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-18 02:51 - 2012-06-14 00:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-18 02:51 - 2012-06-14 00:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-18 02:47 - 2012-06-14 00:37 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-18 00:11 - 2012-06-14 00:37 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 23:48 - 2012-06-14 00:37 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 23:45 - 2012-06-14 00:37 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 23:36 - 2012-06-14 00:37 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 23:35 - 2012-06-14 00:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 23:35 - 2012-06-14 00:37 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 23:33 - 2012-06-14 00:37 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 23:31 - 2012-06-14 00:37 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 23:29 - 2012-06-14 00:37 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 23:29 - 2012-06-14 00:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 23:27 - 2012-06-14 00:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 23:25 - 2012-06-14 00:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 23:24 - 2012-06-14 00:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 23:20 - 2012-06-14 00:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-16 13:56 - 2012-05-16 13:56 - 00000212 ____A C:\Users\Dawid\Desktop\Test Drive Unlimited 2.url
    2012-05-15 02:32 - 2012-06-13 13:59 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-04 12:06 - 2012-06-13 13:59 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 11:03 - 2012-06-13 13:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 11:03 - 2012-06-13 13:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-01 06:40 - 2012-06-13 13:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 06:32 - 2012-06-13 13:58 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-28 04:55 - 2012-06-13 13:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 11:30 - 2012-04-27 11:30 - 00009681 ____A C:\Users\Dawid\.recently-used.xbel
    2012-04-26 06:41 - 2012-06-13 13:59 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 06:41 - 2012-06-13 13:59 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-26 06:34 - 2012-06-13 13:59 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 06:37 - 2012-06-13 13:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 06:37 - 2012-06-13 13:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 06:37 - 2012-06-13 13:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-24 05:36 - 2012-06-13 13:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-24 05:36 - 2012-06-13 13:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-24 05:36 - 2012-06-13 13:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-19 04:50 - 2012-04-19 04:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys

    ZeroAccess:
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L\00000004.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L\1afb2d56
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L\201d3dde
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\00000004.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\00000008.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\000000cb.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\80000000.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\80000032.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\80000064.@

    ZeroAccess:
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\@
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 4094.49 MB
    Available physical RAM: 3436.01 MB
    Total Pagefile: 4092.64 MB
    Available Pagefile: 3428.51 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:74.52 GB) (Free:17.13 GB) NTFS
    4 Drive f: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    9 Drive y: (SWA) (Fixed) (Total:931.51 GB) (Free:716.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Nr dysku Stan Rozmiar Wolne Dyn GPT
    -------- ------------- ------- ------- --- ---
    Dysk 0 Online 931 GB 0 B
    Dysk 1 Online 74 GB 8 MB
    Dysk 2 Online 1946 MB 0 B
    Dysk 3 Brak nośnika 0 B 0 B
    Dysk 4 Brak nośnika 0 B 0 B
    Dysk 5 Brak nośnika 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partycja ### Typ Rozmiar Przesunięcie
    ------------- ---------------- ------- ------------
    Partycja 1 Podstawowy 931 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partycja 1
    Typ : 07
    Ukryta : Nie
    Aktywna : Tak
    Przesunięcie w bajtach: 1048576

    Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Wolumin 1 Y SWA NTFS Partycja 931 GB Zdrowy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partycja ### Typ Rozmiar Przesunięcie
    ------------- ---------------- ------- ------------
    Partycja 1 Podstawowy 74 GB 31 KB

    ==================================================================================

    Disk: 1
    Partycja 1
    Typ : 07
    Ukryta : Nie
    Aktywna : Tak
    Przesunięcie w bajtach: 32256

    Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Wolumin 2 C NTFS Partycja 74 GB Zdrowy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partycja ### Typ Rozmiar Przesunięcie
    ------------- ---------------- ------- ------------
    Partycja 1 Podstawowy 1945 MB 123 KB

    ==================================================================================

    Disk: 2
    Partycja 1
    Typ : 06
    Ukryta : Nie
    Aktywna : Nie
    Przesunięcie w bajtach: 126464

    Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Wolumin 3 F FAT Wymienny 1945 MB Zdrowy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-08 10:14

    ======================= End Of Log ==========================

  7. #7
    Member
    Join Date
    Jul 2012
    Posts
    13
    Points
    0

    Default

    Here is the log from FRST:
    Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
    Ran by SYSTEM at 11-07-2012 16:53:15
    Running from F:\
    Windows 7 Ultimate (X64) OS Language: Polish
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
    HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [AllShare Play] "C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe" [397728 2012-06-29] (Samsung Electronics)
    HKLM-x32\...\Run: [TV Card Remote Control Device Monitor] C:\Windows\713xRMT.exe [466944 2008-06-17] ()
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-02] (LogMeIn Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-30] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1090440 2012-06-27] (Spigot, Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKU\Dawid\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Dawid\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
    HKU\Dawid\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
    HKU\Dawid\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
    HKU\Dawid\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-30] ()
    HKU\UpdatusUser\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe" [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kreator menedżera zawartości dla PlayStation(R).lnk
    ShortcutTarget: Kreator menedżera zawartości dla PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\TV Expert Schedule Agent.lnk
    ShortcutTarget: TV Expert Schedule Agent.lnk -> C:\Program Files (x86)\TV Expert\ADTVScheduleAgent.exe ()

    ==================== Services (Whitelisted) ======

    2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.0.93\AllShareFrameworkManagerDMS.exe [32768 2012-06-25] (Samsung)
    2 AllShare Play Install Service; C:\Program Files\Samsung\AllShare Play\utils\AllSharePlayInstallSvc.exe [16896 2012-06-29] ()
    2 AntUpdaterService; "C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe" [520216 2011-06-29] (Ant.com)
    2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [791488 2012-06-27] (Spigot, Inc.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (BitComet - A free C++ BitTorrent/HTTP/FTP Download Client)
    2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6724632 2012-07-09] (Prevx)
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-02] (LogMeIn Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
    2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
    3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
    3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
    3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    3 3xHybr64; C:\Windows\System32\Drivers\3xHybr64.sys [1425920 2010-12-01] (NXP Semiconductors Germany GmbH)
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-12] (DT Soft Ltd)
    3 gdrv; \??\C:\Windows\gdrv.sys [24072 2011-06-09] (Windows (R) Server 2003 DDK provider)
    3 GES_CoreDriver; C:\Windows\System32\Drivers\GES_CoreDriver.sys [259080 2011-11-19] (Jungo)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    3 pxkbf; C:\Windows\System32\Drivers\pxkbf.sys [24024 2012-07-09] (Prevx)
    1 pxrts; C:\Windows\System32\Drivers\pxrts.sys [65736 2012-07-09] (Prevx)
    0 pxscan; C:\Windows\System32\Drivers\pxscan.sys [36384 2012-07-09] (Prevx)
    3 SaiK0CEA; C:\Windows\System32\Drivers\SaiK0CEA.sys [129024 2008-04-04] (Saitek)
    3 SaiU0CEA; C:\Windows\System32\Drivers\SaiU0CEA.sys [34432 2008-04-04] (Saitek)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-11 16:53 - 2012-07-11 16:53 - 00000000 ____D C:\FRST
    2012-07-11 16:41 - 2012-07-11 16:41 - 01434551 ____A (Farbar) C:\Users\Dawid\Desktop\FRST64.exe
    2012-07-11 11:21 - 2012-07-11 11:21 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0FF9DBD5-D410-4E96-A167-41D01B784662}
    2012-07-11 11:20 - 2012-07-11 11:21 - 00000000 ____D C:\Users\Dawid\AppData\Local\{238D5842-DE62-48C8-9983-14EB149BD211}
    2012-07-11 11:16 - 2012-07-11 11:16 - 00000000 ____D C:\Users\Dawid\AppData\Local\{AADE74C0-B9FC-40AB-9D37-D4A159DD485B}
    2012-07-11 11:15 - 2012-07-11 11:16 - 00000000 ____D C:\Users\Dawid\AppData\Local\{E893F07C-00CB-497D-9D3D-C070332B7134}
    2012-07-10 21:02 - 2012-07-10 21:02 - 82380696 ____A (Flexera Software) C:\Users\Dawid\Desktop\AllSharePlay_Installer64.exe
    2012-07-10 20:54 - 2012-07-10 20:54 - 00000000 ____D C:\Upload
    2012-07-10 20:53 - 2012-07-10 21:06 - 00000000 ____D C:\Program Files\Samsung
    2012-07-10 20:53 - 2012-07-10 21:06 - 00000000 ____D C:\AllShare Play
    2012-07-10 20:53 - 2012-07-10 20:53 - 00000000 ___HD C:\Users\Dawid\InstallAnywhere
    2012-07-10 20:53 - 2012-07-10 20:53 - 00000000 ___HD C:\Program Files\Zero G Registry
    2012-07-10 20:53 - 2012-07-10 20:53 - 00000000 ____D C:\Program Files\jre
    2012-07-10 12:19 - 2012-07-10 12:22 - 00001878 ____A C:\Users\Dawid\Desktop\aswMBR.txt
    2012-07-10 12:19 - 2012-07-10 12:19 - 00000512 ____A C:\Users\Dawid\Desktop\MBR.dat
    2012-07-10 10:32 - 2012-07-10 10:33 - 00000000 ____D C:\Users\Dawid\AppData\Local\{61F71A1D-12D7-409D-96EE-9F1E49588596}
    2012-07-10 10:32 - 2012-07-10 10:32 - 00000000 ____D C:\Users\Dawid\AppData\Local\{8BD97B9F-1CFF-4A9A-A0A0-B93B6C37DC7A}
    2012-07-10 10:24 - 2012-07-10 10:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B6EF0361-368E-46CD-9D41-EE8144A277D0}
    2012-07-10 10:24 - 2012-07-10 10:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0FA3BFE5-A121-4979-9801-859B581E9E0E}
    2012-07-09 14:17 - 2012-07-09 14:17 - 00015529 ____A C:\Users\Dawid\Desktop\hijackthis.log
    2012-07-09 13:43 - 2012-07-09 13:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4C31D128-9E47-46A8-B2CB-7BD6B74E04A2}
    2012-07-09 13:43 - 2012-07-09 13:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4614EEB5-88EB-4F4E-AB3E-4C0E2E494CB2}
    2012-07-09 01:34 - 2012-07-09 01:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{8CB8FC3A-D529-42A4-A36B-EA046EA3D2CB}
    2012-07-09 01:33 - 2012-07-09 01:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DB3C3B62-7F43-4E22-8EFD-FE721A17B3BD}
    2012-07-09 01:25 - 2012-07-09 01:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-09 01:25 - 2012-07-09 01:25 - 00000000 ____D C:\Users\Dawid\AppData\Roaming\Malwarebytes
    2012-07-09 01:25 - 2012-07-09 01:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-09 01:25 - 2012-07-09 01:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-09 01:25 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-09 01:10 - 2012-07-09 01:10 - 00000000 ____D C:\Program Files (x86)\ToniArts
    2012-07-09 01:09 - 2012-07-09 01:09 - 00002097 ____A C:\Users\Dawid\Desktop\HijackThis.lnk
    2012-07-09 01:09 - 2012-07-09 01:09 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2012-07-09 00:55 - 2012-07-09 00:59 - 00000000 ____D C:\Users\All Users\PrevxCSI
    2012-07-09 00:55 - 2012-07-09 00:55 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
    2012-07-09 00:55 - 2012-07-09 00:55 - 00036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00000050 ____A C:\Windows\wininit.ini
    2012-07-09 00:55 - 2012-07-09 00:55 - 00000000 ____D C:\Program Files\Prevx
    2012-07-09 00:54 - 2012-07-09 00:55 - 01044664 ____A (Prevx) C:\Users\Dawid\Desktop\prevxsafeonline.exe
    2012-07-08 22:07 - 2012-06-03 23:35 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-07-08 11:09 - 2012-07-08 11:09 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-08 10:26 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A93610B9-4F1A-4670-8151-A912DACD6977}
    2012-07-08 10:25 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0C6C915C-4F1C-4787-8B58-F99D5230C59E}
    2012-07-07 22:24 - 2012-07-07 22:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FE938416-1C06-4D1C-BF96-7F99F11778D0}
    2012-07-07 10:24 - 2012-07-07 10:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{3C12220A-9B5B-4DA5-9B3F-4917B38E5B7E}
    2012-07-07 10:23 - 2012-07-07 22:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{94CC218F-11A2-4D67-BD46-4D2675A19D64}
    2012-07-06 21:46 - 2012-07-06 21:46 - 00000000 ____D C:\Users\Dawid\AppData\Local\{210E1FE5-5F5B-4BCC-9C73-FF61B3DC3C1E}
    2012-07-06 09:45 - 2012-07-06 21:46 - 00000000 ____D C:\Users\Dawid\AppData\Local\{1B14D673-F6D8-4372-9A3E-11E42A71E153}
    2012-07-06 09:45 - 2012-07-06 09:45 - 00000000 ____D C:\Users\Dawid\AppData\Local\{44999461-CBAB-46A6-B986-97F193CD3127}
    2012-07-06 07:14 - 2012-07-06 07:14 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D7176398-DD51-439B-8EA3-E3C73FB1F48F}
    2012-07-06 07:14 - 2012-07-06 07:14 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B07085B5-7B65-48A3-8607-6F7D3BC19B69}
    2012-07-04 23:28 - 2012-07-04 23:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DEF5031F-4741-4062-90BF-FEE671A43BF8}
    2012-07-04 23:28 - 2012-07-04 23:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0E125332-B888-4E57-A3B3-CDFBAF0EA390}
    2012-07-04 11:27 - 2012-07-04 11:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{7DF7A43E-478E-448D-8DF6-1E44328643C7}
    2012-07-04 11:27 - 2012-07-04 11:27 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4F4306CF-06B8-4B80-8C1F-B016160A38E4}
    2012-07-03 13:36 - 2012-07-03 13:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{EE8A9B80-3F7C-42AC-AEC3-321C52A0170B}
    2012-07-03 13:35 - 2012-07-03 13:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BC4706B7-9255-46B2-B8A7-13070DF6C8A4}
    2012-07-03 01:35 - 2012-07-03 01:35 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A4DF48B7-E1B2-499D-9563-E9BAA60DEDEC}
    2012-07-03 01:35 - 2012-07-03 01:35 - 00000000 ____D C:\Users\Dawid\AppData\Local\{183EA1FC-E55D-4DFF-8825-0AFD0D68CF51}
    2012-07-02 19:58 - 2012-07-02 19:58 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
    2012-07-02 19:58 - 2012-07-02 19:58 - 00000000 ____D C:\Program Files (x86)\Application Updater
    2012-07-02 13:34 - 2012-07-02 13:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{577DF8CA-66BC-4182-93EA-CFCBD1C4EE8B}
    2012-07-02 13:34 - 2012-07-02 13:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{38ACE13B-5DDB-4FD2-8A70-4BCFCBC0B95F}
    2012-07-02 01:33 - 2012-07-02 01:33 - 00000000 ____D C:\Users\Dawid\AppData\Local\{C1CDC51C-DEC2-4EBE-A476-2BDD41EB66AC}
    2012-07-01 20:40 - 2012-07-01 20:40 - 309078029 ____A C:\Users\Dawid\Desktop\Diary of a badman 2.1.mp4
    2012-07-01 13:32 - 2012-07-02 01:33 - 00000000 ____D C:\Users\Dawid\AppData\Local\{8E84B9B0-5568-492B-B0D9-AF5920763170}
    2012-07-01 13:32 - 2012-07-01 13:33 - 00000000 ____D C:\Users\Dawid\AppData\Local\{2CA33F56-1528-4AD6-AF73-DCBEF1121AEF}
    2012-06-30 11:29 - 2012-06-30 11:29 - 00000000 ____D C:\Users\Dawid\AppData\Local\{1058A6A5-30B9-4493-9CA5-0399867564E9}
    2012-06-30 11:28 - 2012-06-30 11:29 - 00000000 ____D C:\Users\Dawid\AppData\Local\{74FC1046-0CB0-43EB-9866-B963B2007C1F}
    2012-06-30 10:08 - 2012-06-30 10:08 - 417962211 ____A C:\Windows\MEMORY.DMP
    2012-06-29 23:28 - 2012-06-29 23:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BE0913CA-3D29-42E9-85C9-762AF74617FB}
    2012-06-29 23:28 - 2012-06-29 23:28 - 00000000 ____D C:\Users\Dawid\AppData\Local\{681F7E78-A762-41EB-BAB4-812BA3C55479}
    2012-06-29 14:04 - 2012-06-29 14:04 - 00290888 ____A C:\Windows\Minidump\062912-59982-01.dmp
    2012-06-29 11:27 - 2012-06-29 11:27 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D8A97E54-677C-4A5E-8D2A-D0E4D0377FA6}
    2012-06-29 11:27 - 2012-06-29 11:27 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D14381A5-B2AB-43A1-B301-866419F5CA3E}
    2012-06-29 11:25 - 2012-06-29 11:26 - 00285784 ____A C:\Windows\Minidump\062912-50481-01.dmp
    2012-06-29 11:22 - 2012-06-29 11:22 - 00000000 ____D C:\Users\Dawid\AppData\Local\{90AC3D66-42E9-4134-8444-8C4E8975172D}
    2012-06-29 11:22 - 2012-06-29 11:22 - 00000000 ____D C:\Users\Dawid\AppData\Local\{556741CA-9CBB-4881-B702-2B3AC1D95184}
    2012-06-29 11:19 - 2012-06-29 11:19 - 00284344 ____A C:\Windows\Minidump\062912-49358-01.dmp
    2012-06-29 10:12 - 2012-06-29 10:12 - 00000000 ____D C:\Users\Dawid\AppData\Local\{F0FF334E-019D-4F9A-96BF-30F40E9211F3}
    2012-06-29 10:11 - 2012-06-29 10:12 - 00000000 ____D C:\Users\Dawid\AppData\Local\{0CCCE410-CA6C-4B36-B995-9F49593D660C}
    2012-06-28 12:42 - 2012-06-28 12:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DB09FFFE-FD76-43F7-BE2C-2A4A9B3B4B05}
    2012-06-28 12:42 - 2012-06-28 12:42 - 00000000 ____D C:\Users\Dawid\AppData\Local\{90EAC84E-1ED9-44F6-9B90-8AD98781A29C}
    2012-06-28 12:36 - 2012-06-28 12:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{E215224B-EC71-4BC7-B19F-AF7444A1B869}
    2012-06-28 12:36 - 2012-06-28 12:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{89FC84E3-0F1E-49DA-9BD0-61069A8E3991}
    2012-06-28 12:34 - 2012-06-28 12:34 - 00262144 ____A C:\Windows\Minidump\062812-57845-01.dmp
    2012-06-28 11:31 - 2012-06-28 11:31 - 00000000 ____D C:\Windows\en
    2012-06-28 11:30 - 2012-06-28 11:30 - 00000000 ____D C:\Windows\pl
    2012-06-28 11:28 - 2012-06-28 11:28 - 00000000 ____D C:\Program Files\Windows Live
    2012-06-28 11:18 - 2012-06-28 11:18 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BAD7037C-7F0E-4C43-B067-081CA1531C8E}
    2012-06-28 11:17 - 2012-06-28 11:17 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B2AB507E-C78A-4DE5-95A0-F5E5EC56231A}
    2012-06-28 11:16 - 2012-06-28 11:16 - 00283816 ____A C:\Windows\Minidump\062812-42978-01.dmp
    2012-06-28 11:13 - 2012-06-28 11:14 - 00000000 ____D C:\Users\Dawid\AppData\Local\{AA2FA7AE-687B-41A0-8408-6E33E68B7DE7}
    2012-06-28 11:13 - 2012-06-28 11:13 - 00283976 ____A C:\Windows\Minidump\062812-37767-01.dmp
    2012-06-28 11:10 - 2012-06-28 11:10 - 00000000 ____D C:\Users\Dawid\AppData\Local\{19889FF8-D103-4DC7-AEAA-6CCE6545D0AA}
    2012-06-28 11:08 - 2012-06-28 11:10 - 00000000 ____D C:\Users\Dawid\AppData\Local\{84A932A7-5B9F-4DF4-8710-5E784AC17F3E}
    2012-06-27 10:49 - 2012-06-27 10:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FE60EBEE-0481-4E0B-9560-B1368D476093}
    2012-06-27 10:49 - 2012-06-27 10:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{3A0289DD-476F-419C-B3B4-26C7922AADE0}
    2012-06-27 10:48 - 2012-06-27 10:48 - 00290888 ____A C:\Windows\Minidump\062712-48017-01.dmp
    2012-06-27 08:55 - 2012-06-27 08:55 - 00000000 ____D C:\Users\Dawid\AppData\Local\{61D57555-EE2F-41FC-8FBB-97A156242CAE}
    2012-06-27 08:54 - 2012-06-27 08:55 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D51AA0E7-EA24-478E-A97E-FFB2F31E026D}
    2012-06-27 08:53 - 2012-06-27 08:54 - 00283816 ____A C:\Windows\Minidump\062712-50606-01.dmp
    2012-06-27 08:50 - 2012-06-27 08:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FD0FF3D3-2319-478A-9824-10B0B54C9CE0}
    2012-06-27 08:48 - 2012-06-27 08:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{03657BCD-BB85-4C17-9F0A-D3B66E45DEFD}
    2012-06-26 19:54 - 2012-06-26 19:54 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B7F637AA-C568-4262-8FEF-6FE81640EF12}
    2012-06-26 19:54 - 2012-06-26 19:54 - 00000000 ____D C:\Users\Dawid\AppData\Local\{AA2B68E6-877E-48A8-BA5E-353B5AD9FAFE}
    2012-06-26 19:53 - 2012-06-26 19:53 - 00262144 ____A C:\Windows\Minidump\062612-42432-01.dmp
    2012-06-26 15:23 - 2012-06-26 15:23 - 00000000 ____D C:\Users\Dawid\AppData\Local\{9C8551C9-FC99-4A03-B9FC-1276ACE3EE5B}
    2012-06-26 15:23 - 2012-06-26 15:23 - 00000000 ____D C:\Users\Dawid\AppData\Local\{95B1238A-5F9D-4737-878F-E894F7A074BF}
    2012-06-26 11:17 - 2012-06-26 11:18 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B273A880-2195-418E-8E8A-2E058252AA05}
    2012-06-26 11:17 - 2012-06-26 11:17 - 00000000 ____D C:\Users\Dawid\AppData\Local\{497F1950-0F96-4718-965A-0BA5E099602C}
    2012-06-26 11:00 - 2012-06-26 11:01 - 00000000 ____D C:\Users\Dawid\AppData\Local\{5A4D1CBC-7F26-4E50-943C-D8FA0B8C5236}
    2012-06-26 11:00 - 2012-06-26 11:00 - 00000000 ____D C:\Users\Dawid\AppData\Local\{50042972-5076-4BFC-A2FC-5C5A20620253}
    2012-06-26 10:59 - 2012-06-26 10:59 - 00262224 ____A C:\Windows\Minidump\062612-57314-01.dmp
    2012-06-26 10:38 - 2012-06-26 10:38 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A34A04F2-16D4-4ACC-809E-6F0A4CA20909}
    2012-06-26 10:37 - 2012-06-26 10:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DAC59657-357A-430F-AF42-C22E5B0E2A33}
    2012-06-26 10:36 - 2012-06-26 10:37 - 00283600 ____A C:\Windows\Minidump\062612-59015-01.dmp
    2012-06-25 11:13 - 2012-06-25 11:13 - 00900608 ____A C:\Windows\System32\ContentDirectoryPresenter64.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00699904 ____A C:\Windows\SysWOW64\ContentDirectoryPresenter.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00030720 ____A C:\Windows\System32\MediaDB64.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00025600 ____A C:\Windows\SysWOW64\MediaDB.dll
    2012-06-25 10:03 - 2012-06-25 10:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FF758372-0791-4018-9EBF-C8CEDB819CD1}
    2012-06-25 10:02 - 2012-06-25 10:02 - 00000000 ____D C:\Users\Dawid\AppData\Local\{653256B2-7201-421B-8AA2-06A7B22B2493}
    2012-06-25 09:56 - 2012-06-25 09:57 - 00000000 ____D C:\Users\Dawid\AppData\Local\{3E173094-DB73-49FF-82FA-E68E599518A3}
    2012-06-25 09:56 - 2012-06-25 09:56 - 00000000 ____D C:\Users\Dawid\AppData\Local\{99ECDF13-F67C-47BC-8E7D-80AB07BB5D7B}
    2012-06-25 09:55 - 2012-06-25 09:55 - 00281904 ____A C:\Windows\Minidump\062512-54069-01.dmp
    2012-06-25 09:50 - 2012-06-25 09:50 - 00283736 ____A C:\Windows\Minidump\062512-57798-01.dmp
    2012-06-25 09:48 - 2012-06-25 09:48 - 00000000 ____D C:\Users\Dawid\AppData\Local\{E66073A2-7D31-4945-A211-3F84D1938A28}
    2012-06-25 09:47 - 2012-06-25 09:48 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A0F2532B-DD10-4EEA-A8B4-AFF5711C966A}
    2012-06-24 11:24 - 2012-06-24 11:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DCC5F8E7-ED50-4ED8-AFCA-D55FBFC8C16A}
    2012-06-24 11:23 - 2012-06-24 11:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{28224957-549E-4E26-8DFB-B39C6979F412}
    2012-06-24 11:23 - 2012-06-24 11:23 - 00283736 ____A C:\Windows\Minidump\062412-56955-01.dmp
    2012-06-24 10:44 - 2012-06-24 10:44 - 00000000 ____D C:\Users\Dawid\AppData\Local\{DE83738B-7220-4FE5-912A-D08D345D6E12}
    2012-06-23 14:21 - 2012-06-23 14:21 - 00000000 ____D C:\Users\Dawid\AppData\Local\Macromedia
    2012-06-23 12:30 - 2012-06-23 12:30 - 00000000 ____D C:\Users\Dawid\AppData\Local\{1F305A9C-7057-489C-94CF-A321525222C0}
    2012-06-23 12:29 - 2012-06-23 12:29 - 00000000 ____D C:\Users\Dawid\AppData\Local\{81898A02-3383-4089-8614-D2B6CBE85670}
    2012-06-23 12:11 - 2012-06-23 12:12 - 00000000 ____D C:\Users\Dawid\AppData\Local\{335392EA-17AB-42A4-A258-F57C1A79E110}
    2012-06-23 12:03 - 2012-06-23 12:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{D3E4F2C5-E22D-4EED-9E37-DF61734B09BB}
    2012-06-23 12:03 - 2012-06-23 12:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4892B502-419A-4F8D-A1A3-BDB3640899EC}
    2012-06-23 12:02 - 2012-06-23 12:02 - 00262144 ____A C:\Windows\Minidump\062312-52556-01.dmp
    2012-06-22 12:57 - 2012-06-22 12:57 - 00000000 ____D C:\Users\Dawid\AppData\Local\{98A5201A-C045-4A8F-81A8-B4A51962EDBD}
    2012-06-22 12:57 - 2012-06-22 12:57 - 00000000 ____D C:\Users\Dawid\AppData\Local\{40C288C5-CEA5-429D-9A9C-8FFCEF105095}
    2012-06-22 12:56 - 2012-06-22 12:56 - 00290888 ____A C:\Windows\Minidump\062212-43555-01.dmp
    2012-06-22 12:50 - 2012-06-22 12:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B1E2FE7D-6486-488A-ACFA-970D5F703C05}
    2012-06-22 12:49 - 2012-06-22 12:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{20AD74D6-DB7D-40FB-A894-BFF6DBE94BD5}
    2012-06-22 12:45 - 2012-06-22 12:45 - 00302824 ____A C:\Windows\Minidump\062212-39265-01.dmp
    2012-06-22 12:39 - 2012-06-22 12:39 - 00283816 ____A C:\Windows\Minidump\062212-44382-01.dmp
    2012-06-22 12:35 - 2012-06-22 12:35 - 00000000 ____D C:\Users\Dawid\AppData\Local\{FBC49D97-AC0D-4CFD-B8F2-1A3A7AAE67D9}
    2012-06-21 11:14 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 11:14 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 11:14 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 11:14 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 11:14 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 11:14 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 11:14 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 11:13 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 11:13 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 11:09 - 2012-06-21 11:09 - 00000000 ____D C:\Users\Dawid\AppData\Local\{5678C27F-A4FC-4628-8203-09E7A476ED4A}
    2012-06-21 11:08 - 2012-06-21 11:09 - 00000000 ____D C:\Users\Dawid\AppData\Local\{13CB17FD-A744-4184-8B85-5AD5796F0EDF}
    2012-06-20 08:50 - 2012-06-20 08:51 - 00000000 ____D C:\Users\Dawid\AppData\Local\{967D47C0-F9CE-43E7-BBA3-E1889604C711}
    2012-06-20 08:50 - 2012-06-20 08:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{577323AE-70F0-42F0-BC93-3496D068DC6A}
    2012-06-20 08:49 - 2012-06-20 08:49 - 00288944 ____A C:\Windows\Minidump\062012-44491-01.dmp
    2012-06-20 08:44 - 2012-06-20 08:45 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BA82EC1B-50AC-4E32-9922-E49BE0E59589}
    2012-06-20 08:44 - 2012-06-20 08:44 - 00000000 ____D C:\Users\Dawid\AppData\Local\{AE1E8ABC-FA99-4638-B98A-2D5B9E29A349}
    2012-06-20 08:43 - 2012-06-20 08:43 - 00281712 ____A C:\Windows\Minidump\062012-40763-01.dmp
    2012-06-20 08:25 - 2012-06-20 08:25 - 00000000 ____D C:\Users\Dawid\AppData\Local\{389178F0-816F-41C5-B066-41BFDB065A92}
    2012-06-20 08:24 - 2012-06-20 08:25 - 00000000 ____D C:\Users\Dawid\AppData\Local\{9BDC9FF7-880B-4F2E-8848-4A8793DDF66A}
    2012-06-19 11:36 - 2012-06-19 11:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{651460B7-A38D-4514-BDBB-34022D93A984}
    2012-06-19 11:36 - 2012-06-19 11:36 - 00000000 ____D C:\Users\Dawid\AppData\Local\{292DC0EC-82A2-4C29-8AEF-9D56CBEBE005}
    2012-06-19 11:31 - 2012-06-19 11:31 - 00000000 ____D C:\Users\Dawid\AppData\Local\{855B713F-E6CB-4257-AE38-156A2DEA4E62}
    2012-06-19 11:30 - 2012-06-19 11:31 - 00000000 ____D C:\Users\Dawid\AppData\Local\{891056F1-04F7-48B4-9425-144FDBF752F1}
    2012-06-19 11:28 - 2012-06-19 11:28 - 00262144 ____A C:\Windows\Minidump\061912-65442-01.dmp
    2012-06-19 11:22 - 2012-06-19 11:22 - 00284584 ____A C:\Windows\Minidump\061912-62494-01.dmp
    2012-06-18 23:17 - 2012-06-18 23:17 - 00000000 ____D C:\Users\Dawid\AppData\Local\{BEED1022-12F1-46E9-BB61-B2AD321110CF}
    2012-06-18 11:14 - 2012-06-18 11:14 - 00262144 ____A C:\Windows\Minidump\061812-51620-01.dmp
    2012-06-18 11:09 - 2012-06-18 11:09 - 00284344 ____A C:\Windows\Minidump\061812-53586-01.dmp
    2012-06-18 11:05 - 2012-06-18 11:05 - 00262224 ____A C:\Windows\Minidump\061812-54865-01.dmp
    2012-06-18 09:24 - 2012-06-18 09:24 - 00000000 ____D C:\Users\Dawid\AppData\Local\{F37DB341-D3A8-4E08-B633-F7F849659B89}
    2012-06-17 11:34 - 2012-06-17 11:34 - 00000000 ____D C:\Users\Dawid\AppData\Local\{81DC8EDA-1607-47E9-A0F0-7672CA1C287E}
    2012-06-17 11:33 - 2012-06-17 11:33 - 00283600 ____A C:\Windows\Minidump\061712-40513-01.dmp
    2012-06-16 15:22 - 2012-06-16 15:22 - 00290056 ____A C:\Windows\Minidump\061612-41043-01.dmp
    2012-06-16 11:53 - 2012-06-16 11:53 - 00262144 ____A C:\Windows\Minidump\061612-68359-01.dmp
    2012-06-16 10:44 - 2012-06-16 10:44 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4DA6001D-9817-4CED-A1AC-21B6BE441B7A}
    2012-06-15 14:58 - 2012-06-15 14:58 - 00918016 ____A C:\Windows\System32\boost_regex-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00704000 ____A C:\Windows\SysWOW64\boost_regex-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00299520 ____A C:\Windows\System32\boost_serialization-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00227840 ____A C:\Windows\SysWOW64\boost_serialization-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00158720 ____A C:\Windows\System32\boost_filesystem-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00130048 ____A C:\Windows\SysWOW64\boost_filesystem-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00058880 ____A C:\Windows\System32\boost_thread-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00049152 ____A C:\Windows\System32\boost_date_time-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00046592 ____A C:\Windows\SysWOW64\boost_thread-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00038912 ____A C:\Windows\SysWOW64\boost_date_time-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00016896 ____A C:\Windows\System32\boost_system-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00012800 ____A C:\Windows\SysWOW64\boost_system-vc90-mt-1_47.dll
    2012-06-15 13:37 - 2012-06-15 13:37 - 111164587 ____A C:\Users\Dawid\Desktop\Professor Green - Remedy ft. Ruth Anne.mp4
    2012-06-15 10:44 - 2012-06-15 10:44 - 00262144 ____A C:\Windows\Minidump\061512-48765-01.dmp
    2012-06-15 10:29 - 2012-06-15 10:29 - 00000000 ____D C:\Users\Dawid\AppData\Local\{C5667E6A-25C8-449C-9520-1C2922C35D0F}
    2012-06-14 21:49 - 2012-06-14 21:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\{97A8B2EE-EC10-453E-9D20-D8F32BFA79EC}
    2012-06-14 21:49 - 2012-06-14 21:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{85F5ACF8-53BE-40FC-B8C7-D89613B335F2}
    2012-06-14 21:43 - 2012-06-14 21:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{42F4C9E3-B5C2-44EF-A837-7778E8DA9E87}
    2012-06-14 21:42 - 2012-06-14 21:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{4CDD6624-DB0F-45FA-8851-B19AE6E92285}
    2012-06-14 20:49 - 2012-06-14 20:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{B08F52D6-D4F5-4CF1-914C-CE1E94A85120}
    2012-06-14 20:49 - 2012-06-14 20:49 - 00000000 ____D C:\Users\Dawid\AppData\Local\{8C00B376-ECCC-4F06-BCA1-0EC178533804}
    2012-06-14 20:37 - 2012-06-14 20:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{5B8223EF-81C9-42C9-8199-CEA1A9FED3BA}
    2012-06-14 20:36 - 2012-06-14 20:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{51CB3CA6-FB04-4FEB-A3AA-4F7AE4E7756A}
    2012-06-14 19:03 - 2012-06-14 19:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{97F8309B-735F-4CF7-ACD1-1403AA6A61AF}
    2012-06-14 19:02 - 2012-06-14 19:03 - 00000000 ____D C:\Users\Dawid\AppData\Local\{A4680132-5E5E-4807-BF33-3BC7AB6C596B}
    2012-06-14 00:37 - 2012-05-18 03:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 00:37 - 2012-05-18 03:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 00:37 - 2012-05-18 03:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 00:37 - 2012-05-18 02:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 00:37 - 2012-05-18 02:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 00:37 - 2012-05-18 02:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 00:37 - 2012-05-18 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 00:37 - 2012-05-18 02:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 00:37 - 2012-05-18 02:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 00:37 - 2012-05-18 02:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 00:37 - 2012-05-18 02:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 00:37 - 2012-05-18 02:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 00:37 - 2012-05-18 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 00:37 - 2012-05-18 02:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 00:37 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 00:37 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 00:37 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 00:37 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 00:37 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 00:37 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 00:37 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 00:37 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 00:37 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 00:37 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 00:37 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 00:37 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 00:37 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 00:37 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 13:59 - 2012-05-15 02:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 13:59 - 2012-05-04 12:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 13:59 - 2012-05-04 11:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 13:59 - 2012-05-04 11:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 13:59 - 2012-05-01 06:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 13:59 - 2012-04-26 06:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 13:59 - 2012-04-26 06:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 13:59 - 2012-04-26 06:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 13:58 - 2012-04-28 06:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-13 13:58 - 2012-04-28 04:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 13:58 - 2012-04-24 06:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 13:58 - 2012-04-24 06:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 13:58 - 2012-04-24 06:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 13:58 - 2012-04-24 05:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 13:58 - 2012-04-24 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 13:58 - 2012-04-24 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 13:58 - 2012-04-07 13:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 13:58 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 13:45 - 2012-06-13 13:45 - 00282896 ____A C:\Windows\Minidump\061312-36020-01.dmp
    2012-06-12 09:43 - 2012-06-12 09:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{58DCCED6-5606-41EB-965F-762D747275CC}
    2012-06-12 09:42 - 2012-06-12 09:43 - 00000000 ____D C:\Users\Dawid\AppData\Local\{71CF4254-5430-495F-8E45-3F84BCF1014C}
    2012-06-11 17:37 - 2012-06-11 17:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{960442BD-D496-414E-B6FF-864E82505FDE}
    2012-06-11 17:36 - 2012-06-11 17:37 - 00000000 ____D C:\Users\Dawid\AppData\Local\{369887D6-CDFF-4C6D-B4CC-25E8416C9214}
    2012-06-11 17:34 - 2012-06-11 17:34 - 00262192 ____A C:\Windows\Minidump\061112-38750-01.dmp

    ============ 3 Months Modified Files ========================

    2012-07-11 16:48 - 2012-03-10 22:10 - 00000324 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
    2012-07-11 16:48 - 2011-06-09 14:58 - 01943201 ____A C:\Windows\WindowsUpdate.log
    2012-07-11 16:41 - 2012-07-11 16:41 - 01434551 ____A (Farbar) C:\Users\Dawid\Desktop\FRST64.exe
    2012-07-11 15:59 - 2011-12-15 00:41 - 00001046 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-11 12:59 - 2011-12-15 00:41 - 00001042 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-11 11:28 - 2009-07-14 05:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-11 11:28 - 2009-07-14 05:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-11 11:19 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-11 11:18 - 2009-07-14 05:51 - 00138678 ____A C:\Windows\setupact.log
    2012-07-11 11:13 - 2011-06-12 06:54 - 00032118 ____A C:\Windows\PFRO.log
    2012-07-10 21:02 - 2012-07-10 21:02 - 82380696 ____A (Flexera Software) C:\Users\Dawid\Desktop\AllSharePlay_Installer64.exe
    2012-07-10 12:22 - 2012-07-10 12:19 - 00001878 ____A C:\Users\Dawid\Desktop\aswMBR.txt
    2012-07-10 12:19 - 2012-07-10 12:19 - 00000512 ____A C:\Users\Dawid\Desktop\MBR.dat
    2012-07-09 14:17 - 2012-07-09 14:17 - 00015529 ____A C:\Users\Dawid\Desktop\hijackthis.log
    2012-07-09 01:25 - 2012-07-09 01:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-09 01:09 - 2012-07-09 01:09 - 00002097 ____A C:\Users\Dawid\Desktop\HijackThis.lnk
    2012-07-09 00:55 - 2012-07-09 00:55 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
    2012-07-09 00:55 - 2012-07-09 00:55 - 00036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
    2012-07-09 00:55 - 2012-07-09 00:55 - 00000050 ____A C:\Windows\wininit.ini
    2012-07-09 00:55 - 2012-07-09 00:54 - 01044664 ____A (Prevx) C:\Users\Dawid\Desktop\prevxsafeonline.exe
    2012-07-08 10:59 - 2012-04-01 10:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-08 10:59 - 2011-06-09 20:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-01 20:40 - 2012-07-01 20:40 - 309078029 ____A C:\Users\Dawid\Desktop\Diary of a badman 2.1.mp4
    2012-06-30 10:08 - 2012-06-30 10:08 - 417962211 ____A C:\Windows\MEMORY.DMP
    2012-06-29 18:17 - 2009-07-14 18:55 - 03083954 ____A C:\Windows\System32\perfh015.dat
    2012-06-29 18:17 - 2009-07-14 18:55 - 00950442 ____A C:\Windows\System32\perfc015.dat
    2012-06-29 18:17 - 2009-07-14 06:13 - 00006248 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-29 14:04 - 2012-06-29 14:04 - 00290888 ____A C:\Windows\Minidump\062912-59982-01.dmp
    2012-06-29 11:26 - 2012-06-29 11:25 - 00285784 ____A C:\Windows\Minidump\062912-50481-01.dmp
    2012-06-29 11:19 - 2012-06-29 11:19 - 00284344 ____A C:\Windows\Minidump\062912-49358-01.dmp
    2012-06-28 12:34 - 2012-06-28 12:34 - 00262144 ____A C:\Windows\Minidump\062812-57845-01.dmp
    2012-06-28 11:27 - 2011-06-11 08:33 - 00445818 ____A C:\Windows\DirectX.log
    2012-06-28 11:16 - 2012-06-28 11:16 - 00283816 ____A C:\Windows\Minidump\062812-42978-01.dmp
    2012-06-28 11:13 - 2012-06-28 11:13 - 00283976 ____A C:\Windows\Minidump\062812-37767-01.dmp
    2012-06-27 10:48 - 2012-06-27 10:48 - 00290888 ____A C:\Windows\Minidump\062712-48017-01.dmp
    2012-06-27 08:54 - 2012-06-27 08:53 - 00283816 ____A C:\Windows\Minidump\062712-50606-01.dmp
    2012-06-26 19:53 - 2012-06-26 19:53 - 00262144 ____A C:\Windows\Minidump\062612-42432-01.dmp
    2012-06-26 10:59 - 2012-06-26 10:59 - 00262224 ____A C:\Windows\Minidump\062612-57314-01.dmp
    2012-06-26 10:37 - 2012-06-26 10:36 - 00283600 ____A C:\Windows\Minidump\062612-59015-01.dmp
    2012-06-25 11:13 - 2012-06-25 11:13 - 00900608 ____A C:\Windows\System32\ContentDirectoryPresenter64.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00699904 ____A C:\Windows\SysWOW64\ContentDirectoryPresenter.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00030720 ____A C:\Windows\System32\MediaDB64.dll
    2012-06-25 11:13 - 2012-06-25 11:13 - 00025600 ____A C:\Windows\SysWOW64\MediaDB.dll
    2012-06-25 09:55 - 2012-06-25 09:55 - 00281904 ____A C:\Windows\Minidump\062512-54069-01.dmp
    2012-06-25 09:55 - 2009-07-14 06:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-25 09:50 - 2012-06-25 09:50 - 00283736 ____A C:\Windows\Minidump\062512-57798-01.dmp
    2012-06-24 11:23 - 2012-06-24 11:23 - 00283736 ____A C:\Windows\Minidump\062412-56955-01.dmp
    2012-06-23 12:02 - 2012-06-23 12:02 - 00262144 ____A C:\Windows\Minidump\062312-52556-01.dmp
    2012-06-22 12:56 - 2012-06-22 12:56 - 00290888 ____A C:\Windows\Minidump\062212-43555-01.dmp
    2012-06-22 12:45 - 2012-06-22 12:45 - 00302824 ____A C:\Windows\Minidump\062212-39265-01.dmp
    2012-06-22 12:39 - 2012-06-22 12:39 - 00283816 ____A C:\Windows\Minidump\062212-44382-01.dmp
    2012-06-20 08:49 - 2012-06-20 08:49 - 00288944 ____A C:\Windows\Minidump\062012-44491-01.dmp
    2012-06-20 08:43 - 2012-06-20 08:43 - 00281712 ____A C:\Windows\Minidump\062012-40763-01.dmp
    2012-06-19 11:28 - 2012-06-19 11:28 - 00262144 ____A C:\Windows\Minidump\061912-65442-01.dmp
    2012-06-19 11:22 - 2012-06-19 11:22 - 00284584 ____A C:\Windows\Minidump\061912-62494-01.dmp
    2012-06-18 11:14 - 2012-06-18 11:14 - 00262144 ____A C:\Windows\Minidump\061812-51620-01.dmp
    2012-06-18 11:09 - 2012-06-18 11:09 - 00284344 ____A C:\Windows\Minidump\061812-53586-01.dmp
    2012-06-18 11:05 - 2012-06-18 11:05 - 00262224 ____A C:\Windows\Minidump\061812-54865-01.dmp
    2012-06-17 11:33 - 2012-06-17 11:33 - 00283600 ____A C:\Windows\Minidump\061712-40513-01.dmp
    2012-06-16 15:22 - 2012-06-16 15:22 - 00290056 ____A C:\Windows\Minidump\061612-41043-01.dmp
    2012-06-16 11:53 - 2012-06-16 11:53 - 00262144 ____A C:\Windows\Minidump\061612-68359-01.dmp
    2012-06-15 14:58 - 2012-06-15 14:58 - 00918016 ____A C:\Windows\System32\boost_regex-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00704000 ____A C:\Windows\SysWOW64\boost_regex-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00299520 ____A C:\Windows\System32\boost_serialization-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00227840 ____A C:\Windows\SysWOW64\boost_serialization-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00158720 ____A C:\Windows\System32\boost_filesystem-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00130048 ____A C:\Windows\SysWOW64\boost_filesystem-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00058880 ____A C:\Windows\System32\boost_thread-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00049152 ____A C:\Windows\System32\boost_date_time-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00046592 ____A C:\Windows\SysWOW64\boost_thread-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00038912 ____A C:\Windows\SysWOW64\boost_date_time-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00016896 ____A C:\Windows\System32\boost_system-vc90-mt-1_47.dll
    2012-06-15 14:58 - 2012-06-15 14:58 - 00012800 ____A C:\Windows\SysWOW64\boost_system-vc90-mt-1_47.dll
    2012-06-15 13:37 - 2012-06-15 13:37 - 111164587 ____A C:\Users\Dawid\Desktop\Professor Green - Remedy ft. Ruth Anne.mp4
    2012-06-15 10:44 - 2012-06-15 10:44 - 00262144 ____A C:\Windows\Minidump\061512-48765-01.dmp
    2012-06-14 18:59 - 2009-07-14 05:45 - 00327344 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 13:45 - 2012-06-13 13:45 - 00282896 ____A C:\Windows\Minidump\061312-36020-01.dmp
    2012-06-11 17:34 - 2012-06-11 17:34 - 00262192 ____A C:\Windows\Minidump\061112-38750-01.dmp
    2012-06-10 13:06 - 2012-06-10 13:06 - 00268632 ____A C:\Windows\Minidump\061012-42213-01.dmp
    2012-06-09 09:48 - 2012-06-09 09:48 - 00283656 ____A C:\Windows\Minidump\060912-43805-01.dmp
    2012-06-06 11:02 - 2012-06-06 11:02 - 00283656 ____A C:\Windows\Minidump\060612-61620-01.dmp
    2012-06-04 09:29 - 2011-06-10 16:41 - 00071656 ____A C:\Users\Dawid\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-04 06:12 - 2012-06-04 06:12 - 00262144 ____A C:\Windows\Minidump\060412-30763-01.dmp
    2012-06-03 23:35 - 2012-07-08 22:07 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-03 23:28 - 2011-06-26 08:45 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-03 10:36 - 2012-06-03 10:36 - 00284584 ____A C:\Windows\Minidump\060312-48984-01.dmp
    2012-06-03 10:26 - 2012-06-03 10:26 - 00262192 ____A C:\Windows\Minidump\060312-47268-01.dmp
    2012-06-02 23:19 - 2012-06-21 11:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 23:19 - 2012-06-21 11:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 23:19 - 2012-06-21 11:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 23:19 - 2012-06-21 11:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 23:19 - 2012-06-21 11:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 23:15 - 2012-06-21 11:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 23:15 - 2012-06-21 11:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 21:22 - 2012-06-02 21:22 - 00284344 ____A C:\Windows\Minidump\060212-40513-01.dmp
    2012-06-02 21:05 - 2012-06-02 21:05 - 00284504 ____A C:\Windows\Minidump\060212-38516-01.dmp
    2012-06-02 18:47 - 2012-06-02 18:47 - 00290912 ____A C:\Windows\Minidump\060212-37455-01.dmp
    2012-06-02 15:19 - 2012-06-21 11:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 15:15 - 2012-06-21 11:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 09:08 - 2012-06-02 09:08 - 00262144 ____A C:\Windows\Minidump\060212-44694-01.dmp
    2012-06-01 10:24 - 2012-06-01 10:24 - 00262144 ____A C:\Windows\Minidump\060112-32495-01.dmp
    2012-06-01 10:18 - 2012-06-01 10:18 - 00283416 ____A C:\Windows\Minidump\060112-35115-01.dmp
    2012-06-01 10:15 - 2012-06-01 10:15 - 00283416 ____A C:\Windows\Minidump\060112-35318-01.dmp
    2012-06-01 10:13 - 2012-06-01 10:12 - 00284424 ____A C:\Windows\Minidump\060112-38469-01.dmp
    2012-06-01 10:10 - 2012-06-01 10:10 - 00283360 ____A C:\Windows\Minidump\060112-31980-01.dmp
    2012-06-01 10:08 - 2012-06-01 10:08 - 00000000 ____A C:\Windows\Minidump\060112-34679-01.dmp
    2012-05-31 10:27 - 2012-05-31 10:27 - 00284152 ____A C:\Windows\Minidump\053112-30529-01.dmp
    2012-05-29 10:50 - 2012-05-29 10:50 - 00284424 ____A C:\Windows\Minidump\052912-48313-01.dmp
    2012-05-29 08:38 - 2012-05-23 18:49 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
    2012-05-29 00:01 - 2012-05-29 00:01 - 00262144 ____A C:\Windows\Minidump\052912-47767-01.dmp
    2012-05-23 18:50 - 2012-05-18 14:54 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
    2012-05-23 18:49 - 2012-06-04 09:25 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
    2012-05-23 18:49 - 2012-05-23 18:49 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
    2012-05-23 18:49 - 2012-05-23 18:49 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
    2012-05-21 03:09 - 2012-06-04 09:26 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
    2012-05-21 03:09 - 2012-06-04 09:26 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
    2012-05-18 16:34 - 2012-05-18 16:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-05-18 03:47 - 2012-06-14 00:37 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-18 03:16 - 2012-06-14 00:37 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-18 03:06 - 2012-06-14 00:37 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-18 02:59 - 2012-06-14 00:37 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-18 02:59 - 2012-06-14 00:37 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-18 02:58 - 2012-06-14 00:37 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-18 02:58 - 2012-06-14 00:37 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-18 02:56 - 2012-06-14 00:37 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-18 02:55 - 2012-06-14 00:37 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-18 02:55 - 2012-06-14 00:37 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-18 02:54 - 2012-06-14 00:37 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-18 02:51 - 2012-06-14 00:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-18 02:51 - 2012-06-14 00:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-18 02:47 - 2012-06-14 00:37 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-18 00:11 - 2012-06-14 00:37 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 23:48 - 2012-06-14 00:37 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 23:45 - 2012-06-14 00:37 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 23:36 - 2012-06-14 00:37 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 23:35 - 2012-06-14 00:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 23:35 - 2012-06-14 00:37 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 23:33 - 2012-06-14 00:37 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 23:31 - 2012-06-14 00:37 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 23:29 - 2012-06-14 00:37 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 23:29 - 2012-06-14 00:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 23:27 - 2012-06-14 00:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 23:25 - 2012-06-14 00:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 23:24 - 2012-06-14 00:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 23:20 - 2012-06-14 00:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-16 13:56 - 2012-05-16 13:56 - 00000212 ____A C:\Users\Dawid\Desktop\Test Drive Unlimited 2.url
    2012-05-15 02:32 - 2012-06-13 13:59 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-04 12:06 - 2012-06-13 13:59 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 11:03 - 2012-06-13 13:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 11:03 - 2012-06-13 13:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-01 06:40 - 2012-06-13 13:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 06:32 - 2012-06-13 13:58 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-28 04:55 - 2012-06-13 13:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 11:30 - 2012-04-27 11:30 - 00009681 ____A C:\Users\Dawid\.recently-used.xbel
    2012-04-26 06:41 - 2012-06-13 13:59 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 06:41 - 2012-06-13 13:59 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-26 06:34 - 2012-06-13 13:59 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 06:37 - 2012-06-13 13:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 06:37 - 2012-06-13 13:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 06:37 - 2012-06-13 13:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-24 05:36 - 2012-06-13 13:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-24 05:36 - 2012-06-13 13:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-24 05:36 - 2012-06-13 13:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-19 04:50 - 2012-04-19 04:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys

    ZeroAccess:
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L\00000004.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L\1afb2d56
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L\201d3dde
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\00000004.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\00000008.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\000000cb.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\80000000.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\80000032.@
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U\80000064.@

    ZeroAccess:
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\@
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\L
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 4094.49 MB
    Available physical RAM: 3436.01 MB
    Total Pagefile: 4092.64 MB
    Available Pagefile: 3428.51 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:74.52 GB) (Free:17.13 GB) NTFS
    4 Drive f: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    9 Drive y: (SWA) (Fixed) (Total:931.51 GB) (Free:716.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Nr dysku Stan Rozmiar Wolne Dyn GPT
    -------- ------------- ------- ------- --- ---
    Dysk 0 Online 931 GB 0 B
    Dysk 1 Online 74 GB 8 MB
    Dysk 2 Online 1946 MB 0 B
    Dysk 3 Brak no˜nika 0 B 0 B
    Dysk 4 Brak no˜nika 0 B 0 B
    Dysk 5 Brak no˜nika 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partycja ### Typ Rozmiar Przesunięcie
    ------------- ---------------- ------- ------------
    Partycja 1 Podstawowy 931 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partycja 1
    Typ : 07
    Ukryta : Nie
    Aktywna : Tak
    Przesunięcie w bajtach: 1048576

    Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Wolumin 1 Y SWA NTFS Partycja 931 GB Zdrowy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partycja ### Typ Rozmiar Przesunięcie
    ------------- ---------------- ------- ------------
    Partycja 1 Podstawowy 74 GB 31 KB

    ==================================================================================

    Disk: 1
    Partycja 1
    Typ : 07
    Ukryta : Nie
    Aktywna : Tak
    Przesunięcie w bajtach: 32256

    Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Wolumin 2 C NTFS Partycja 74 GB Zdrowy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partycja ### Typ Rozmiar Przesunięcie
    ------------- ---------------- ------- ------------
    Partycja 1 Podstawowy 1945 MB 123 KB

    ==================================================================================

    Disk: 2
    Partycja 1
    Typ : 06
    Ukryta : Nie
    Aktywna : Nie
    Przesunięcie w bajtach: 126464

    Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Wolumin 3 F FAT Wymienny 1945 MB Zdrowy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-08 10:14

    ======================= End Of Log ==========================

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,


    1.
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e}
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



    2.
    We need to find a replacement file on your system

    Please do the following:

    • boot into System Recovery Options and run FRST64.
    • Type the following in the edit box after "Search:" so it looks like this:

      Search: services.exe


    Click Search button and post the log it makes to your reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    Member
    Join Date
    Jul 2012
    Posts
    13
    Points
    0

    Default

    Here are the two logs requested:
    Farbar Recovery Scan Tool Version: 11-07-2012
    Ran by SYSTEM at 2012-07-13 13:16:25
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
    Ran by SYSTEM at 2012-07-13 13:15:37 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{ee68bc83-a541-8a7f-62ce-b0d6656b415e} moved successfully.
    C:\Users\Dawid\AppData\Local\{ee68bc83-a541-8a7f-62ce-b0d6656b415e} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    ==== End of Fixlog ====

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe  C:\Windows\System32\services.exe
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 3 123 LastLast