As we all say here - when in doubt, always ask. So here's my question
When doing some research for my PL I found a GMER raport with some intereting entries. Curiosity is always strong in me, thus I decided to make a GMER scanning on my own netbook and check how would my output look like.
And curiosity killed the cat, of course
Found an entry stating that MBR code on my machine is unknown.
Of course my next step was downloading mbr.exe just to be sure.
MBR said my mbr is ok
Frankly speaking, I just want to confirm this
Take a look at my GMER raport:
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-04 18:08:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO 232,89GB
Running: u1rbbmow.exe; Driver: C:\Users\Na'athim\AppData\Local\Temp\fxrdqpow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E749F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EAE1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, 0C, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, 0F, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, 0C, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, 0D, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, 0E, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, 0D, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, 0E, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, 0C, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, 0D, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, 0E, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, 0F, 5C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4744] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, E4, 73, 00] {SUB AH, AH; JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, E7, 73, 00] {SUB BH, AH; JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, E4, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, E5, 73, 00] {TEST AL, 0xe5; JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, E6, 73, 00] {TEST AL, 0xe6; JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, E5, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, E6, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, E4, 73, 00] {TEST AL, 0xe4; JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, E5, 73, 00] {SUB CH, AH; JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, E6, 73, 00] {SUB DH, AH; JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, E7, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, 40, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, 43, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, 40, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, 41, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, 42, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, 41, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, 42, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, 40, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, 41, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, 42, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, 43, 40, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5380] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, 2C, 8C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, 2F, 8C, 00] {SUB [EDI], CH; MOV [EAX], ES}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, 2C, 8C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, 2D, 8C, 00] {TEST AL, 0x2d; MOV [EAX], ES}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, 2E, 8C, 00] {TEST AL, 0x2e; MOV [EAX], ES}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, 2D, 8C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, 2E, 8C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, 2C, 8C, 00] {TEST AL, 0x2c; MOV [EAX], ES}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, 2D, 8C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, 2E, 8C, 00] {SUB [ESI], CH; MOV [EAX], ES}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, 2F, 8C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, B0, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, B3, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, B0, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, B1, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, B2, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, B1, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, B2, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, B0, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, B1, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, B2, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, B3, 9C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5644] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtCreateFile + 6 773D55CE 4 Bytes [28, 3C, B6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtCreateFile + B 773D55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtMapViewOfSection + 6 773D5C2E 4 Bytes [28, 3F, B6, 00] {SUB [EDI], BH; MOV DH, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtMapViewOfSection + B 773D5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenFile + 6 773D5CDE 4 Bytes [68, 3C, B6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenFile + B 773D5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcess + 6 773D5D8E 4 Bytes [A8, 3D, B6, 00] {TEST AL, 0x3d; MOV DH, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcess + B 773D5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessToken + B 773D5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessTokenEx + 6 773D5DAE 4 Bytes [A8, 3E, B6, 00] {TEST AL, 0x3e; MOV DH, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessTokenEx + B 773D5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThread + 6 773D5E0E 4 Bytes [68, 3D, B6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThread + B 773D5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadToken + 6 773D5E1E 4 Bytes [68, 3E, B6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadToken + B 773D5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadTokenEx + B 773D5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryAttributesFile + 6 773D5F3E 4 Bytes [A8, 3C, B6, 00] {TEST AL, 0x3c; MOV DH, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryAttributesFile + B 773D5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryFullAttributesFile + B 773D5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationFile + 6 773D663E 4 Bytes [28, 3D, B6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationFile + B 773D6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationThread + 6 773D669E 4 Bytes [28, 3E, B6, 00] {SUB [ESI], BH; MOV DH, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationThread + B 773D66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtUnmapViewOfSection + 6 773D69BE 4 Bytes [68, 3F, B6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtUnmapViewOfSection + B 773D69C3 1 Byte [E2]
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\00000071 bthport.sys
Device \Driver\BTHUSB \Device\00000073 bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde6a7914
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f8b0669
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}@LeaseObtainedTime 1375624234
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}@T1 1375626034
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}@T2 1375627384
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}@LeaseTerminatesTime 1375627834
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde6a7914 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f8b0669 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Files - GMER 2.1 ----
File C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003761 28037 bytes
File C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003762 0 bytes
File C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003763 0 bytes
---- EOF - GMER 2.1 ----
And my MBR.exe raport:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_ rev.ESBO -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Of course also OTL file:
OTL logfile created on: 8/4/2013 6:10:26 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Na'athim\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1013.30 Mb Total Physical Memory | 56.53 Mb Available Physical Memory | 5.58% Memory free
2.19 Gb Paging File | 0.40 Gb Available in Paging File | 18.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.00 Gb Total Space | 32.87 Gb Free Space | 53.01% Space Free | Partition Type: NTFS
Drive D: | 153.76 Gb Total Space | 150.43 Gb Free Space | 97.84% Space Free | Partition Type: NTFS
Computer Name: NAATHIM | User Name: Na'athim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/25 02:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/07/18 16:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Na'athim\Desktop\OTL.exe
PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Na'athim\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/06 19:13:23 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/07/06 19:13:22 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2011/05/18 08:22:53 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2011/02/07 11:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011/01/04 15:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
PRC - [2010/12/23 08:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/11/29 18:31:22 | 001,418,592 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2010/11/29 07:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/17 10:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/11/13 00:24:08 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/11/13 00:24:06 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/11/10 01:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/10/22 18:07:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/08/27 03:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/05 07:16:04 | 002,208,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
PRC - [2010/05/11 15:58:04 | 000,247,352 | ---- | M] (HP) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
========== Modules (No Company Name) ==========
MOD - [2013/07/25 02:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/25 02:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/25 02:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/25 02:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/25 02:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Na'athim\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Na'athim\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/07/06 19:13:24 | 000,331,592 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dhr.dll
MOD - [2011/07/06 19:13:23 | 000,183,624 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dcf.dll
MOD - [2011/07/06 19:13:23 | 000,102,728 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\drs.dll
MOD - [2011/07/06 19:13:23 | 000,029,000 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dut.dll
MOD - [2011/07/06 19:13:23 | 000,021,832 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dxm.dll
MOD - [2010/07/05 12:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
========== Services (SafeList) ==========
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/06 19:13:26 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2011/07/06 19:13:22 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2011/05/18 08:22:53 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2010/10/22 18:07:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/08/09 21:04:04 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010/05/11 15:58:04 | 000,247,352 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Na'athim\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - [2013/08/04 16:10:52 | 000,103,680 | ---- | M] (GMER) [Kernel | On_Demand | Running] -- C:\fxrdqpow.sys -- (fxrdqpow)
DRV - [2011/07/06 19:13:28 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/07/06 19:13:28 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2011/05/05 09:00:02 | 000,015,656 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2011/02/11 10:16:42 | 000,050,176 | ---- | M] (Samsung) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\samsung_hspa_datacard_dc_enum.sys -- (samsung_hspa_datacard_dc_enum)
DRV - [2011/02/11 10:16:42 | 000,046,592 | ---- | M] (Samsung) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\samsung_hspa_datacard_cdc_ecm.sys -- (samsung_hspa_datacard_cdc_ecm)
DRV - [2011/02/11 10:16:42 | 000,042,496 | ---- | M] (Samsung) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\samsung_hspa_datacard_cdc_acm.sys -- (samsung_hspa_datacard_cdc_acm)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/10 01:04:14 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2669151935-2958107513-993041615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-2669151935-2958107513-993041615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2669151935-2958107513-993041615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2669151935-2958107513-993041615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-2669151935-2958107513-993041615-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2669151935-2958107513-993041615-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2669151935-2958107513-993041615-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 19:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/23 20:59:50 | 000,000,000 | ---D | M]
[2012/10/24 21:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Na'athim\AppData\Roaming\mozilla\Extensions
[2012/10/24 21:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Na'athim\AppData\Roaming\mozilla\Firefox\Profiles\ixt07doi.default\extensions
[2011/07/06 19:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 02:54:19 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2010/06/12 02:54:19 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010/06/12 02:54:19 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010/06/12 02:54:19 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010/06/12 02:54:19 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010/06/12 02:54:19 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Na'athim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Na'athim\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google Translate = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_1\
CHR - Extension: Dysk Google = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Turn Off the Lights = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.12_1\
CHR - Extension: Turn Off the Lights = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.20_0\
CHR - Extension: QRreader beta = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic\0.4_0\
CHR - Extension: WOT = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0\
CHR - Extension: Adblock Plus = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0\
CHR - Extension: Mailto: for Gmail\u2122 = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn\2.4_1\
CHR - Extension: Google+ = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: Gmail offline = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Kalendarz Google = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: PanicButton = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_1\
CHR - Extension: MagicScroll eBook Reader = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: AdBlock = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
CHR - Extension: FlashBlock = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_1\
CHR - Extension: Calc SS3 = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicfbobganffbpdodmdcbcpblomkbeoa\0.9.98_0\
CHR - Extension: Dropbox = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.6_0\
CHR - Extension: Trash Can = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdjgdkojiakdhlhfcaohpfgjgemcegi\0.1_1\
CHR - Extension: Zoho Writer = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeidloagadfcohacebhbkkapgpiddj\1.3.1_1\
CHR - Extension: Malware Search = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgleioieeffejophokeklefchfglgmnk\0.1.2_0\
CHR - Extension: Brudnopis = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\4.0_1\
CHR - Extension: Mapy Google = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_1\
CHR - Extension: Google Mail Multi-Account Checker = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp\2.0.24_0\
CHR - Extension: Turkish Flag Theme = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\meepdekdobmlffgknnpdegfhgpgccnjc\0.2_0\
CHR - Extension: Sprawdzanie poczty Google = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_1\
CHR - Extension: Rozszerzenie Subskrypcje RSS (od Google) = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_1\
CHR - Extension: Przegl\u0105darka dokument\u00F3w PDF/PowerPoint (od Google) = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_1\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Na'athim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Na'athim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Na'athim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EFA1E6C-4B24-4E21-87E5-353A1AAF3450}: DhcpNameServer = 62.21.99.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC1E8A60-A90F-4369-9D91-D1845470D9A6}: NameServer = 217.116.104.104 217.116.100.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEB55669-9550-4ABD-8509-30E34EBD26D3}: DhcpNameServer = 192.168.1.1 62.179.1.62 62.179.1.63
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/08/04 16:10:52 | 000,103,680 | ---- | C] (GMER) -- C:\fxrdqpow.sys
[2013/07/29 11:40:00 | 000,000,000 | ---D | C] -- C:\Users\Na'athim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pawsoft
[2013/07/29 11:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pawsoft
[2013/07/29 11:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pawsoft
[2013/07/29 11:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\AzTools
[2013/07/29 09:31:08 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/07/29 09:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/07/27 09:34:04 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/07/27 09:33:59 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/07/27 09:33:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/07/27 09:33:57 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/07/27 09:33:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/07/27 09:33:52 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/07/27 09:33:52 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/07/27 09:33:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/07/27 09:33:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/07/27 09:33:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/07/27 09:31:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2013/07/18 17:23:56 | 000,000,000 | ---D | C] -- C:\Users\Na'athim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vanBasco's Karaoke Player
[2013/07/18 17:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\vanBasco's Karaoke Player
[2013/07/18 16:29:56 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/07/18 16:29:52 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2013/07/18 16:29:50 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2013/07/18 16:29:47 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/07/18 16:16:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Na'athim\Desktop\OTL.exe
========== Files - Modified Within 30 Days ==========
[2013/08/04 17:45:04 | 000,001,040 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/04 16:45:05 | 000,001,036 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/04 16:35:15 | 000,089,088 | ---- | M] () -- C:\Users\Na'athim\Desktop\mbr.exe
[2013/08/04 16:10:52 | 000,103,680 | ---- | M] (GMER) -- C:\fxrdqpow.sys
[2013/08/04 16:09:14 | 000,377,856 | ---- | M] () -- C:\Users\Na'athim\Desktop\u1rbbmow.exe
[2013/08/04 14:22:14 | 000,016,752 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/04 14:22:14 | 000,016,752 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/04 14:20:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/03 10:02:09 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/02 14:38:49 | 000,015,828 | ---- | M] () -- C:\Users\Na'athim\Desktop\weekend_52397.gif
[2013/08/02 11:57:30 | 000,687,828 | ---- | M] () -- C:\windows\System32\perfh015.dat
[2013/08/02 11:57:30 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/08/02 11:57:30 | 000,131,382 | ---- | M] () -- C:\windows\System32\perfc015.dat
[2013/08/02 11:57:30 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/27 11:20:45 | 000,266,376 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/07/18 16:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Na'athim\Desktop\OTL.exe
========== Files Created - No Company Name ==========
[2013/08/04 16:34:51 | 000,089,088 | ---- | C] () -- C:\Users\Na'athim\Desktop\mbr.exe
[2013/08/04 16:08:51 | 000,377,856 | ---- | C] () -- C:\Users\Na'athim\Desktop\u1rbbmow.exe
[2013/08/02 14:37:39 | 000,015,828 | ---- | C] () -- C:\Users\Na'athim\Desktop\weekend_52397.gif
[2012/10/03 10:48:45 | 001,167,360 | ---- | C] () -- C:\windows\System32\HPM1210SM.exe
[2012/10/03 10:48:43 | 000,167,936 | ---- | C] () -- C:\windows\System32\HPM1210LM.DLL
[2012/10/03 10:41:47 | 000,284,672 | ---- | C] () -- C:\windows\System32\mvhlewsi.DLL
[2012/10/03 10:39:10 | 000,167,936 | ---- | C] () -- C:\windows\System32\m1210wia.dll
[2012/10/03 10:39:05 | 000,176,128 | ---- | C] () -- C:\windows\System32\m1210nwia.dll
[2012/10/03 10:37:35 | 000,049,152 | ---- | C] () -- C:\windows\System32\HPM1210SMs.dll
[2012/09/25 18:50:00 | 000,000,000 | ---- | C] () -- C:\Users\Na'athim\AppData\Local\{96BA877B-4BD3-4F14-8EB3-E4369E6DA239}
[2012/08/28 10:04:34 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2012/08/28 10:04:34 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2012/08/28 10:04:34 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2012/08/28 10:04:32 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011/07/06 18:57:37 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/05/13 01:34:52 | 000,000,000 | ---D | M] -- C:\Users\Na'athim\AppData\Roaming\calibre
[2013/07/29 10:37:32 | 000,000,000 | ---D | M] -- C:\Users\Na'athim\AppData\Roaming\Dev-Cpp
[2013/08/04 14:20:02 | 000,000,000 | ---D | M] -- C:\Users\Na'athim\AppData\Roaming\Dropbox
[2013/07/27 10:24:30 | 000,000,000 | ---D | M] -- C:\Users\Na'athim\AppData\Roaming\Samsung
[2013/05/31 17:26:41 | 000,000,000 | ---D | M] -- C:\Users\Na'athim\AppData\Roaming\TeamViewer
========== Purity Check ==========
< End of report >
Extras.txt
OTL Extras logfile created on: 8/4/2013 6:10:26 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Na'athim\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1013.30 Mb Total Physical Memory | 56.53 Mb Available Physical Memory | 5.58% Memory free
2.19 Gb Paging File | 0.40 Gb Available in Paging File | 18.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.00 Gb Total Space | 32.87 Gb Free Space | 53.01% Space Free | Partition Type: NTFS
Drive D: | 153.76 Gb Total Space | 150.43 Gb Free Space | 97.84% Space Free | Partition Type: NTFS
Computer Name: NAATHIM | User Name: Na'athim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2669151935-2958107513-993041615-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B0AA014-F293-42F4-A25E-AD3E2101B72C}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{8BFFD20C-1CD9-4C0D-8C24-0C5255281E98}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{921C38D7-7CBC-435F-B853-8A37703DA1EF}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B7DC78-CD4C-468E-89B3-5F4690EB66C4}" = protocol=17 | dir=in | app=c:\users\na'athim\appdata\local\temp\7zs7c81\easyinst.exe |
"{21075678-FCB4-45D7-BBC3-ADAD00B1305D}" = protocol=6 | dir=in | app=c:\users\na'athim\appdata\local\temp\7zs7c81\easyinst.exe |
"{33AB8F53-EBEE-4B85-A8F7-0025BE43E748}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung universal scan driver\usdagent.exe |
"{3BC2CE60-E098-4AB6-8307-2CF7EAEBED68}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung universal scan driver\iccupdater.exe |
"{40BEDBA0-FFA0-494C-A95E-D4ABC0665DC6}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung universal scan driver\usdagent.exe |
"{40EDF650-2260-483D-99D0-9DB3ADBD6075}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung universal scan driver\iccupdater.exe |
"{45DB51CC-C1CB-4D69-BA49-B113C061A10C}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{60B5E17E-0DAD-45A6-87AB-FADCC91E0A78}" = protocol=6 | dir=in | app=c:\users\na'athim\appdata\roaming\dropbox\bin\dropbox.exe |
"{7A37EE2F-BB93-427F-AB1D-9CF271874C41}" = protocol=17 | dir=in | app=c:\users\na'athim\appdata\roaming\dropbox\bin\dropbox.exe |
"{861DB1FE-F546-4FBB-93C9-69E4376B4AEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9435507A-7DB2-4DCA-82F4-E4191521B981}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{BAD23220-24DB-474B-A782-1E84F4C1D413}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{BB518998-8696-48AF-8D14-98031BC29901}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"TCP Query User{B36563B0-974F-4ADF-845F-69DC3A79D006}C:\users\na'athim\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\na'athim\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{264E87D4-3C34-4B86-836D-5E12E64741A6}C:\users\na'athim\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\na'athim\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2998191E-A35E-47E2-BE38-7702C731D722}" = SRS Premium Sound Control Panel
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5D409C50-57A2-4EEF-846B-11B66E3E7B56}" = Samsung HSPA DataCard CD and SS 5.36.9704
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{6C016AC4-0282-4C82-B12F-3D5910DA7319}" = Samsung AnyWeb Print
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92BF2245-BE42-486E-A1CF-DBABCD4F0C43}" = Connection Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}" = Easy Resolution Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Polish
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{D9A3B393-72E7-44FD-B4B4-A463A0C2CC0F}" = calibre
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{FA3AFC80-05A5-45A6-BD6E-92641BF93129}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"Blueline_is1" = Blueline 1.1.1
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-X86 8.0.7.2_WHQL
"Fass" = Pawsoft Fass
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.06" = GPL Ghostscript
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"Immunet Protect" = Immunet Protect
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{92BF2245-BE42-486E-A1CF-DBABCD4F0C43}" = Connection Manager
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"R for Windows 2.15.2_is1" = R for Windows 2.15.2
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"VMidi" = vanBasco's Karaoke Player
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2669151935-2958107513-993041615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/13/2013 5:30:08 PM | Computer Name = Naathim | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
Error - 3/26/2013 5:05:07 AM | Computer Name = Naathim | Source = ESENT | ID = 215
Description = WinMail (4012) WindowsMail0: Tworzenie kopii zapasowej zostało zatrzymane,
ponieważ zostało przerwane przez klienta lub nie można nawiązać połączenia z klientem.
Error - 3/29/2013 3:17:18 AM | Computer Name = Naathim | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: googledrivesync.exe, wersja: 1.8.4357.4863,
sygnatura czasowa: 0x509418e4 Nazwa modułu powodującego błąd: pyexpat.pyd, wersja:
0.0.0.0, sygnatura czasowa: 0x511a6733 Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x00011140 Identyfikator procesu powodującego błąd: 0x1338 Godzina uruchomienia aplikacji
powodującej błąd: 0x01ce2a014e66524a Ścieżka aplikacji powodującej błąd: C:\Program
Files\Google\Drive\googledrivesync.exe Ścieżka modułu powodującego błąd: C:\Users\Na'athim\AppData\Local\Temp\_MEI34242\pyexpat.pyd
Identyfikator
raportu: aff63742-9840-11e2-8c51-b4749f8b0669
Error - 4/3/2013 12:32:22 PM | Computer Name = Naathim | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\2XL
Games\2XL Trophylite Rally\data\geo\UIElementID.exe". Nie można odnaleźć zestawu
zależnego Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
Error - 4/3/2013 12:34:15 PM | Computer Name = Naathim | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Nie można odnaleźć zestawu zależnego
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
Error - 4/3/2013 12:34:18 PM | Computer Name = Naathim | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
Error - 4/3/2013 12:36:20 PM | Computer Name = Naathim | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
Error - 4/3/2013 12:44:08 PM | Computer Name = Naathim | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
Error - 4/3/2013 12:45:57 PM | Computer Name = Naathim | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
Error - 4/3/2013 12:45:59 PM | Computer Name = Naathim | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
[ System Events ]
Error - 5/23/2013 2:40:17 PM | Computer Name = Naathim | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 5/23/2013 4:05:32 PM | Computer Name = Naathim | Source = DCOM | ID = 10010
Description =
Error - 5/24/2013 1:43:24 AM | Computer Name = Naathim | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 5/27/2013 9:56:10 AM | Computer Name = Naathim | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi ShellHWDetection.
Error - 5/31/2013 1:49:53 AM | Computer Name = Naathim | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi ShellHWDetection.
Error - 5/31/2013 1:52:18 AM | Computer Name = Naathim | Source = DCOM | ID = 10010
Description =
Error - 5/31/2013 1:53:54 AM | Computer Name = Naathim | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom
Error - 5/31/2013 9:16:29 AM | Computer Name = Naathim | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi ShellHWDetection.
Error - 5/31/2013 9:44:55 AM | Computer Name = Naathim | Source = NetBT | ID = 4307
Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia
adresów początkowych.
Error - 6/4/2013 1:52:00 AM | Computer Name = Naathim | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi ShellHWDetection.
< End of report >