x-kom hosting

Wyłączający sie dźwięk w komputerze

Kafar0z0
utworzono
utworzono

Witam.

Nie dawno kupiłem nowy komputer. I od tamtego czasu podczas pracy komputera wyłącza mi sie dźwięk tak sam od siebie, a dzieje sie to podczas grania, ogladania filmów, słuchania muzyki czy nawet gdy komputer jest właczony ale nic na nim nie robię. Aby miec spowrotem dźwięk musze wyłączyc i włączyc ponownie komputer. Mam najnowszy sterownik od dźwięku i dalej sie tak robi.

Z góry dziękuje za pomoc :)


Odesłano mnie tutaj z logami z OTL z podejźeniem infekcji svchost.exe :)


[log]OTL Extras logfile created on: 2010-06-20 15:21:05 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\AD\Desktop\Pobieranie
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,95 Gb Total Space | 244,25 Gb Free Space | 53,22% Space Free | Partition Type: NTFS
Drive D: | 459,46 Gb Total Space | 424,69 Gb Free Space | 92,43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AD-KOMPUTER
Current User Name: AD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color="#e56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#e56717"]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color="#e56717"]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#e56717"]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color="#e56717"]========== Authorized Applications List ==========[/color]


[color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"NVIDIA Drivers" = NVIDIA Drivers
"SpeedTouch 330" = SpeedTouch 330
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = Archiwizator WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170415-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{0638268c-b727-4f78-a92b-a4f68176e670}" = Nero 9 Essentials
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3514C22B-C3A9-41C6-A818-FAEF474CA879}_is1" = ALLConverter to iPhone
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85DAE0C8-B3BB-11D8-88E4-0004769F25D1}" = SpellForce - Zakon Świtu
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{92C0EEE0-EA16-4B95-84B6-A060B589081B}" = Disciples II - Bunt Elfów
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer
"{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALLConverter to 3GP_is1" = ALLConverter to 3GP
"ALLConverter to PSP_is1" = ALLConverter to PSP
"ALLPlayer_is1" = ALLPlayer V4.X
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Explorer - Contraband Mystery" = Explorer: Contraband Mystery
"BFG-Flux Family Secrets - The Rabbit Hole Collectors Edition" = Flux Family Secrets: The Rabbit Hole Collector's Edition
"BitTorrent" = BitTorrent
"Company of Heroes" = Company of Heroes
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Flower Paradise" = Flower Paradise (remove only)
"Gadu-Gadu 10" = Gadu-Gadu 10
"Herod's Lost Tomb_is1" = Herod's Lost Tomb
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"ipla" = ipla 2.1.2
"iWinArcade" = iWin Games (remove only)
"Lost Lagoon: The Trail of Destiny" = Lost Lagoon: The Trail of Destiny (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Neverwinter Nights - Kingmaker" = BioWare Premium Module: Neverwinter Nights - Kingmaker
"Neverwinter Nights - ShadowGuard" = BioWare Premium Module: Neverwinter Nights - ShadowGuard
"Neverwinter Nights - Witch's Wake" = BioWare Premium Module: Neverwinter Nights - Witch's Wake
"PowerISO" = PowerISO
"Rainbow Web 2_is1" = Rainbow Web 2
"RealPlayer 12.0" = RealPlayer
"Season Match 2_is1" = Season Match 2
"Season Match_is1" = Season Match
"SpeedFan" = SpeedFan (remove only)
"Spreng- und Abriss-Simulator" = Spreng- und Abriss-Simulator
"SubEdit-Player_is1" = SubEdit-Player
"Web Games Player Plugin" = Web Games Player Plugin
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"ZOODomino_is1" = ZOODomino

[color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color="#e56717"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-06-11 14:39:30 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2010-06-12 00:31:36 | Computer Name = AD-Komputer | Source = RasClient | ID = 20227
Description =

Error - 2010-06-12 00:32:07 | Computer Name = AD-Komputer | Source = RasClient | ID = 20227
Description =

Error - 2010-06-12 09:36:54 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2010-06-13 04:31:11 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2010-06-13 05:54:43 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2010-06-13 14:12:42 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb
Identyfikator
procesu powodującego błąd: 0x1158 Godzina uruchomienia aplikacji powodującej błąd:
0x01cb0b204549107b Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe
Ścieżka
modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu:
41db1e33-7717-11df-9fac-00016c70cb92

Error - 2010-06-13 14:20:48 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb
Identyfikator
procesu powodującego błąd: 0xe94 Godzina uruchomienia aplikacji powodującej błąd:
0x01cb0b25168b1357 Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe
Ścieżka
modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu:
636c9251-7718-11df-9fac-00016c70cb92

Error - 2010-06-13 14:35:08 | Computer Name = AD-Komputer | Source = Application Hang | ID = 1002
Description = Program BF1942.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: f20 Godzina rozpoczęcia: 01cb0b2666e58855 Godzina zakończenia:
92 Ścieżka aplikacji: d:\battlefield 1942\BF1942.exe Identyfikator raportu:

Error - 2010-06-13 14:35:45 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb
Identyfikator
procesu powodującego błąd: 0xf30 Godzina uruchomienia aplikacji powodującej błąd:
0x01cb0b272fd760f0 Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe
Ścieżka
modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu:
7a416e0a-771a-11df-9fac-00016c70cb92

[ System Events ]
Error - 2010-04-22 07:39:22 | Computer Name = AD-Komputer | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 13:37:33 na ?2010-?04-?22 było
nieoczekiwane.

Error - 2010-04-22 07:39:16 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.

Error - 2010-04-22 07:39:28 | Computer Name = AD-Komputer | Source = BugCheck | ID = 1001
Description =

Error - 2010-04-22 07:39:33 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

Error - 2010-04-22 08:54:39 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.

Error - 2010-04-22 08:54:54 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

Error - 2010-04-22 11:25:14 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.

Error - 2010-04-22 11:25:27 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

Error - 2010-04-22 12:29:11 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.

Error - 2010-04-22 12:29:25 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01


< End of report >[/log]
[color="#ff0000"]
//przenoszę do subforum Logi do sprawdzenia
//raaz[/color]

Tomek01
komentarz
komentarz

Załącz drugi log OTL.

Kafar0z0
komentarz
komentarz

[log]OTL logfile created on: 2010-06-20 15:21:05 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\AD\Desktop\Pobieranie
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,95 Gb Total Space | 244,25 Gb Free Space | 53,22% Space Free | Partition Type: NTFS
Drive D: | 459,46 Gb Total Space | 424,69 Gb Free Space | 92,43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AD-KOMPUTER
Current User Name: AD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color="#e56717"]========== Processes (SafeList) ==========[/color]

PRC - [2010-06-20 15:15:22 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\AD\Desktop\Pobieranie\OTL.exe
PRC - [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010-06-19 11:03:53 | 000,184,928 | ---- | M] (NHN Corporation) -- C:\Program Files (x86)\ijji\ijji REACTOR\REACTOR.exe
PRC - [2010-05-28 02:08:46 | 003,493,264 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-05-04 16:05:48 | 011,981,408 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
PRC - [2010-04-14 16:16:16 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010-04-02 11:40:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-03-22 07:36:29 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010-03-12 17:47:18 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-03-05 17:14:41 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files (x86)\Thomson\ST330\service\st330service.exe
PRC - [2010-03-05 17:14:38 | 000,557,149 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe
PRC - [2010-02-02 23:45:50 | 014,252,952 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files (x86)\ipla\ipla.exe
PRC - [2009-11-25 15:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009-11-09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-13 00:44:29 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-09-29 12:31:58 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009-09-29 11:51:14 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009-09-10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009-08-28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009-08-18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009-08-13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009-08-12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009-08-04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009-06-05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-06-05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe


[color="#e56717"]========== Modules (SafeList) ==========[/color]

MOD - [2010-06-20 15:15:22 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\AD\Desktop\Pobieranie\OTL.exe
MOD - [2010-05-28 02:09:04 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\xfire_toucan_42784.dll
MOD - [2009-09-29 12:32:24 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
MOD - [2009-07-14 03:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009-07-14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll


[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2010-06-09 19:21:43 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:[b]64bit:[/b] - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:[b]64bit:[/b] - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-05-03 23:12:00 | 003,584,240 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010-04-14 16:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010-03-12 17:47:18 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-05 17:14:41 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files (x86)\Thomson\ST330\service\st330service.exe -- (st330service)
SRV - [2009-09-10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009-08-28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009-08-25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-08-13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009-06-05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®


[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2010-05-06 22:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2010-05-06 22:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2010-05-06 22:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2010-05-06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2010-05-06 22:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2010-03-13 10:32:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010-03-03 14:08:17 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp)
DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH)
DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:[b]64bit:[/b] - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:[b]64bit:[/b] - [2009-11-09 05:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:[b]64bit:[/b] - [2009-11-04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:[b]64bit:[/b] - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:[b]64bit:[/b] - [2009-09-23 11:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:[b]64bit:[/b] - [2009-08-24 15:07:52 | 001,622,528 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:[b]64bit:[/b] - [2009-07-18 07:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:[b]64bit:[/b] - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:[b]64bit:[/b] - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:[b]64bit:[/b] - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:[b]64bit:[/b] - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:[b]64bit:[/b] - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:[b]64bit:[/b] - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:[b]64bit:[/b] - [2009-07-14 02:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:[b]64bit:[/b] - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:[b]64bit:[/b] - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:[b]64bit:[/b] - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:[b]64bit:[/b] - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:[b]64bit:[/b] - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:[b]64bit:[/b] - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:[b]64bit:[/b] - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:[b]64bit:[/b] - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:[b]64bit:[/b] - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:[b]64bit:[/b] - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:[b]64bit:[/b] - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:[b]64bit:[/b] - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:[b]64bit:[/b] - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:[b]64bit:[/b] - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:[b]64bit:[/b] - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:[b]64bit:[/b] - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:[b]64bit:[/b] - [2009-07-13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009-06-26 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2009-06-20 00:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-06-05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2009-05-06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2009-05-06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009-06-10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009-06-10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009-06-02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys -- (mwlPSDVDisk)
DRV - [2009-06-02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2009-06-02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys -- (mwlPSDNServ)
DRV - [2009-04-06 09:08:04 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2007-02-07 20:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2003-10-10 16:06:26 | 000,062,720 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003-10-10 15:06:24 | 000,052,128 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003-09-06 14:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#e56717"]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://alawar.pl"]http://alawar.pl[/url]
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url]
IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://alawar.pl"]http://alawar.pl[/url]
IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.2.119
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010-03-07 00:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-06-19 11:03:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-06-19 11:03:16 | 000,000,000 | ---D | M]

[2010-03-05 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Extensions
[2010-06-20 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions
[2010-05-14 20:48:55 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010-03-05 18:44:19 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010-04-08 08:12:34 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\DTToolbar@toolbarnet.com
[2010-03-11 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com
[2010-02-04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\askcom.xml
[2010-04-21 12:06:36 | 000,000,917 | ---- | M] () -- C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\conduit.xml
[2010-06-07 14:08:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010-06-07 14:08:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-07 14:08:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-03-30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009-07-02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:[b]64bit:[/b] - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:[b]64bit:[/b] - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:[b]64bit:[/b] - HKLM..\Run: [diagnostics] C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe (THOMSON Telecom Belgium)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [PLD_FrameworkRun] C:\Windows\SysNative\oem\setEvent.exe File not found
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-06-20 12:50:02 | 000,362,656 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarterCore.exe
[2010-06-20 12:50:02 | 000,051,360 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Kor.dll
[2010-06-20 12:50:02 | 000,051,360 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Eng.dll
[2010-06-20 12:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN
[2010-06-20 09:34:51 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Local\PMB Files
[2010-06-20 09:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010-06-20 09:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010-06-20 07:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010-06-19 21:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010-06-19 12:33:45 | 003,584,240 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010-06-19 12:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010-06-19 11:03:17 | 000,427,008 | ---- | C] (True Games Interactive) -- C:\Windows\SysWow64\uc_wepic_launching.dll
[2010-06-19 11:03:17 | 000,208,384 | ---- | C] (<YNK Intractive>) -- C:\Windows\SysWow64\uc_rohan_launching.dll
[2010-06-19 11:03:17 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll
[2010-06-19 11:03:17 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_sfighters_launching.dll
[2010-06-19 11:03:17 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_luminary_launching.dll
[2010-06-19 11:03:16 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe
[2010-06-19 11:03:16 | 000,086,624 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\ijjiChannelingPlugin.dll
[2010-06-19 11:03:16 | 000,075,264 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_holybeast_launching.dll
[2010-06-19 11:03:16 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe
[2010-06-19 11:03:16 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_atlantica_launching.dll
[2010-06-19 11:03:16 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\Windows\SysWow64\ijjiPlugin2.dll
[2010-06-19 11:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji
[2010-06-15 12:23:41 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Roaming\Skunk Studios
[2010-06-15 12:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Explorer - Contraband Mystery
[2010-06-15 12:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flux Family Secrets - The Rabbit Hole Collectors Edition
[2010-06-13 02:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2010-06-12 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Roaming\PlayFirst
[2010-06-11 21:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar
[2010-06-11 08:01:25 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010-06-11 08:01:25 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010-06-11 08:01:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010-06-11 08:01:24 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010-06-11 08:01:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010-06-11 08:01:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010-06-11 08:01:24 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010-06-11 08:01:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010-06-11 08:01:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010-06-11 08:01:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010-06-10 10:05:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010-06-10 10:05:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010-06-10 09:59:31 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010-06-10 09:59:31 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010-06-10 09:59:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010-06-10 09:59:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010-06-09 23:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FireGlow
[2010-06-09 19:21:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010-06-09 19:21:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010-06-07 19:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\The Game Equation
[2010-06-07 14:08:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-06-07 14:08:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-06-07 14:08:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-06-07 14:08:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[color="#e56717"]========== Files - Modified Within 30 Days ==========[/color]

[2010-06-20 15:21:33 | 002,621,440 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT
[2010-06-20 14:39:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-20 12:42:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-20 12:42:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-06-20 12:40:32 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-06-20 12:40:32 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2010-06-20 12:40:32 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-06-20 12:40:32 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2010-06-20 12:40:32 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-06-20 12:36:16 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempzB3796.html
[2010-06-20 12:36:16 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempyN3796.html
[2010-06-20 12:35:55 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-20 12:35:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-06-20 12:35:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-20 12:35:39 | 3163,877,376 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-20 12:34:30 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempXe4020.html
[2010-06-20 12:34:30 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempZh4020.html
[2010-06-20 12:34:27 | 004,354,700 | -H-- | M] () -- C:\Users\AD\AppData\Local\IconCache.db
[2010-06-20 08:51:14 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempfy3752.html
[2010-06-20 08:51:14 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempyS3752.html
[2010-06-20 07:50:43 | 000,001,015 | ---- | M] () -- C:\Users\AD\Desktop\SpeedFan.lnk
[2010-06-20 07:50:42 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010-06-19 23:32:24 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Lost Lagoon The Trail of Destiny.lnk
[2010-06-19 22:53:49 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Temply3468.html
[2010-06-19 22:53:49 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempox3468.html
[2010-06-19 17:14:03 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempsB3364.html
[2010-06-19 17:14:03 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempBX3364.html
[2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-06-19 12:32:11 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2010-06-19 11:21:20 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempvv4464.html
[2010-06-19 11:21:20 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempNT4464.html
[2010-06-19 11:03:18 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010-06-19 11:03:18 | 000,000,182 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2010-06-19 08:12:05 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempEk3500.html
[2010-06-19 08:12:05 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempjn3500.html
[2010-06-18 22:17:24 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempYY3448.html
[2010-06-18 22:17:24 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempCr3448.html
[2010-06-18 20:08:48 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempQf3736.html
[2010-06-18 20:08:48 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TemppO3736.html
[2010-06-18 18:18:59 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempTh3408.html
[2010-06-18 18:18:59 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempvT3408.html
[2010-06-18 15:25:07 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempzq3660.html
[2010-06-18 15:25:07 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempdY3660.html
[2010-06-18 13:46:27 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempOG3420.html
[2010-06-18 13:46:27 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempPM3420.html
[2010-06-18 12:24:54 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempWk3476.html
[2010-06-18 12:24:54 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempkH3476.html
[2010-06-17 23:40:36 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempel3380.html
[2010-06-17 23:40:36 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempBz3380.html
[2010-06-17 12:51:54 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempkJ3432.html
[2010-06-17 12:51:54 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempHn3432.html
[2010-06-16 21:50:03 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TemprZ3644.html
[2010-06-16 21:50:03 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempGW3644.html
[2010-06-16 16:06:41 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempJr4456.html
[2010-06-16 16:06:41 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempWl4456.html
[2010-06-16 14:38:37 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempUM3676.html
[2010-06-16 14:38:37 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TemphW3676.html
[2010-06-16 11:59:03 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempNg3772.html
[2010-06-16 11:59:03 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempDI3772.html
[2010-06-16 11:53:24 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempRe3364.html
[2010-06-16 11:53:24 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempVW3364.html
[2010-06-15 21:38:43 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempTA3432.html
[2010-06-15 21:38:43 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempWr3432.html
[2010-06-15 16:38:17 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempzQ3472.html
[2010-06-15 16:38:17 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempmO3472.html
[2010-06-15 12:22:14 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Play Explorer - Contraband Mystery.lnk
[2010-06-15 12:22:14 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010-06-15 12:09:26 | 000,002,393 | ---- | M] () -- C:\Users\Public\Desktop\Play Flux Family Secrets - The Rabbit Hole Collectors Edition.lnk
[2010-06-15 10:06:10 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempqH1376.html
[2010-06-15 10:06:10 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempOm1376.html
[2010-06-14 23:27:42 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempBI3892.html
[2010-06-14 23:27:42 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Temppz3892.html
[2010-06-14 08:19:24 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempkC3464.html
[2010-06-14 08:19:24 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempDT3464.html
[2010-06-13 22:24:20 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempjM3512.html
[2010-06-13 22:24:20 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempLC3512.html
[2010-06-13 13:16:02 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Temppb3896.html
[2010-06-13 13:16:02 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempid3896.html
[2010-06-12 23:18:55 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Flower Paradise.lnk
[2010-06-12 23:16:52 | 000,002,176 | ---- | M] () -- C:\Users\AD\Desktop\Season Match.lnk
[2010-06-12 23:16:52 | 000,002,076 | ---- | M] () -- C:\Users\AD\Desktop\AllGamesHome.com.lnk
[2010-06-12 21:49:27 | 000,002,190 | ---- | M] () -- C:\Users\AD\Desktop\Rainbow Web 2.lnk
[2010-06-12 21:42:00 | 000,002,246 | ---- | M] () -- C:\Users\AD\Desktop\Herod's Lost Tomb.lnk
[2010-06-12 20:22:56 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempmu4008.html
[2010-06-12 20:22:56 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempNS4008.html
[2010-06-12 16:07:15 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempaf3956.html
[2010-06-12 16:07:15 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempYm3956.html
[2010-06-12 13:04:34 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempQJ3400.html
[2010-06-12 13:04:34 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempqd3400.html
[2010-06-11 19:42:42 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempRh3460.html
[2010-06-11 19:42:42 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempZX3460.html
[2010-06-11 15:25:52 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempYM3992.html
[2010-06-11 15:25:52 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempvn3992.html
[2010-06-11 14:44:30 | 000,339,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-06-11 14:42:58 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempRi3848.html
[2010-06-11 14:42:58 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempba3848.html
[2010-06-10 21:25:35 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempth3596.html
[2010-06-10 21:25:35 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempBS3596.html
[2010-06-10 15:53:23 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempqY3884.html
[2010-06-10 15:53:23 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempyO3884.html
[2010-06-09 21:54:13 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempyh3856.html
[2010-06-09 21:54:13 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempnZ3856.html
[2010-06-09 19:21:12 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempFE3828.html
[2010-06-09 19:21:12 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempYS3828.html
[2010-06-09 10:38:33 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempQe3368.html
[2010-06-09 10:38:33 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempPT3368.html
[2010-06-09 01:07:17 | 000,002,204 | ---- | M] () -- C:\Users\AD\Desktop\Season Match 2.lnk
[2010-06-08 23:19:07 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempMQ3120.html
[2010-06-08 23:19:07 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempzf3120.html
[2010-06-08 09:11:16 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempoX3564.html
[2010-06-08 09:11:16 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempfp3564.html
[2010-06-07 23:27:59 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempoB1444.html
[2010-06-07 23:27:59 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempeS1444.html
[2010-06-07 17:48:19 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempMB3900.html
[2010-06-07 17:48:19 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempUI3900.html
[2010-06-07 14:08:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-06-07 14:08:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-06-07 14:08:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-06-07 14:08:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-06-07 13:58:26 | 378,481,703 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-06-07 12:17:05 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempPo3860.html
[2010-06-07 12:17:05 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempPA3860.html
[2010-06-07 12:14:53 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempck3780.html
[2010-06-07 12:14:53 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempkx3780.html
[2010-06-01 12:15:50 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempJa1292.html
[2010-06-01 12:15:50 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TemplO1292.html
[2010-06-01 09:18:09 | 000,524,288 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms
[2010-06-01 09:18:09 | 000,524,288 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms
[2010-06-01 09:18:09 | 000,065,536 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blf
[2010-05-31 15:48:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2010-05-28 02:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010-05-28 02:09:00 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010-05-27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010-05-27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010-05-27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010-05-27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010-06-20 12:36:16 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempzB3796.html
[2010-06-20 12:36:16 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempyN3796.html
[2010-06-20 09:27:00 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempXe4020.html
[2010-06-20 09:27:00 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempZh4020.html
[2010-06-20 07:50:43 | 000,001,015 | ---- | C] () -- C:\Users\AD\Desktop\SpeedFan.lnk
[2010-06-20 07:50:42 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010-06-20 07:31:23 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempfy3752.html
[2010-06-20 07:31:23 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempyS3752.html
[2010-06-19 23:32:24 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Lost Lagoon The Trail of Destiny.lnk
[2010-06-19 21:39:00 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Temply3468.html
[2010-06-19 21:39:00 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempox3468.html
[2010-06-19 12:32:11 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2010-06-19 11:21:42 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempsB3364.html
[2010-06-19 11:21:42 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempBX3364.html
[2010-06-19 11:03:18 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010-06-19 11:03:18 | 000,000,182 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2010-06-19 11:03:17 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010-06-19 08:25:33 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempvv4464.html
[2010-06-19 08:25:33 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempNT4464.html
[2010-06-19 07:58:52 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempEk3500.html
[2010-06-19 07:58:52 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempjn3500.html
[2010-06-18 22:10:34 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempYY3448.html
[2010-06-18 22:10:34 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempCr3448.html
[2010-06-18 19:11:24 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempQf3736.html
[2010-06-18 19:11:24 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TemppO3736.html
[2010-06-18 17:48:51 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempTh3408.html
[2010-06-18 17:48:51 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempvT3408.html
[2010-06-18 13:47:52 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempzq3660.html
[2010-06-18 13:47:52 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempdY3660.html
[2010-06-18 13:05:18 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempOG3420.html
[2010-06-18 13:05:18 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempPM3420.html
[2010-06-18 06:53:29 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempWk3476.html
[2010-06-18 06:53:29 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempkH3476.html
[2010-06-17 13:06:03 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempel3380.html
[2010-06-17 13:06:03 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempBz3380.html
[2010-06-17 08:14:46 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempkJ3432.html
[2010-06-17 08:14:46 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempHn3432.html
[2010-06-16 18:19:54 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TemprZ3644.html
[2010-06-16 18:19:54 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempGW3644.html
[2010-06-16 16:05:24 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempJr4456.html
[2010-06-16 16:05:24 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempWl4456.html
[2010-06-16 14:02:47 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempUM3676.html
[2010-06-16 14:02:47 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TemphW3676.html
[2010-06-16 11:55:01 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempNg3772.html
[2010-06-16 11:55:01 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempDI3772.html
[2010-06-16 08:06:51 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempRe3364.html
[2010-06-16 08:06:51 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempVW3364.html
[2010-06-15 16:39:56 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempTA3432.html
[2010-06-15 16:39:56 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempWr3432.html
[2010-06-15 12:54:30 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempzQ3472.html
[2010-06-15 12:54:30 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempmO3472.html
[2010-06-15 12:22:14 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Play Explorer - Contraband Mystery.lnk
[2010-06-15 12:22:14 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010-06-15 12:09:26 | 000,002,393 | ---- | C] () -- C:\Users\Public\Desktop\Play Flux Family Secrets - The Rabbit Hole Collectors Edition.lnk
[2010-06-15 08:29:00 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempqH1376.html
[2010-06-15 08:29:00 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempOm1376.html
[2010-06-14 11:58:10 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempBI3892.html
[2010-06-14 11:58:10 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Temppz3892.html
[2010-06-14 07:53:57 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempkC3464.html
[2010-06-14 07:53:57 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempDT3464.html
[2010-06-13 18:49:23 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempjM3512.html
[2010-06-13 18:49:23 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempLC3512.html
[2010-06-13 09:05:42 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Temppb3896.html
[2010-06-13 09:05:42 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempid3896.html
[2010-06-12 23:18:55 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Flower Paradise.lnk
[2010-06-12 23:16:52 | 000,002,176 | ---- | C] () -- C:\Users\AD\Desktop\Season Match.lnk
[2010-06-12 21:49:27 | 000,002,190 | ---- | C] () -- C:\Users\AD\Desktop\Rainbow Web 2.lnk
[2010-06-12 21:49:27 | 000,002,076 | ---- | C] () -- C:\Users\AD\Desktop\AllGamesHome.com.lnk
[2010-06-12 21:42:00 | 000,002,246 | ---- | C] () -- C:\Users\AD\Desktop\Herod's Lost Tomb.lnk
[2010-06-12 20:07:58 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempmu4008.html
[2010-06-12 20:07:58 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempNS4008.html
[2010-06-12 14:16:37 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempaf3956.html
[2010-06-12 14:16:37 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempYm3956.html
[2010-06-12 06:29:57 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempQJ3400.html
[2010-06-12 06:29:57 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempqd3400.html
[2010-06-11 16:33:58 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempRh3460.html
[2010-06-11 16:33:58 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempZX3460.html
[2010-06-11 14:45:08 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempYM3992.html
[2010-06-11 14:45:08 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempvn3992.html
[2010-06-11 07:54:38 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempRi3848.html
[2010-06-11 07:54:38 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempba3848.html
[2010-06-10 15:55:59 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempth3596.html
[2010-06-10 15:55:59 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempBS3596.html
[2010-06-10 07:24:10 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempqY3884.html
[2010-06-10 07:24:10 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempyO3884.html
[2010-06-09 20:05:57 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempyh3856.html
[2010-06-09 20:05:57 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempnZ3856.html
[2010-06-09 12:35:37 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempFE3828.html
[2010-06-09 12:35:37 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempYS3828.html
[2010-06-09 07:28:56 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempQe3368.html
[2010-06-09 07:28:56 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempPT3368.html
[2010-06-09 01:07:17 | 000,002,204 | ---- | C] () -- C:\Users\AD\Desktop\Season Match 2.lnk
[2010-06-08 13:44:34 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempMQ3120.html
[2010-06-08 13:44:34 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempzf3120.html
[2010-06-08 08:01:56 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempoX3564.html
[2010-06-08 08:01:56 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempfp3564.html
[2010-06-07 21:57:10 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempoB1444.html
[2010-06-07 21:57:10 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempeS1444.html
[2010-06-07 13:59:08 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempMB3900.html
[2010-06-07 13:59:08 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempUI3900.html
[2010-06-07 12:17:05 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempPo3860.html
[2010-06-07 12:17:05 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempPA3860.html
[2010-06-07 11:54:45 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempck3780.html
[2010-06-07 11:54:45 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempkx3780.html
[2010-06-01 09:53:29 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempJa1292.html
[2010-06-01 09:53:29 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TemplO1292.html
[2010-06-01 09:18:09 | 000,524,288 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms
[2010-06-01 09:18:09 | 000,524,288 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms
[2010-06-01 09:18:09 | 000,065,536 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blf
[2010-05-31 15:48:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2010-05-28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010-05-28 02:09:00 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010-03-26 07:39:38 | 000,000,451 | ---- | C] () -- C:\Windows\wininit.ini
[2010-03-23 16:30:44 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-03-21 13:12:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-03-07 09:34:41 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[color="#e56717"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:2E49D185
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:EE3A2438
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:64170090
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:123A86B5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:6C75AF4C
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AF4D7176
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:04A88719
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8DA5A13A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:49E1AC32
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1E26EE1D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1D4140C3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:95659AC5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:615E8DBB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:3BA734DE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:32FFF2D1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0E0E9645
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:92D91D7E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7AB36AC8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6247E766
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E6BA54F4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4AC5AE3E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2E45FA8F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:602146E4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D5AB4AD5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3778F8BC
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:287E7337
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CFAE7666
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:97C6B915
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:90A2AD6F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:599BCADA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:409D7106
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC836199
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC1777D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E3BD4B99
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6F3094D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8B4B9596
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7BB47057
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:62A22B09
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5A2D0810
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:643C37D8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:D6BEA85D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:439A20A3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FA78B902
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D632169E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:717DE6A0
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:90C12AC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8B4640AA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:878ECA8B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F7CA538B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CB21167F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C0DFB793
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:AF87C9F8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:701FCC18
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:603FD11D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8678F6BD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7314FCCB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:06E16783
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0309525F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:52F4CBFF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E07EA07E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BA21F28A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:939A4172
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:88C60511
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:81D20369
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2BFCDF84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DB258930
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B2D21B9B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:63387B59
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0355E87F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1FFC9F3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:2FBB2B9B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB65A4AA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB4762D2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E5946EFF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:AF4CC666
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:85B3C587
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2D0DFF22
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1D8B732A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:08390D61
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DC9E0AAE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4E2A5A6D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:488F7244
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:41D1C7CB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F78518BB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D890DD02
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0C9CD455
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C552BEDE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5197985B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:0A4803EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C1F2FA44
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5D17C178
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:14A7B409
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EDC68C62
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A18FA397
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:89A5891E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3BD4D405
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:21BB9E99
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9C8D5426
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9C31E38F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:98DFF516
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7751B8B3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AD780847
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7174C105
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:441D63A8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:3AD6342E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:22B52633
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A05F750A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:A798EB56
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:84CFEE62
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CD177A07
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:3ADB6F65
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:5FBC2BC4
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1E5EC928
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:D8139E6A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3745E745
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:FA206A00
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:63B38619
< End of report >[/log]

[color="#ff0000"]//wstawiam tagi [log]
//raaz[/color]

Tomek01
komentarz
komentarz (edytowane)

Odinstaluj Ask Toolbar, XfireXO Toolbar,DAEMON Tools Toolbar.

W OTL, w oknie Custom scan/fixes wklej:

[code]:Processes
Explorer.exe

:OTL
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.2.119
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q="
[2010-04-08 08:12:34 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\DTToolbar@toolbarnet. com
[2010-03-11 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com
[2010-02-04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\askcom.xml
[2010-04-21 12:06:36 | 000,000,917 | ---- | M] () -- C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\conduit.xml
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:2E49D185
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:EE3A2438
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:64170090
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:123A86B5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:6C75AF4C
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AF4D7176
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:04A88719
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8DA5A13A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:49E1AC32
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1E26EE1D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1D4140C3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:95659AC5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:615E8DBB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:3BA734DE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:32FFF2D1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0E0E9645
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:92D91D7E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7AB36AC8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6247E766
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E6BA54F4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4AC5AE3E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2E45FA8F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:602146E4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D5AB4AD5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3778F8BC
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:287E7337
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CFAE7666
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:97C6B915
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:90A2AD6F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:599BCADA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:409D7106
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC836199
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC1777D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E3BD4B99
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6F3094D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8B4B9596
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7BB47057
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:62A22B09
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5A2D0810
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:643C37D8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:D6BEA85D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:439A20A3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FA78B902
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D632169E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:717DE6A0
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:90C12AC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8B4640AA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:878ECA8B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F7CA538B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CB21167F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C0DFB793
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:AF87C9F8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:701FCC18
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:603FD11D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8678F6BD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7314FCCB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:06E16783
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0309525F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:52F4CBFF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E07EA07E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BA21F28A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:939A4172
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:88C60511
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:81D20369
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2BFCDF84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DB258930
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B2D21B9B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:63387B59
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0355E87F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1FFC9F3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:2FBB2B9B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB65A4AA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB4762D2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E5946EFF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:AF4CC666
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:85B3C587
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2D0DFF22
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1D8B732A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:08390D61
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DC9E0AAE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4E2A5A6D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:488F7244
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:41D1C7CB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F78518BB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D890DD02
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0C9CD455
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C552BEDE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5197985B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:0A4803EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C1F2FA44
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5D17C178
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:14A7B409
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EDC68C62
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A18FA397
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:89A5891E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3BD4D405
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:21BB9E99
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9C8D5426
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9C31E38F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:98DFF516
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7751B8B3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AD780847
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7174C105
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:441D63A8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:3AD6342E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:22B52633
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A05F750A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:A798EB56
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:84CFEE62
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CD177A07
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:3ADB6F65
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:5FBC2BC4
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1E5EC928
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:D8139E6A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3745E745
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:FA206A00
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:63B38619

:Files
C:\Windows\SysWow64\uc_wepic_launching.dll
C:\Windows\SysWow64\uc_rohan_launching.dll
C:\Windows\SysWow64\uc_neosteam_launching.dll
C:\Windows\SysWow64\uc_sfighters_launching.dll
C:\Windows\SysWow64\uc_luminary_launching.dll
C:\Windows\SysWow64\ijjiSetup.exe
C:\Windows\SysWow64\ijjiChannelingPlugin.dll
C:\Windows\SysWow64\uc_holybeast_launching.dll
C:\Windows\SysWow64\ijjiProcessRestarter.exe
C:\Windows\SysWow64\uc_atlantica_launching.dll
C:\Windows\SysWow64\ijjiPlugin2.dll
C:\Program Files (x86)\ijji
C:\Users\Public\Desktop\ijji.url
C:\Users\AD\AppData\Local\TempzB3796.html
C:\Users\AD\AppData\Local\TempyN3796.html
C:\Users\AD\AppData\Local\TempXe4020.html
C:\Users\AD\AppData\Local\TempZh4020.html
C:\Users\AD\AppData\Local\Tempfy3752.html
C:\Users\AD\AppData\Local\TempyS3752.html
C:\Users\AD\AppData\Local\Temply3468.html
C:\Users\AD\AppData\Local\Tempox3468.html
C:\Users\AD\AppData\Local\TempsB3364.html
C:\Users\AD\AppData\Local\TempBX3364.html
C:\Users\AD\AppData\Local\Tempvv4464.html
C:\Users\AD\AppData\Local\TempNT4464.html
C:\Users\AD\AppData\Local\TempEk3500.html
C:\Users\AD\AppData\Local\Tempjn3500.html
C:\Users\AD\AppData\Local\TempYY3448.html
C:\Users\AD\AppData\Local\TempCr3448.html
C:\Users\AD\AppData\Local\TempQf3736.html
C:\Users\AD\AppData\Local\TemppO3736.html
C:\Users\AD\AppData\Local\TempTh3408.html
C:\Users\AD\AppData\Local\TempvT3408.html
C:\Users\AD\AppData\Local\Tempzq3660.html
C:\Users\AD\AppData\Local\TempdY3660.html
C:\Users\AD\AppData\Local\TempOG3420.html
C:\Users\AD\AppData\Local\TempPM3420.html
C:\Users\AD\AppData\Local\TempWk3476.html
C:\Users\AD\AppData\Local\TempkH3476.html
C:\Users\AD\AppData\Local\Tempel3380.html
C:\Users\AD\AppData\Local\TempBz3380.html
C:\Users\AD\AppData\Local\TempkJ3432.html
C:\Users\AD\AppData\Local\TempHn3432.html
C:\Users\AD\AppData\Local\TemprZ3644.html
C:\Users\AD\AppData\Local\TempGW3644.html
C:\Users\AD\AppData\Local\TempJr4456.html
C:\Users\AD\AppData\Local\TempWl4456.html
C:\Users\AD\AppData\Local\TempUM3676.html
C:\Users\AD\AppData\Local\TemphW3676.html
C:\Users\AD\AppData\Local\TempNg3772.html
C:\Users\AD\AppData\Local\TempDI3772.html
C:\Users\AD\AppData\Local\TempRe3364.html
C:\Users\AD\AppData\Local\TempVW3364.html
C:\Users\AD\AppData\Local\TempTA3432.html
C:\Users\AD\AppData\Local\TempWr3432.html
C:\Users\AD\AppData\Local\TempzQ3472.html
C:\Users\AD\AppData\Local\TempmO3472.html
C:\Users\AD\AppData\Local\TempqH1376.html
C:\Users\AD\AppData\Local\TempOm1376.html
C:\Users\AD\AppData\Local\TempBI3892.html
C:\Users\AD\AppData\Local\Temppz3892.html
C:\Users\AD\AppData\Local\TempkC3464.html
C:\Users\AD\AppData\Local\TempDT3464.html
C:\Users\AD\AppData\Local\TempjM3512.html
C:\Users\AD\AppData\Local\TempLC3512.html
C:\Users\AD\AppData\Local\Temppb3896.html
C:\Users\AD\AppData\Local\Tempid3896.html
C:\Users\AD\AppData\Local\Tempmu4008.html
C:\Users\AD\AppData\Local\TempNS4008.html
C:\Users\AD\AppData\Local\Tempaf3956.html
C:\Users\AD\AppData\Local\TempYm3956.html
C:\Users\AD\AppData\Local\TempQJ3400.html
C:\Users\AD\AppData\Local\Tempqd3400.html
C:\Users\AD\AppData\Local\TempRh3460.html
C:\Users\AD\AppData\Local\TempZX3460.html
C:\Users\AD\AppData\Local\TempYM3992.html
C:\Users\AD\AppData\Local\Tempvn3992.html
C:\Users\AD\AppData\Local\TempRi3848.html
C:\Users\AD\AppData\Local\Tempba3848.html
C:\Users\AD\AppData\Local\Tempth3596.html
C:\Users\AD\AppData\Local\TempBS3596.html
C:\Users\AD\AppData\Local\TempqY3884.html
C:\Users\AD\AppData\Local\TempyO3884.html
C:\Users\AD\AppData\Local\Tempyh3856.html
C:\Users\AD\AppData\Local\TempnZ3856.html
C:\Users\AD\AppData\Local\TempFE3828.html
C:\Users\AD\AppData\Local\TempYS3828.html
C:\Users\AD\AppData\Local\TempQe3368.html
C:\Users\AD\AppData\Local\TempPT3368.html
C:\Users\AD\AppData\Local\TempMQ3120.html
C:\Users\AD\AppData\Local\Tempzf3120.html
C:\Users\AD\AppData\Local\TempoX3564.html
C:\Users\AD\AppData\Local\Tempfp3564.html
C:\Users\AD\AppData\Local\TempoB1444.html
C:\Users\AD\AppData\Local\TempeS1444.html
C:\Users\AD\AppData\Local\TempMB3900.html
C:\Users\AD\AppData\Local\TempUI3900.html
C:\Users\AD\AppData\Local\TempPo3860.html
C:\Users\AD\AppData\Local\TempPA3860.html
C:\Users\AD\AppData\Local\Tempck3780.html
C:\Users\AD\AppData\Local\Tempkx3780.html
C:\Users\AD\AppData\Local\TempJa1292.html
C:\Users\AD\AppData\Local\TemplO1292.html
C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms
C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms
C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blfC:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]
Klikasz run fix, komputer uruchamia się ponownie.


Załącz log z usuwania oraz nowe logi OTL i RSIT.

Kafar0z0
komentarz
komentarz

Oto logi z usuwania:


[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files (x86)\XfireXO\tbXfir.dll not found.
Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files (x86)\XfireXO\tbXfir.dll not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "XfireXO Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "XfireXO Customized Web Search"FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.2.119 removed from browser.search.selectedEngine
Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=" removed from extensions.enabledItems
Folder C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\DTToolbar@toolbarnet.\ not found.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-11-Mar-2010-21-17-52-GMT folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-08-Mar-2010-17-48-36-GMT folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\askcom.xml moved successfully.
C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files (x86)\XfireXO\tbXfir.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files (x86)\XfireXO\tbXfir.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
ADS C:\ProgramData\Temp:1ECED34B deleted successfully.
ADS C:\ProgramData\Temp:2E49D185 deleted successfully.
ADS C:\ProgramData\Temp:EE3A2438 deleted successfully.
ADS C:\ProgramData\Temp:64170090 deleted successfully.
ADS C:\ProgramData\Temp:123A86B5 deleted successfully.
ADS C:\ProgramData\Temp:FAB64002 deleted successfully.
ADS C:\ProgramData\Temp:6C75AF4C deleted successfully.
ADS C:\ProgramData\Temp:AF4D7176 deleted successfully.
ADS C:\ProgramData\Temp:04A88719 deleted successfully.
ADS C:\ProgramData\Temp:8DA5A13A deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:49E1AC32 deleted successfully.
ADS C:\ProgramData\Temp:1E26EE1D deleted successfully.
ADS C:\ProgramData\Temp:1D4140C3 deleted successfully.
ADS C:\ProgramData\Temp:95659AC5 deleted successfully.
ADS C:\ProgramData\Temp:615E8DBB deleted successfully.
ADS C:\ProgramData\Temp:3BA734DE deleted successfully.
ADS C:\ProgramData\Temp:32FFF2D1 deleted successfully.
ADS C:\ProgramData\Temp:0E0E9645 deleted successfully.
ADS C:\ProgramData\Temp:92D91D7E deleted successfully.
ADS C:\ProgramData\Temp:7AB36AC8 deleted successfully.
ADS C:\ProgramData\Temp:6247E766 deleted successfully.
ADS C:\ProgramData\Temp:E6BA54F4 deleted successfully.
ADS C:\ProgramData\Temp:4AC5AE3E deleted successfully.
ADS C:\ProgramData\Temp:2E45FA8F deleted successfully.
ADS C:\ProgramData\Temp:9A7BF72D deleted successfully.
ADS C:\ProgramData\Temp:602146E4 deleted successfully.
ADS C:\ProgramData\Temp:D5AB4AD5 deleted successfully.
ADS C:\ProgramData\Temp:C3A1351B deleted successfully.
ADS C:\ProgramData\Temp:3778F8BC deleted successfully.
ADS C:\ProgramData\Temp:287E7337 deleted successfully.
ADS C:\ProgramData\Temp:CFAE7666 deleted successfully.
ADS C:\ProgramData\Temp:97C6B915 deleted successfully.
ADS C:\ProgramData\Temp:90A2AD6F deleted successfully.
ADS C:\ProgramData\Temp:599BCADA deleted successfully.
ADS C:\ProgramData\Temp:409D7106 deleted successfully.
ADS C:\ProgramData\Temp:FC836199 deleted successfully.
ADS C:\ProgramData\Temp:FC1777D7 deleted successfully.
ADS C:\ProgramData\Temp:E411AA0D deleted successfully.
ADS C:\ProgramData\Temp:E3BD4B99 deleted successfully.
ADS C:\ProgramData\Temp:A6F3094D deleted successfully.
ADS C:\ProgramData\Temp:8B4B9596 deleted successfully.
ADS C:\ProgramData\Temp:7BB47057 deleted successfully.
ADS C:\ProgramData\Temp:62A22B09 deleted successfully.
ADS C:\ProgramData\Temp:5A2D0810 deleted successfully.
ADS C:\ProgramData\Temp:EF0C5444 deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:643C37D8 deleted successfully.
ADS C:\ProgramData\Temp:D6BEA85D deleted successfully.
ADS C:\ProgramData\Temp:BCDC6E07 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:439A20A3 deleted successfully.
ADS C:\ProgramData\Temp:FA78B902 deleted successfully.
ADS C:\ProgramData\Temp:D632169E deleted successfully.
ADS C:\ProgramData\Temp:717DE6A0 deleted successfully.
ADS C:\ProgramData\Temp:90C12AC3 deleted successfully.
ADS C:\ProgramData\Temp:8B4640AA deleted successfully.
ADS C:\ProgramData\Temp:878ECA8B deleted successfully.
ADS C:\ProgramData\Temp:F7CA538B deleted successfully.
ADS C:\ProgramData\Temp:CB21167F deleted successfully.
ADS C:\ProgramData\Temp:C0DFB793 deleted successfully.
ADS C:\ProgramData\Temp:AF87C9F8 deleted successfully.
ADS C:\ProgramData\Temp:701FCC18 deleted successfully.
ADS C:\ProgramData\Temp:603FD11D deleted successfully.
ADS C:\ProgramData\Temp:8678F6BD deleted successfully.
ADS C:\ProgramData\Temp:7314FCCB deleted successfully.
ADS C:\ProgramData\Temp:06E16783 deleted successfully.
ADS C:\ProgramData\Temp:0309525F deleted successfully.
ADS C:\ProgramData\Temp:52F4CBFF deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:E07EA07E deleted successfully.
ADS C:\ProgramData\Temp:BA21F28A deleted successfully.
ADS C:\ProgramData\Temp:939A4172 deleted successfully.
ADS C:\ProgramData\Temp:88C60511 deleted successfully.
ADS C:\ProgramData\Temp:81D20369 deleted successfully.
ADS C:\ProgramData\Temp:2BFCDF84 deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:DB258930 deleted successfully.
ADS C:\ProgramData\Temp:B2D21B9B deleted successfully.
ADS C:\ProgramData\Temp:63387B59 deleted successfully.
ADS C:\ProgramData\Temp:0355E87F deleted successfully.
ADS C:\ProgramData\Temp:E1FFC9F3 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:2FBB2B9B deleted successfully.
ADS C:\ProgramData\Temp:FB65A4AA deleted successfully.
ADS C:\ProgramData\Temp:FB4762D2 deleted successfully.
ADS C:\ProgramData\Temp:E5946EFF deleted successfully.
ADS C:\ProgramData\Temp:AF4CC666 deleted successfully.
ADS C:\ProgramData\Temp:85B3C587 deleted successfully.
ADS C:\ProgramData\Temp:2D0DFF22 deleted successfully.
ADS C:\ProgramData\Temp:1D8B732A deleted successfully.
ADS C:\ProgramData\Temp:08390D61 deleted successfully.
ADS C:\ProgramData\Temp:DC9E0AAE deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:4E2A5A6D deleted successfully.
ADS C:\ProgramData\Temp:488F7244 deleted successfully.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
ADS C:\ProgramData\Temp:41D1C7CB deleted successfully.
ADS C:\ProgramData\Temp:F78518BB deleted successfully.
ADS C:\ProgramData\Temp:D890DD02 deleted successfully.
ADS C:\ProgramData\Temp:0C9CD455 deleted successfully.
ADS C:\ProgramData\Temp:CA0CE093 deleted successfully.
ADS C:\ProgramData\Temp:C552BEDE deleted successfully.
ADS C:\ProgramData\Temp:5197985B deleted successfully.
ADS C:\ProgramData\Temp:0A4803EE deleted successfully.
ADS C:\ProgramData\Temp:C1F2FA44 deleted successfully.
ADS C:\ProgramData\Temp:5D17C178 deleted successfully.
ADS C:\ProgramData\Temp:14A7B409 deleted successfully.
ADS C:\ProgramData\Temp:EDC68C62 deleted successfully.
ADS C:\ProgramData\Temp:A18FA397 deleted successfully.
ADS C:\ProgramData\Temp:89A5891E deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:3BD4D405 deleted successfully.
ADS C:\ProgramData\Temp:21BB9E99 deleted successfully.
ADS C:\ProgramData\Temp:9C8D5426 deleted successfully.
ADS C:\ProgramData\Temp:9C31E38F deleted successfully.
ADS C:\ProgramData\Temp:98DFF516 deleted successfully.
ADS C:\ProgramData\Temp:7751B8B3 deleted successfully.
ADS C:\ProgramData\Temp:AD780847 deleted successfully.
ADS C:\ProgramData\Temp:7174C105 deleted successfully.
ADS C:\ProgramData\Temp:441D63A8 deleted successfully.
ADS C:\ProgramData\Temp:3AD6342E deleted successfully.
ADS C:\ProgramData\Temp:22B52633 deleted successfully.
ADS C:\ProgramData\Temp:A05F750A deleted successfully.
ADS C:\ProgramData\Temp:A798EB56 deleted successfully.
ADS C:\ProgramData\Temp:84CFEE62 deleted successfully.
ADS C:\ProgramData\Temp:CD177A07 deleted successfully.
ADS C:\ProgramData\Temp:3ADB6F65 deleted successfully.
ADS C:\ProgramData\Temp:5FBC2BC4 deleted successfully.
ADS C:\ProgramData\Temp:1E5EC928 deleted successfully.
ADS C:\ProgramData\Temp:0D3CE40A deleted successfully.
ADS C:\ProgramData\Temp:D8139E6A deleted successfully.
ADS C:\ProgramData\Temp:3745E745 deleted successfully.
ADS C:\ProgramData\Temp:FA206A00 deleted successfully.
ADS C:\ProgramData\Temp:63B38619 deleted successfully.
========== FILES ==========
C:\Windows\SysWow64\uc_wepic_launching.dll moved successfully.
C:\Windows\SysWow64\uc_rohan_launching.dll moved successfully.
C:\Windows\SysWow64\uc_neosteam_launching.dll moved successfully.
C:\Windows\SysWow64\uc_sfighters_launching.dll moved successfully.
C:\Windows\SysWow64\uc_luminary_launching.dll moved successfully.
C:\Windows\SysWow64\ijjiSetup.exe moved successfully.
C:\Windows\SysWow64\ijjiChannelingPlugin.dll moved successfully.
C:\Windows\SysWow64\uc_holybeast_launching.dll moved successfully.
C:\Windows\SysWow64\ijjiProcessRestarter.exe moved successfully.
C:\Windows\SysWow64\uc_atlantica_launching.dll moved successfully.
C:\Windows\SysWow64\ijjiPlugin2.dll moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\tos\terms folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\tos folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\styles\en folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\styles folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\scripts folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang\msg\es folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang\msg\en folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang\msg\de folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang\msg folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\includes folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\sub folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\reactor\en\common folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\reactor\en folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\reactor folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\main\thumb folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\main\en folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\main folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\common folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5 folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\popup\es folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\popup\en folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\popup\de folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\popup folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\guide\es folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\guide\en folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\guide\de folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\guide folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\es\common folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\es folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\wepic folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\sun folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\sfront folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\sfighters folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\rohan folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\neo folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\lunia folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\luminary folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\karos folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\karma folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\huxley folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\holybeast folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\gunz folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\drift folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\common folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\ava folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\atlantica folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\ad folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\de\common folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\de folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4 folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\images folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\common\styles\v5 folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\common\styles folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\common\scripts\jquery folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\common\scripts folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline\common folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR\offline folder moved successfully.
C:\Program Files (x86)\ijji\ijji REACTOR folder moved successfully.
C:\Program Files (x86)\ijji folder moved successfully.
C:\Users\Public\Desktop\ijji.url moved successfully.
C:\Users\AD\AppData\Local\TempzB3796.html moved successfully.
C:\Users\AD\AppData\Local\TempyN3796.html moved successfully.
C:\Users\AD\AppData\Local\TempXe4020.html moved successfully.
C:\Users\AD\AppData\Local\TempZh4020.html moved successfully.
C:\Users\AD\AppData\Local\Tempfy3752.html moved successfully.
C:\Users\AD\AppData\Local\TempyS3752.html moved successfully.
C:\Users\AD\AppData\Local\Temply3468.html moved successfully.
C:\Users\AD\AppData\Local\Tempox3468.html moved successfully.
C:\Users\AD\AppData\Local\TempsB3364.html moved successfully.
C:\Users\AD\AppData\Local\TempBX3364.html moved successfully.
C:\Users\AD\AppData\Local\Tempvv4464.html moved successfully.
C:\Users\AD\AppData\Local\TempNT4464.html moved successfully.
C:\Users\AD\AppData\Local\TempEk3500.html moved successfully.
C:\Users\AD\AppData\Local\Tempjn3500.html moved successfully.
C:\Users\AD\AppData\Local\TempYY3448.html moved successfully.
C:\Users\AD\AppData\Local\TempCr3448.html moved successfully.
C:\Users\AD\AppData\Local\TempQf3736.html moved successfully.
C:\Users\AD\AppData\Local\TemppO3736.html moved successfully.
C:\Users\AD\AppData\Local\TempTh3408.html moved successfully.
C:\Users\AD\AppData\Local\TempvT3408.html moved successfully.
C:\Users\AD\AppData\Local\Tempzq3660.html moved successfully.
C:\Users\AD\AppData\Local\TempdY3660.html moved successfully.
C:\Users\AD\AppData\Local\TempOG3420.html moved successfully.
C:\Users\AD\AppData\Local\TempPM3420.html moved successfully.
C:\Users\AD\AppData\Local\TempWk3476.html moved successfully.
C:\Users\AD\AppData\Local\TempkH3476.html moved successfully.
C:\Users\AD\AppData\Local\Tempel3380.html moved successfully.
C:\Users\AD\AppData\Local\TempBz3380.html moved successfully.
C:\Users\AD\AppData\Local\TempkJ3432.html moved successfully.
C:\Users\AD\AppData\Local\TempHn3432.html moved successfully.
C:\Users\AD\AppData\Local\TemprZ3644.html moved successfully.
C:\Users\AD\AppData\Local\TempGW3644.html moved successfully.
C:\Users\AD\AppData\Local\TempJr4456.html moved successfully.
C:\Users\AD\AppData\Local\TempWl4456.html moved successfully.
C:\Users\AD\AppData\Local\TempUM3676.html moved successfully.
C:\Users\AD\AppData\Local\TemphW3676.html moved successfully.
C:\Users\AD\AppData\Local\TempNg3772.html moved successfully.
C:\Users\AD\AppData\Local\TempDI3772.html moved successfully.
C:\Users\AD\AppData\Local\TempRe3364.html moved successfully.
C:\Users\AD\AppData\Local\TempVW3364.html moved successfully.
C:\Users\AD\AppData\Local\TempTA3432.html moved successfully.
C:\Users\AD\AppData\Local\TempWr3432.html moved successfully.
C:\Users\AD\AppData\Local\TempzQ3472.html moved successfully.
C:\Users\AD\AppData\Local\TempmO3472.html moved successfully.
C:\Users\AD\AppData\Local\TempqH1376.html moved successfully.
C:\Users\AD\AppData\Local\TempOm1376.html moved successfully.
C:\Users\AD\AppData\Local\TempBI3892.html moved successfully.
C:\Users\AD\AppData\Local\Temppz3892.html moved successfully.
C:\Users\AD\AppData\Local\TempkC3464.html moved successfully.
C:\Users\AD\AppData\Local\TempDT3464.html moved successfully.
C:\Users\AD\AppData\Local\TempjM3512.html moved successfully.
C:\Users\AD\AppData\Local\TempLC3512.html moved successfully.
C:\Users\AD\AppData\Local\Temppb3896.html moved successfully.
C:\Users\AD\AppData\Local\Tempid3896.html moved successfully.
C:\Users\AD\AppData\Local\Tempmu4008.html moved successfully.
C:\Users\AD\AppData\Local\TempNS4008.html moved successfully.
C:\Users\AD\AppData\Local\Tempaf3956.html moved successfully.
C:\Users\AD\AppData\Local\TempYm3956.html moved successfully.
C:\Users\AD\AppData\Local\TempQJ3400.html moved successfully.
C:\Users\AD\AppData\Local\Tempqd3400.html moved successfully.
C:\Users\AD\AppData\Local\TempRh3460.html moved successfully.
C:\Users\AD\AppData\Local\TempZX3460.html moved successfully.
C:\Users\AD\AppData\Local\TempYM3992.html moved successfully.
C:\Users\AD\AppData\Local\Tempvn3992.html moved successfully.
C:\Users\AD\AppData\Local\TempRi3848.html moved successfully.
C:\Users\AD\AppData\Local\Tempba3848.html moved successfully.
C:\Users\AD\AppData\Local\Tempth3596.html moved successfully.
C:\Users\AD\AppData\Local\TempBS3596.html moved successfully.
C:\Users\AD\AppData\Local\TempqY3884.html moved successfully.
C:\Users\AD\AppData\Local\TempyO3884.html moved successfully.
C:\Users\AD\AppData\Local\Tempyh3856.html moved successfully.
C:\Users\AD\AppData\Local\TempnZ3856.html moved successfully.
C:\Users\AD\AppData\Local\TempFE3828.html moved successfully.
C:\Users\AD\AppData\Local\TempYS3828.html moved successfully.
C:\Users\AD\AppData\Local\TempQe3368.html moved successfully.
C:\Users\AD\AppData\Local\TempPT3368.html moved successfully.
C:\Users\AD\AppData\Local\TempMQ3120.html moved successfully.
C:\Users\AD\AppData\Local\Tempzf3120.html moved successfully.
C:\Users\AD\AppData\Local\TempoX3564.html moved successfully.
C:\Users\AD\AppData\Local\Tempfp3564.html moved successfully.
C:\Users\AD\AppData\Local\TempoB1444.html moved successfully.
C:\Users\AD\AppData\Local\TempeS1444.html moved successfully.
C:\Users\AD\AppData\Local\TempMB3900.html moved successfully.
C:\Users\AD\AppData\Local\TempUI3900.html moved successfully.
C:\Users\AD\AppData\Local\TempPo3860.html moved successfully.
C:\Users\AD\AppData\Local\TempPA3860.html moved successfully.
C:\Users\AD\AppData\Local\Tempck3780.html moved successfully.
C:\Users\AD\AppData\Local\Tempkx3780.html moved successfully.
C:\Users\AD\AppData\Local\TempJa1292.html moved successfully.
C:\Users\AD\AppData\Local\TemplO1292.html moved successfully.
File move failed. C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms scheduled to be moved on reboot.
File move failed. C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms scheduled to be moved on reboot.
File\Folder C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blfC:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00. not found.
File\Folder Wdf not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: AD
->Temp folder emptied: 2244743221 bytes
->Temporary Internet Files folder emptied: 69983349 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60838217 bytes
->Google Chrome cache emptied: 6168310 bytes
->Flash cache emptied: 18660 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ewa
->Temp folder emptied: 37925588 bytes
->Temporary Internet Files folder emptied: 49626653 bytes
->Java cache emptied: 39263 bytes
->FireFox cache emptied: 73473940 bytes
->Google Chrome cache emptied: 6138516 bytes
->Flash cache emptied: 45892 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12587787 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 5882280718 bytes

Total Files Cleaned = 8 053,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06202010_214717

Files\Folders moved on Reboot...
File move failed. C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms scheduled to be moved on reboot.
File move failed. C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms scheduled to be moved on reboot.
C:\Users\AD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot... [/log]

[b]Logi OTL[/b]


[log]OTL logfile created on: 2010-06-20 21:55:13 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\AD\Desktop\Pobieranie
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,95 Gb Total Space | 249,16 Gb Free Space | 54,29% Space Free | Partition Type: NTFS
Drive D: | 459,46 Gb Total Space | 421,50 Gb Free Space | 91,74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AD-KOMPUTER
Current User Name: AD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color="#e56717"]========== Processes (SafeList) ==========[/color]

PRC - [2010-06-20 15:15:22 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\AD\Desktop\Pobieranie\OTL.exe
PRC - [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010-05-28 02:08:46 | 003,493,264 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-05-04 16:05:48 | 011,981,408 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
PRC - [2010-04-14 16:16:16 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010-04-02 11:40:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-03-22 07:36:29 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010-03-12 17:47:18 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-03-05 17:14:41 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files (x86)\Thomson\ST330\service\st330service.exe
PRC - [2010-03-05 17:14:38 | 000,557,149 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe
PRC - [2010-02-02 23:45:50 | 014,252,952 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files (x86)\ipla\ipla.exe
PRC - [2009-11-09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-13 00:44:29 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-09-29 12:31:58 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009-09-29 11:51:14 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009-09-10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009-08-28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009-08-18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009-08-13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009-08-12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009-08-04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009-07-14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009-06-05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-06-05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe


[color="#e56717"]========== Modules (SafeList) ==========[/color]

MOD - [2010-06-20 15:15:22 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\AD\Desktop\Pobieranie\OTL.exe
MOD - [2010-05-28 02:09:04 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\xfire_toucan_42784.dll
MOD - [2009-09-29 12:32:24 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
MOD - [2009-07-14 03:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009-07-14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll


[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2010-06-09 19:21:43 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:[b]64bit:[/b] - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:[b]64bit:[/b] - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-05-03 23:12:00 | 003,584,240 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010-04-14 16:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010-03-12 17:47:18 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-05 17:14:41 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files (x86)\Thomson\ST330\service\st330service.exe -- (st330service)
SRV - [2009-09-10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009-08-28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009-08-25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-08-13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009-06-05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®


[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2010-05-06 22:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2010-05-06 22:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2010-05-06 22:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2010-05-06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2010-05-06 22:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2010-03-13 10:32:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010-03-03 14:08:17 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp)
DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH)
DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:[b]64bit:[/b] - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:[b]64bit:[/b] - [2009-11-09 05:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:[b]64bit:[/b] - [2009-11-04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:[b]64bit:[/b] - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:[b]64bit:[/b] - [2009-09-23 11:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:[b]64bit:[/b] - [2009-08-24 15:07:52 | 001,622,528 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:[b]64bit:[/b] - [2009-07-18 07:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:[b]64bit:[/b] - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:[b]64bit:[/b] - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:[b]64bit:[/b] - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:[b]64bit:[/b] - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:[b]64bit:[/b] - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:[b]64bit:[/b] - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:[b]64bit:[/b] - [2009-07-14 02:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:[b]64bit:[/b] - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:[b]64bit:[/b] - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:[b]64bit:[/b] - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:[b]64bit:[/b] - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:[b]64bit:[/b] - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:[b]64bit:[/b] - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:[b]64bit:[/b] - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:[b]64bit:[/b] - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:[b]64bit:[/b] - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:[b]64bit:[/b] - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:[b]64bit:[/b] - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:[b]64bit:[/b] - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:[b]64bit:[/b] - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:[b]64bit:[/b] - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:[b]64bit:[/b] - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:[b]64bit:[/b] - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:[b]64bit:[/b] - [2009-07-13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009-06-26 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2009-06-20 00:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-06-05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2009-05-06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2009-05-06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009-06-10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009-06-10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009-06-02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys -- (mwlPSDVDisk)
DRV - [2009-06-02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2009-06-02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys -- (mwlPSDNServ)
DRV - [2009-04-06 09:08:04 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2007-02-07 20:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2003-10-10 16:06:26 | 000,062,720 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003-10-10 15:06:24 | 000,052,128 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003-09-06 14:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#e56717"]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://alawar.pl"]http://alawar.pl[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url]
IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://alawar.pl"]http://alawar.pl[/url]
IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010-03-07 00:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-06-19 11:03:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-06-19 11:03:16 | 000,000,000 | ---D | M]

[2010-03-05 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Extensions
[2010-06-20 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions
[2010-05-14 20:48:55 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010-03-05 18:44:19 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010-06-07 14:08:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010-06-07 14:08:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-07 14:08:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-03-30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009-07-02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [diagnostics] C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe (THOMSON Telecom Belgium)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [PLD_FrameworkRun] C:\Windows\SysNative\oem\setEvent.exe File not found
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-06-20 21:47:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-06-20 12:50:02 | 000,362,656 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarterCore.exe
[2010-06-20 12:50:02 | 000,051,360 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Kor.dll
[2010-06-20 12:50:02 | 000,051,360 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Eng.dll
[2010-06-20 12:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN
[2010-06-20 09:34:51 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Local\PMB Files
[2010-06-20 09:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010-06-20 09:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010-06-20 07:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010-06-19 21:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010-06-19 12:33:45 | 003,584,240 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010-06-19 12:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010-06-15 12:23:41 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Roaming\Skunk Studios
[2010-06-15 12:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Explorer - Contraband Mystery
[2010-06-15 12:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flux Family Secrets - The Rabbit Hole Collectors Edition
[2010-06-13 02:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2010-06-12 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Roaming\PlayFirst
[2010-06-11 21:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar
[2010-06-11 08:01:25 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010-06-11 08:01:25 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010-06-11 08:01:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010-06-11 08:01:24 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010-06-11 08:01:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010-06-11 08:01:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010-06-11 08:01:24 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010-06-11 08:01:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010-06-11 08:01:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010-06-11 08:01:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010-06-10 10:05:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010-06-10 10:05:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010-06-10 09:59:31 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010-06-10 09:59:31 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010-06-10 09:59:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010-06-10 09:59:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010-06-09 23:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FireGlow
[2010-06-09 19:21:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010-06-09 19:21:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010-06-07 19:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\The Game Equation
[2010-06-07 14:08:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-06-07 14:08:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-06-07 14:08:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-06-07 14:08:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[color="#e56717"]========== Files - Modified Within 30 Days ==========[/color]

[2010-06-20 21:54:51 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-06-20 21:54:51 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2010-06-20 21:54:51 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-06-20 21:54:51 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2010-06-20 21:54:51 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-06-20 21:50:21 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TemphS3856.html
[2010-06-20 21:50:21 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempTr3856.html
[2010-06-20 21:50:14 | 002,621,440 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT
[2010-06-20 21:49:29 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-20 21:49:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-06-20 21:49:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-20 21:49:15 | 3163,877,376 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-20 21:48:30 | 033,458,680 | -H-- | M] () -- C:\Users\AD\AppData\Local\IconCache.db
[2010-06-20 21:47:17 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempcy3808.html
[2010-06-20 21:47:17 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempCJ3808.html
[2010-06-20 21:39:05 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-20 21:14:53 | 000,000,137 | ---- | M] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.url
[2010-06-20 21:14:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-20 21:14:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-06-20 07:50:43 | 000,001,015 | ---- | M] () -- C:\Users\AD\Desktop\SpeedFan.lnk
[2010-06-20 07:50:42 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010-06-19 23:32:24 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Lost Lagoon The Trail of Destiny.lnk
[2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-06-19 12:32:11 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2010-06-19 11:03:18 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010-06-15 12:22:14 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Play Explorer - Contraband Mystery.lnk
[2010-06-15 12:22:14 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010-06-15 12:09:26 | 000,002,393 | ---- | M] () -- C:\Users\Public\Desktop\Play Flux Family Secrets - The Rabbit Hole Collectors Edition.lnk
[2010-06-12 23:18:55 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Flower Paradise.lnk
[2010-06-12 23:16:52 | 000,002,176 | ---- | M] () -- C:\Users\AD\Desktop\Season Match.lnk
[2010-06-12 23:16:52 | 000,002,076 | ---- | M] () -- C:\Users\AD\Desktop\AllGamesHome.com.lnk
[2010-06-12 21:49:27 | 000,002,190 | ---- | M] () -- C:\Users\AD\Desktop\Rainbow Web 2.lnk
[2010-06-12 21:42:00 | 000,002,246 | ---- | M] () -- C:\Users\AD\Desktop\Herod's Lost Tomb.lnk
[2010-06-11 14:44:30 | 000,339,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-06-09 01:07:17 | 000,002,204 | ---- | M] () -- C:\Users\AD\Desktop\Season Match 2.lnk
[2010-06-07 14:08:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-06-07 14:08:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-06-07 14:08:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-06-07 14:08:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-06-07 13:58:26 | 378,481,703 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-06-01 09:18:09 | 000,524,288 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms
[2010-06-01 09:18:09 | 000,524,288 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms
[2010-06-01 09:18:09 | 000,065,536 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blf
[2010-05-31 15:48:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2010-05-28 02:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010-05-28 02:09:00 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010-05-27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010-05-27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010-05-27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010-05-27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010-06-20 21:50:21 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TemphS3856.html
[2010-06-20 21:50:21 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempTr3856.html
[2010-06-20 21:14:53 | 000,000,137 | ---- | C] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.url
[2010-06-20 21:07:40 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempcy3808.html
[2010-06-20 21:07:40 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempCJ3808.html
[2010-06-20 07:50:43 | 000,001,015 | ---- | C] () -- C:\Users\AD\Desktop\SpeedFan.lnk
[2010-06-20 07:50:42 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010-06-19 23:32:24 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Lost Lagoon The Trail of Destiny.lnk
[2010-06-19 12:32:11 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2010-06-19 11:03:18 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010-06-19 11:03:17 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010-06-15 12:22:14 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Play Explorer - Contraband Mystery.lnk
[2010-06-15 12:22:14 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010-06-15 12:09:26 | 000,002,393 | ---- | C] () -- C:\Users\Public\Desktop\Play Flux Family Secrets - The Rabbit Hole Collectors Edition.lnk
[2010-06-12 23:18:55 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Flower Paradise.lnk
[2010-06-12 23:16:52 | 000,002,176 | ---- | C] () -- C:\Users\AD\Desktop\Season Match.lnk
[2010-06-12 21:49:27 | 000,002,190 | ---- | C] () -- C:\Users\AD\Desktop\Rainbow Web 2.lnk
[2010-06-12 21:49:27 | 000,002,076 | ---- | C] () -- C:\Users\AD\Desktop\AllGamesHome.com.lnk
[2010-06-12 21:42:00 | 000,002,246 | ---- | C] () -- C:\Users\AD\Desktop\Herod's Lost Tomb.lnk
[2010-06-09 01:07:17 | 000,002,204 | ---- | C] () -- C:\Users\AD\Desktop\Season Match 2.lnk
[2010-06-01 09:18:09 | 000,524,288 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms
[2010-06-01 09:18:09 | 000,524,288 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms
[2010-06-01 09:18:09 | 000,065,536 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blf
[2010-05-31 15:48:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2010-05-28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010-05-28 02:09:00 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010-03-26 07:39:38 | 000,000,451 | ---- | C] () -- C:\Windows\wininit.ini
[2010-03-23 16:30:44 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-03-21 13:12:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-03-07 09:34:41 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >

[b]I ostatnie logi[/b]



OTL Extras logfile created on: 2010-06-20 21:59:49 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\AD\Desktop\Pobieranie
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,95 Gb Total Space | 249,16 Gb Free Space | 54,29% Space Free | Partition Type: NTFS
Drive D: | 459,46 Gb Total Space | 421,50 Gb Free Space | 91,74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AD-KOMPUTER
Current User Name: AD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color="#e56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#e56717"]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color="#e56717"]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#e56717"]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color="#e56717"]========== Authorized Applications List ==========[/color]


[color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"NVIDIA Drivers" = NVIDIA Drivers
"SpeedTouch 330" = SpeedTouch 330
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = Archiwizator WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170415-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{0049D352-1D20-4FFB-8EF6-81CFBDF3ADE5}" = Soul of the Ultimate Nation
"{0638268c-b727-4f78-a92b-a4f68176e670}" = Nero 9 Essentials
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3514C22B-C3A9-41C6-A818-FAEF474CA879}_is1" = ALLConverter to iPhone
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85DAE0C8-B3BB-11D8-88E4-0004769F25D1}" = SpellForce - Zakon Świtu
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{92C0EEE0-EA16-4B95-84B6-A060B589081B}" = Disciples II - Bunt Elfów
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer
"{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALLConverter to 3GP_is1" = ALLConverter to 3GP
"ALLConverter to PSP_is1" = ALLConverter to PSP
"ALLPlayer_is1" = ALLPlayer V4.X
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Explorer - Contraband Mystery" = Explorer: Contraband Mystery
"BFG-Flux Family Secrets - The Rabbit Hole Collectors Edition" = Flux Family Secrets: The Rabbit Hole Collector's Edition
"BitTorrent" = BitTorrent
"Company of Heroes" = Company of Heroes
"Flower Paradise" = Flower Paradise (remove only)
"Gadu-Gadu 10" = Gadu-Gadu 10
"Herod's Lost Tomb_is1" = Herod's Lost Tomb
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"ipla" = ipla 2.1.2
"iWinArcade" = iWin Games (remove only)
"Lost Lagoon: The Trail of Destiny" = Lost Lagoon: The Trail of Destiny (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Neverwinter Nights - Kingmaker" = BioWare Premium Module: Neverwinter Nights - Kingmaker
"Neverwinter Nights - ShadowGuard" = BioWare Premium Module: Neverwinter Nights - ShadowGuard
"Neverwinter Nights - Witch's Wake" = BioWare Premium Module: Neverwinter Nights - Witch's Wake
"PowerISO" = PowerISO
"Rainbow Web 2_is1" = Rainbow Web 2
"RealPlayer 12.0" = RealPlayer
"Season Match 2_is1" = Season Match 2
"Season Match_is1" = Season Match
"SpeedFan" = SpeedFan (remove only)
"Spreng- und Abriss-Simulator" = Spreng- und Abriss-Simulator
"SubEdit-Player_is1" = SubEdit-Player
"Web Games Player Plugin" = Web Games Player Plugin
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"Xfire" = Xfire (remove only)
"ZOODomino_is1" = ZOODomino

[color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color="#e56717"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-06-12 09:36:54 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2010-06-13 04:31:11 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2010-06-13 05:54:43 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2010-06-13 14:12:42 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb
Identyfikator
procesu powodującego błąd: 0x1158 Godzina uruchomienia aplikacji powodującej błąd:
0x01cb0b204549107b Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe
Ścieżka
modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu:
41db1e33-7717-11df-9fac-00016c70cb92

Error - 2010-06-13 14:20:48 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb
Identyfikator
procesu powodującego błąd: 0xe94 Godzina uruchomienia aplikacji powodującej błąd:
0x01cb0b25168b1357 Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe
Ścieżka
modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu:
636c9251-7718-11df-9fac-00016c70cb92

Error - 2010-06-13 14:35:08 | Computer Name = AD-Komputer | Source = Application Hang | ID = 1002
Description = Program BF1942.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: f20 Godzina rozpoczęcia: 01cb0b2666e58855 Godzina zakończenia:
92 Ścieżka aplikacji: d:\battlefield 1942\BF1942.exe Identyfikator raportu:

Error - 2010-06-13 14:35:45 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0,
sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb
Identyfikator
procesu powodującego błąd: 0xf30 Godzina uruchomienia aplikacji powodującej błąd:
0x01cb0b272fd760f0 Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe
Ścieżka
modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu:
7a416e0a-771a-11df-9fac-00016c70cb92

Error - 2010-06-14 04:34:05 | Computer Name = AD-Komputer | Source = Google Update | ID = 20
Description =

Error - 2010-06-14 05:15:09 | Computer Name = AD-Komputer | Source = RasClient | ID = 20227
Description =

Error - 2010-06-14 05:15:20 | Computer Name = AD-Komputer | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 2010-04-22 07:39:16 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.

Error - 2010-04-22 07:39:28 | Computer Name = AD-Komputer | Source = BugCheck | ID = 1001
Description =

Error - 2010-04-22 07:39:33 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

Error - 2010-04-22 08:54:39 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.

Error - 2010-04-22 08:54:54 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

Error - 2010-04-22 11:25:14 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.

Error - 2010-04-22 11:25:27 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

Error - 2010-04-22 12:29:11 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.

Error - 2010-04-22 12:29:25 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01

Error - 2010-04-22 14:24:41 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060
Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało
zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania
w celu uzyskania zgodnej wersji sterownika.


< End of report >[/log]
[color="#ff0000"]
//zapamiętaj, logi wstawiamy w tagi [log ] [/log ]
//(bez spacji)
//raaz[/color]

Tomek01
komentarz
komentarz

Zostały resztki.

Do OTL wklej:

[code]:Processes
Explorer.exe

:OTL
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q="
[2010-05-14 20:48:55 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{5e5ab302-7f65-44cd- 8211-c1d4caaccea3}
[2010-03-30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
C:\Users\AD\AppData\Local\TemphS3856.html
C:\Users\AD\AppData\Local\TempTr3856.html
C:\Users\AD\AppData\Local\Tempcy3808.html
C:\Users\AD\AppData\Local\TempCJ3808.html
C:\Users\Public\Desktop\ijji REACTOR.lnk

:Commands
[emptytemp]
[/code]

Załącz log z usuwania.


Teraz powinno być czysto.
Profilaktycznie wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.

Kafar0z0
komentarz
komentarz

[b]Log z usuwania[/b]



[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Prefs.js: "XfireXO Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=" removed from keyword.URL
Folder C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{5e5ab302-7f65-44cd-\ not found.
C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
========== FILES ==========
C:\Users\AD\AppData\Local\TemphS3856.html moved successfully.
C:\Users\AD\AppData\Local\TempTr3856.html moved successfully.
C:\Users\AD\AppData\Local\Tempcy3808.html moved successfully.
C:\Users\AD\AppData\Local\TempCJ3808.html moved successfully.
C:\Users\Public\Desktop\ijji REACTOR.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: AD
->Temp folder emptied: 223595 bytes
->Temporary Internet Files folder emptied: 205766 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36593934 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 593 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ewa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06212010_071531

Files\Folders moved on Reboot...
C:\Users\AD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...[/log]

[b]Raport M.A.M.[/b]


[log]Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010-06-21 08:10:38
mbam-log-2010-06-21 (08-10-38).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowano obiektów: 243870
Upłynęło: 28 minut(y), 54 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)[/log]

Z doktora wyswitliło mi że mam dwa wirusy Tools.PackHack czy cos takiego

[color="#ff0000"]//wstawiam w tagi [Log]
//raaz[/color]

Tomek01
komentarz
komentarz

Czysto.

W OTL użyj opcji Clean Up.

Kafar0z0
komentarz
komentarz

Wielkie dzięki :) Mam nadzieje że to cos pomoże na ten wyłączający sie dźwięk :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.