x-kom hosting

Prośba o sprawdzenie loga z OTL - wirus/spyware/trojan

suetownsend
utworzono
utworzono

Witam serdecznie, to mój pierwszy post tutaj. Mam pewien problem, z którym borykam się już od dawna, ale dopiero teraz znalazłam siły (i czas), żeby się z nim zmierzyć. A szlag trafia mnie już konkretnie...

Otóż posiadam laptopa (hp pavilion dv5 z angielską Vistą). Od początku mam z nim (lub z Vistą) jakieś problemy. Zaczęło się od tego, że nie działała Opera i Firefox. Teraz Firefox działa, ale gdy go uruchamiam, muszę czekać ok. 1 minuty. Znalazłam jakieś info, że może to być spowodowane pozostałością Norton Sercurity. Wyczyściłam więc do końca jakimś Norton Cleanerem, ale sytuacja się nie zmieniła.

Poza tym mam problem z aktualizacją niektórych antywirusów. Praktycznie żaden poza Spybotem oraz Microsoft Security Essentials nie chce się aktualizować (mimo dodania procesów do wyjątku firewalla Windows). Próbowałam w trybie awaryjnym, ale nie mam wtedy Internetu (nawet w trybie z obsługą sieci).

Ponadto komp strasznie muli, długo się włącza, występują przeskoki przy surfowaniu w necie. Tak więc obawiam się, że mam jakieś śmieci w systemie. Jestem raczej zielona jeśli chodzi o te sprawy (powiedzmy, że wiem co nieco). Przeskanowałam system prawie wszystkim, co wpadło mi w ręce (Spybot, Superantispyware, Spyware Terminator, Malwearebytes Antimalware i chyba jeszcze kilkoma - na pewno nie dało rady Spyware Doctorem, gdyż nie zaktualizował bazy). Każdy z nich znalazł kilka śmieci, które usunęłam, ale ciągle jest tak samo.

Aha, jeszcze jedna dość ważna informacja (przynajmniej tak mi się wydaje). Za każdym razem, gdy włączam kompa, przed uruchomieniem Windowsa wyskakuje błąd i mam 2 możliwości, "start Windows normally" i uruchomienie jakiegos rozwiazywania problemow. Gdy wybiore to drugie, w połowie dostaję komunikat, że nie jest w stanie naprawić błędów. Gdy uruchamiam "start Windows normally", wchodzę do systemu.

Przepraszam za przydługi wykład, ale nie wiem, które z tych informacji są ważne. Z komputera od zawsze korzystało kilka osób, więc nie do końca wiem, co się na nim dzieje. Gdyby były potrzebne jeszcze jakieś informacje, proszę dać znać - odpowiem o ile będę umiała :)

[log]OTL Extras logfile created on: 2011-01-08 02:34:28 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\chudzix\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,95 Gb Total Space | 44,74 Gb Free Space | 15,43% Space Free | Partition Type: NTFS
Drive D: | 8,14 Gb Total Space | 1,55 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CHUDZIX-PC | User Name: chudzix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" File not found
https [open] -- "C:\Program Files\Opera\opera.exe" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E12705-AB91-42A8-91B7-3170DD616DD6}" = rport=445 | protocol=6 | dir=out | app=system |
"{64830E5D-3B6B-4E45-AD7E-0CA00C281E6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{70DA0EB6-0B44-439F-9FBD-01599CC9F1AE}" = lport=138 | protocol=17 | dir=in | app=system |
"{AB097C01-9F88-4364-B2B7-BA6444513F83}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BA1AC295-3439-4838-826A-6D55889DF48F}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE1F6FEB-8DEA-4A4B-9A13-541285849C18}" = lport=139 | protocol=6 | dir=in | app=system |
"{D391C8D0-7C13-45E9-BB94-42E46686D102}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3EF6CA8-3506-46C3-B09E-33C269705937}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D50BDDD5-BEC2-4A73-A48A-D3FCC4792F4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{F029166C-4D03-4A08-AA32-361C6049BE75}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0580AEF-31E1-4EBB-BF5D-9FA29835AABE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F073FE79-B79D-42C6-BF2C-91CC51915BD9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005D6AC9-A1B6-4F10-9E83-5918FEF2679F}" = protocol=17 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{09C8F4CF-5AB0-4EC1-95D4-415AC4BAC485}" = protocol=17 | dir=in | app=c:\program files\pc tools security\pctssvc.exe |
"{0F5500CA-6C9C-4F80-8DBE-B4A4C188BEC7}" = protocol=6 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{14B679F6-E03A-4CB7-89BB-169A5FFED2B4}" = protocol=6 | dir=in | app=c:\users\chudzix\appdata\local\temp\7zs6a27.tmp\symnrt.exe |
"{1A8381B9-37C2-4BF8-831D-1530F9209428}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1B0BED20-3E9D-4C82-828B-98C1565B9BAC}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{1CC71376-0985-478A-82DA-10C8AEE0A6B9}" = protocol=6 | dir=in | app=c:\program files\emsisoft anti-malware\a2guard.exe |
"{1DD37FDA-5468-49FB-9947-04EC0B956B5D}" = protocol=17 | dir=in | app=c:\program files\superantispyware\runsas.exe |
"{229BD2B5-8CA9-44E2-B746-0344BF9130E2}" = protocol=6 | dir=in | app=c:\program files\pc tools security\update.exe |
"{2AAF3F76-5486-48CA-8CA1-CCD5BF6181E6}" = protocol=6 | dir=in | app=c:\program files\emsisoft anti-malware\a2start.exe |
"{369B53CD-DC93-459C-A98E-A784C5A90EAB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{3741BBEA-498E-411B-B460-DAA443BB2488}" = protocol=17 | dir=in | app=c:\program files\emsisoft anti-malware\a2guard.exe |
"{37F87317-05B4-4EEB-8F81-21D4B61398B5}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{38BAB2E6-ED7C-4415-B55F-538865D1007A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{3EB420B4-F6B4-4064-B7E0-7A5C0E39DFC4}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{439A446B-D76F-4CE6-BD33-4C19135FB385}" = protocol=6 | dir=in | app=c:\program files\superantispyware\runsas.exe |
"{4DB4D787-35A5-499B-9F68-9398E0DD408B}" = protocol=17 | dir=in | app=c:\program files\pc tools security\update.exe |
"{50F68EE7-7AD8-4F4E-99B4-CAED5BA45C3D}" = protocol=17 | dir=in | app=c:\program files\norton antivirus\engine\18.1.0.33\uistub.exe |
"{537874AF-CEEC-487E-BE28-19F71C6F25B4}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"{5C84596A-62A4-4DFF-8518-4B9F3520CBA4}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{60DBE6CD-C77D-4A22-A5F3-83A949425500}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{6194BD83-ECF2-4007-8F6B-9AA1841F4A3F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{6246DC1D-97CD-47DC-870B-9F47B46E1FE1}" = protocol=17 | dir=in | app=c:\program files\pc tools registry tool\pcttregtool.exe |
"{6E06CC4E-FB5D-4282-8EFF-015D12CBFB39}" = protocol=6 | dir=in | app=c:\program files\pc tools registry tool\pcttregtool.exe |
"{70E15C6F-F34B-48CA-BBBE-11E2763AAC6A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7EBC2A28-FF26-4505-9D8E-D74191809CB2}" = protocol=6 | dir=in | app=c:\program files\pc tools security\pctsgui.exe |
"{80CB5FFC-714D-4D19-99B2-D60AD67C26F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{81B1283B-E9C4-4906-A508-C312E709B230}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{86A88DA5-8C52-409E-A7F2-014402925583}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{877125F1-6B28-4DD4-B069-BE1F4F0A7587}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"{8993622F-DC65-437C-9916-1AA4CD9E0479}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{949BF13A-BFC6-4A31-8F72-1D93480182BC}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{97D70102-0218-4AAF-BB86-4412765E7C7B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{98612FC1-C166-41A4-A1E9-BBE58C41BC87}" = protocol=6 | dir=in | app=c:\program files\pc tools security\upgrade.exe |
"{9AC073CA-8238-42E2-B560-4B68F3AEE3D6}" = protocol=17 | dir=in | app=c:\program files\pc tools security\upgrade.exe |
"{B47A5885-676C-44C3-8EB1-96CF21127E9A}" = protocol=6 | dir=in | app=c:\program files\pc tools security\pctssvc.exe |
"{B52C3FEE-2183-4392-965E-7E210A7C0263}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C37B1E1A-7DD4-477B-A222-F2B045D5F262}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C460AC67-3968-46E7-91FB-2CC238E7C371}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C890562B-F37D-4EA1-8373-B3BF795FA2B3}" = protocol=6 | dir=in | app=c:\program files\norton antivirus\engine\18.1.0.33\uistub.exe |
"{CC97508F-B53F-4C73-BB53-3969E838A48B}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{D5B8026A-AB2C-45AC-96FE-D9BA12CC25D5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{DD1137DA-4AD6-4314-BDE5-DF23B7D35590}" = protocol=17 | dir=in | app=c:\program files\pc tools security\pctsgui.exe |
"{DD32E737-6A85-471A-8CBE-3CA7AA4A43F8}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{FBAFA3F2-E339-43D1-93C4-D50D6EB84279}" = protocol=17 | dir=in | app=c:\program files\emsisoft anti-malware\a2start.exe |
"{FE37112B-DEC0-4372-971B-05DF604A7106}" = protocol=17 | dir=in | app=c:\users\chudzix\appdata\local\temp\7zs6a27.tmp\symnrt.exe |
"{FE62B35E-BCFD-4DA1-88BE-66DC55DCCED2}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"TCP Query User{7F34505D-98DD-4860-9A9E-2A1D06955A4B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{C24C384B-BE00-4874-AEBD-5FDB878BD20C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E492A7A1-23DC-44D2-80FF-855A4E85FA97}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{EB0D99D8-D257-4A47-9A6B-D22D5383C11C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{ECBEA648-1AA5-4C59-9DCC-A5B5B77AD70C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{3FC3181D-68CC-4D85-9300-6DA5CA0F9885}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{453468AD-BE31-4D54-9AB1-CDC1E1196780}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B3E39E49-46D9-4684-8D29-B626BE1142CC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{C72B07D8-A469-46EA-B4F9-0C03BCD88826}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F1B5B63C-FE98-4EC5-A2AF-58BAFE0C71D4}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{005A00DD-F955-CAF8-8DB4-C15C3A1E715F}" = Catalyst Control Center Graphics Previews Vista
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{0446A460-E8E8-4387-9D1F-4BE9C9824F7B}" = Microsoft Antimalware Service PL-PL Language Pack
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A795E81-7E99-4574-923D-8A0AF1F11CA1}" = ScanSoft PaperPort 11
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{150586B4-E85A-4B8B-4C60-CADA9121FA08}" = Catalyst Control Center Graphics Previews Common
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{167F938F-5AD3-40e2-B05D-2B7C6F0FDE48}" = HP Deskjet D1500 Printer Driver 10.0 Rel .3
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{25049BA9-E395-283F-8B6A-F2D78BC96BB5}" = Skins
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{280235E3-D1FB-408A-A1D5-C77BA584FBBA}" = BlService Web Update
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2c557f98-ef74-4a1e-a856-9df2f633b41f}" = Sophos confic-a Cleanup Tool
"{300FB2C5-1328-A7F1-DBB3-925452E7D763}" = Catalyst Control Center Graphics Light
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{58CAA96F-E8EC-539E-6C62-3E5519BCFA52}" = ccc-utility
"{65F878A3-0032-6276-7909-3FE5B451C966}" = Catalyst Control Center Graphics Full New
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client PL-PL Language Pack
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96BC4472-AB51-50BD-93D9-37B5CE88D3A2}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A7D837CD-C485-B501-6033-993FC68335FC}" = CCC Help English
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AE72E414-0935-4AC8-B7D6-12E3039BEC13}" = DigitalPersona Personal 3.0.1
"{AF862EC3-CA8A-EC26-4F05-1FFA5241E520}" = ATI Catalyst Install Manager
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B39B02E2-F711-BE47-E2D3-76F458F14CF6}" = Catalyst Control Center Graphics Full Existing
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D286752E-1AE7-3FA1-1306-E6DC0C4F13BA}" = ccc-core-static
"{DD876490-252F-4EEF-B205-2E8F5A6E523B}" = ProtectSmart Hard Drive Protection
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE250486-0A4C-9689-FDCD-D8C82EDE989E}" = Catalyst Control Center InstallProxy
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Browser Defender_is1" = Browser Defender 3.0
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Cool Record Edit Pro" = Cool Record Edit Pro
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"Lexicon 4.0" = Collins COBUILD on CD-ROM
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP3 Audio Converter_is1" = MP3 Audio Converter 4.50
"MP4 Player" = MP4 Player
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PC Tools File and Registry Tool_is1" = PC Tools Registry Tool
"PE Builder_is1" = PE Builder 3.1.10a
"PLAY ONLINE" = PLAY ONLINE
"RealAlt_is1" = Real Alternative 2.0.1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SopCast" = SopCast 3.2.9
"Spyware Doctor" = Spyware Doctor z modulem Antivirus 8.0
"SubEdit-Player_is1" = SubEdit-Player
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System TL+ - angielsko-polski, prawniczy, wyd.2" = System TL+ - angielsko-polski, prawniczy, wyd.2
"Veetle TV" = Veetle TV 0.9.16
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.4
"Wave 2 Mp3_is1" = Wave 2 Mp3 1.1
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"WinDjView" = WinDjView 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1721191239-3645763191-1225645796-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BankBrowser" = BankBrowser
"KFD" = The New Kosciuszko Foundation Dictionary
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-01-01 11:23:41 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-01-01 23:35:43 | Computer Name = chudzix-PC | Source = EventSystem | ID = 4621
Description =

Error - 2011-01-02 00:07:52 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-01-02 09:41:41 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-01-03 10:36:30 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-01-03 13:31:43 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-01-03 18:17:22 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-01-03 20:10:08 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-01-04 11:06:38 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-01-04 12:15:09 | Computer Name = chudzix-PC | Source = WinMgmt | ID = 10
Description =

[ DigitalPersona Pro Events ]
Error - 2009-02-01 13:02:57 | Computer Name = chudzix-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2009-03-10 06:38:17 | Computer Name = chudzix-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2009-03-11 08:11:26 | Computer Name = chudzix-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2010-08-17 05:00:52 | Computer Name = chudzix-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ System Events ]
Error - 2011-01-06 23:01:54 | Computer Name = chudzix-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2011-01-07 00:17:38 | Computer Name = chudzix-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-01-07 00:32:23 | Computer Name = chudzix-PC | Source = ssidrv | ID = 131098
Description =

Error - 2011-01-07 00:32:40 | Computer Name = chudzix-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2011-01-07 00:33:44 | Computer Name = chudzix-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =

Error - 2011-01-07 02:36:51 | Computer Name = chudzix-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-01-07 02:37:03 | Computer Name = chudzix-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 2011-01-07 02:41:46 | Computer Name = chudzix-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2011-01-07 02:41:46 | Computer Name = chudzix-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2011-01-07 02:52:40 | Computer Name = chudzix-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =


< End of report >
[/log]

[log]OTL logfile created on: 2011-01-08 02:34:28 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\chudzix\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,95 Gb Total Space | 44,74 Gb Free Space | 15,43% Space Free | Partition Type: NTFS
Drive D: | 8,14 Gb Total Space | 1,55 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CHUDZIX-PC | User Name: chudzix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-01-08 02:30:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chudzix\Desktop\OTL.exe
PRC - [2011-01-07 07:50:01 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\35b2a0b1-1cc8-4835-bfae-b6c9f0aed839.com
PRC - [2010-12-07 21:52:37 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010-11-30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010-11-11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010-11-04 17:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-11-02 07:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2010-09-24 12:19:08 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2010-09-24 12:19:06 | 000,235,472 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010-08-17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-05-14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009-06-15 13:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-04-11 07:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-04-11 07:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-04-11 07:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-04-11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-04-11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 07:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-03-31 12:40:44 | 000,700,152 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-12-10 00:03:50 | 000,724,992 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008-12-08 15:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008-11-06 18:23:16 | 000,772,096 | ---- | M] () -- C:\Program Files\MP4 Player\Mp4Player.exe
PRC - [2008-09-02 10:48:12 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008-09-02 10:40:46 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008-08-22 14:32:06 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008-06-19 12:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008-06-19 12:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008-05-14 21:56:58 | 000,116,112 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008-05-14 21:56:54 | 000,292,248 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008-05-14 21:56:38 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008-04-16 19:55:02 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe
PRC - [2008-04-16 19:52:28 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008-04-15 12:40:10 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008-04-11 08:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008-04-03 10:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008-03-26 17:27:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008-03-18 15:24:58 | 000,019,456 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpservice.exe
PRC - [2008-03-14 07:45:10 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008-03-12 18:24:52 | 000,699,456 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2008-03-12 18:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008-02-26 13:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-02-12 06:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe
PRC - [2008-01-25 17:05:30 | 000,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008-01-21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008-01-21 03:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008-01-21 03:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008-01-21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008-01-21 03:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-21 03:23:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
PRC - [2008-01-17 20:31:32 | 000,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008-01-17 20:31:22 | 001,033,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007-11-20 06:44:58 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007-11-01 17:42:38 | 000,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007-10-11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007-09-26 05:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007-01-09 10:25:00 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-01-08 02:30:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chudzix\Desktop\OTL.exe
MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010-07-26 16:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-06-28 18:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-16 17:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-09-24 23:54:55 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2009-07-17 14:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-06-15 15:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-06-15 15:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-04-23 13:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-04-11 07:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-04-11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-04-11 07:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-04-11 07:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2009-04-11 07:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-04-11 07:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-04-11 07:28:24 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-04-11 07:28:24 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009-04-11 07:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-04-11 07:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-04-11 07:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-04-11 07:28:23 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2009-04-11 07:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-04-11 07:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-04-11 07:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-04-11 07:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-04-11 07:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-04-11 07:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-04-11 07:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-04-11 07:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009-04-11 07:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-04-11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-04-11 07:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2009-04-11 07:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-04-11 07:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-04-11 07:27:49 | 001,202,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2009-03-31 12:40:46 | 000,155,384 | ---- | M] () -- C:\Windows\System32\guard32.dll
MOD - [2008-01-21 03:25:29 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-21 03:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-21 03:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008-01-21 03:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-21 03:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-21 03:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2006-11-02 10:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 10:46:04 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltLib.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-11-11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010-09-29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010-09-24 12:19:06 | 000,235,472 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010-08-26 12:39:46 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009-09-25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-09-24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009-03-31 12:40:44 | 000,700,152 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-08-22 14:32:06 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-04-16 19:55:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe -- (STacSV)
SRV - [2008-03-26 17:27:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008-03-12 18:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008-02-12 06:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe -- (AESTFilters)
SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - [2010-10-24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010-10-24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010-10-05 11:10:56 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010-08-27 09:26:40 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010-08-26 12:39:46 | 000,068,880 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010-08-26 12:39:46 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010-08-26 12:39:46 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010-08-18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010-07-16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010-07-16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010-05-10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-11-11 12:48:45 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-03-31 12:40:46 | 000,108,560 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009-03-31 12:40:46 | 000,068,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2009-03-31 12:40:46 | 000,028,688 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008-12-10 01:30:58 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-09-04 17:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008-06-23 10:54:08 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008-06-23 10:54:08 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008-06-23 10:54:08 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008-04-27 15:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008-04-27 10:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-04-16 19:58:24 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008-04-14 23:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008-04-14 20:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-04-01 12:14:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008-03-27 11:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008-03-27 11:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008-03-26 17:28:08 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008-03-17 11:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008-01-21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008-01-21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-21 03:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008-01-21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-21 03:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008-01-21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008-01-21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008-01-17 20:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008-01-07 21:42:04 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
DRV - [2007-07-11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-06-18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006-11-02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2004-09-29 21:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004-06-10 09:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sacm2A.sys -- (USBCM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=83&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://onet.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2010-12-25 02:53:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-07 21:19:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-07 21:19:53 | 000,000,000 | ---D | M]

[2009-08-07 12:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chudzix\AppData\Roaming\Mozilla\Extensions
[2011-01-07 08:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions
[2009-08-07 12:41:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-12-04 16:46:05 | 000,000,000 | ---D | M] (vShare) -- C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\vshare@toolbar
[2010-04-06 20:13:39 | 000,002,425 | ---- | M] () -- C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\searchplugins\askcom.xml
[2010-12-04 16:48:19 | 000,001,583 | ---- | M] () -- C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\searchplugins\web-search.xml
[2010-10-28 20:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-19 19:22:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-07-18 02:27:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-28 20:45:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-08-14 02:12:56 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010-12-25 02:53:49 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2010-09-15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-07 21:19:46 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-12-07 21:19:46 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-12-07 21:19:46 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-12-07 21:19:46 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-12-07 21:19:46 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-12-07 21:19:46 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-01-07 05:33:12 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1721191239-3645763191-1225645796-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0518356f-ceba-11de-b905-00238b13638c}\Shell - "" = AutoRun
O33 - MountPoints2\{0518356f-ceba-11de-b905-00238b13638c}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{1e61641f-8902-11de-b19d-00238b13638c}\Shell - "" = AutoRun
O33 - MountPoints2\{1e61641f-8902-11de-b19d-00238b13638c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1e61643d-8902-11de-b19d-00238b13638c}\Shell - "" = AutoRun
O33 - MountPoints2\{1e61643d-8902-11de-b19d-00238b13638c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e506f7ff-1621-11de-a2fb-002186c8589f}\Shell - "" = AutoRun
O33 - MountPoints2\{e506f7ff-1621-11de-a2fb-002186c8589f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e506f848-1621-11de-a2fb-002186c8589f}\Shell - "" = AutoRun
O33 - MountPoints2\{e506f848-1621-11de-a2fb-002186c8589f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2011-01-08 02:29:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\chudzix\Desktop\OTL.exe
[2011-01-08 01:44:40 | 000,000,000 | ---D | C] -- C:\Users\chudzix\DoctorWeb
[2011-01-07 07:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-01-07 07:59:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-01-07 07:59:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-01-07 07:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-01-07 06:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2011-01-07 05:50:03 | 000,000,000 | ---D | C] -- C:\Users\chudzix\AppData\Roaming\SUPERAntiSpyware.com
[2011-01-07 05:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011-01-07 05:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011-01-07 05:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011-01-07 05:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011-01-07 05:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010-12-30 15:34:43 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\zalane mieszkanie
[2010-12-29 02:39:57 | 000,000,000 | ---D | C] -- C:\Users\chudzix\AppData\Local\Apps
[2010-12-29 02:39:56 | 000,000,000 | ---D | C] -- C:\Users\chudzix\AppData\Local\Deployment
[2010-12-25 05:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010-12-25 05:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010-12-25 05:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-12-25 05:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-12-25 05:08:04 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\chudzix\Desktop\spybotsd162.exe
[2010-12-25 04:37:43 | 000,367,208 | ---- | C] (RegNow.com) -- C:\Users\chudzix\Desktop\Download_7.0.0.538f-sdsetup-regnow201.exe
[2010-12-25 03:16:49 | 000,743,280 | ---- | C] (PC Tools) -- C:\Users\chudzix\Desktop\PCTResetSD.exe
[2010-12-25 02:58:26 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\Downloads
[2010-12-25 02:58:19 | 000,000,000 | ---D | C] -- C:\Users\chudzix\AppData\Roaming\GetRightToGo
[2010-12-25 02:54:47 | 000,068,880 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010-12-25 02:54:47 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010-12-25 02:54:47 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010-12-25 02:53:48 | 001,914,832 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010-12-25 02:53:48 | 000,743,376 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010-12-25 02:53:48 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010-12-25 02:46:04 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010-12-25 02:46:04 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010-12-25 02:46:02 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010-12-25 02:46:02 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010-12-25 02:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2010-12-25 02:45:38 | 000,123,712 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010-12-25 02:45:38 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010-12-25 02:45:38 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010-12-25 02:45:36 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010-12-25 02:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010-12-25 02:35:36 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010-12-25 02:35:36 | 000,159,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010-12-25 02:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools File and Registry Tool
[2010-12-25 02:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Tool
[2010-12-20 01:23:44 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\cwiczenia_maxi_taxi1
[2010-12-20 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\maxitaxicd
[2010-12-16 18:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010-12-14 16:24:49 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\srt
[2010-12-14 16:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SubEdit-Player
[2010-12-14 16:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player
[2010-12-13 15:08:47 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\testy z unitów
[2010-12-01 17:23:14 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\zlodzieje
[2010-11-28 02:25:51 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\lalalal gry
[2010-11-27 03:42:53 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\23 java games 240x320 (2009)
[2010-11-24 16:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-11-24 16:11:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-11-22 19:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-11-18 16:52:01 | 000,000,000 | ---D | C] -- C:\Users\chudzix\AppData\Roaming\dvdcss
[2010-11-17 17:54:34 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\Harold i Kumar II
[2010-11-16 17:52:42 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\Harold i Kumar I
[2010-11-13 23:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010-11-13 23:29:44 | 000,000,000 | ---D | C] -- C:\Users\chudzix\AppData\Roaming\PC Tools
[2010-11-13 23:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-11-13 23:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010-11-05 17:36:41 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\DVD2
[2010-11-05 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\DVD1
[2010-11-03 20:40:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-11-01 13:48:08 | 000,000,000 | ---D | C] -- C:\Users\chudzix\Desktop\pl
[2009-12-22 00:26:14 | 000,015,429 | ---- | C] ( ) -- C:\Windows\System32\drivers\Sacm2A.sys
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2011-01-08 02:40:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-01-08 02:40:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-01-08 02:35:22 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EF30A4CF-31CE-49F4-A991-D9D65CDE903C}.job
[2011-01-08 02:30:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chudzix\Desktop\OTL.exe
[2011-01-07 07:59:12 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-07 07:45:27 | 000,664,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-01-07 07:45:27 | 000,589,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-01-07 07:45:27 | 000,127,892 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-01-07 07:45:27 | 000,102,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-01-07 07:42:02 | 000,000,269 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011-01-07 07:36:07 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2011-01-07 07:34:29 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-01-07 07:29:04 | 000,001,055 | ---- | M] () -- C:\Users\chudzix\Desktop\Spybot - Search & Destroy.lnk
[2011-01-07 06:32:20 | 000,009,342 | ---- | M] () -- C:\Users\chudzix\Desktop\system nhl.ods
[2011-01-07 05:49:52 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-01-07 05:33:12 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2011-01-07 03:09:43 | 000,168,448 | ---- | M] () -- C:\Users\chudzix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-01-03 18:31:26 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForchudzix.job
[2010-12-25 05:36:49 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2010-12-25 05:34:55 | 002,244,934 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010-12-25 05:11:39 | 000,001,079 | ---- | M] () -- C:\Users\chudzix\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-12-25 05:08:39 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\chudzix\Desktop\spybotsd162.exe
[2010-12-25 04:37:59 | 000,367,208 | ---- | M] (RegNow.com) -- C:\Users\chudzix\Desktop\Download_7.0.0.538f-sdsetup-regnow201.exe
[2010-12-25 02:45:51 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-12-25 02:35:33 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-12-18 17:05:31 | 000,001,618 | ---- | M] () -- C:\Users\chudzix\AppData\Roaming\wklnhst.dat
[2010-12-17 18:01:53 | 000,891,727 | ---- | M] () -- C:\Users\chudzix\Desktop\Egzamin Gimnazjalny język angielski ARKUSZ-1.pdf
[2010-12-16 17:55:24 | 000,662,016 | ---- | M] () -- C:\Users\chudzix\Desktop\sukienka.doc
[2010-12-16 16:44:19 | 000,316,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-12-14 16:17:39 | 000,000,919 | ---- | M] () -- C:\Users\chudzix\Desktop\SubEdit-Player.lnk
[2010-12-14 16:17:39 | 000,000,799 | ---- | M] () -- C:\Users\chudzix\Application Data\Microsoft\Internet Explorer\Quick Launch\SubEdit-Player.lnk
[2010-12-13 23:53:31 | 000,044,544 | R--- | M] () -- C:\Users\chudzix\Desktop\konspekt new inter.doc
[2010-12-07 15:03:01 | 000,000,680 | ---- | M] () -- C:\Users\chudzix\AppData\Local\d3d9caps.dat
[2010-11-19 00:13:53 | 000,010,855 | ---- | M] () -- C:\Users\chudzix\Documents\płyta dla izy.odt
[2010-11-15 02:20:57 | 000,010,856 | ---- | M] () -- C:\Users\chudzix\Documents\plytka dla izy.odt
[2010-11-15 02:20:57 | 000,000,106 | -H-- | M] () -- C:\Users\chudzix\Documents\.~lock.plytka dla izy.odt#
[2010-11-14 16:55:19 | 000,022,912 | ---- | M] () -- C:\Users\chudzix\Documents\fifa 11 talenty.odt
[2010-11-03 20:39:45 | 294,923,381 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-10-31 01:22:32 | 730,613,760 | ---- | M] () -- C:\Users\chudzix\Desktop\kac wegas pl.avi
[2010-10-24 11:01:57 | 000,821,168 | ---- | M] () -- C:\Users\chudzix\Documents\KONKURS_j_niemiecki_etap_szkolny.wps
[2010-10-20 15:32:54 | 000,032,110 | ---- | M] () -- C:\Users\chudzix\Desktop\South.Park.S14E03.HDTV.FQM.en.srt
[2010-10-19 14:42:59 | 000,012,600 | ---- | M] () -- C:\Users\chudzix\Documents\business english for patrycja.odt
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-01-07 07:59:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-07 06:32:17 | 000,009,342 | ---- | C] () -- C:\Users\chudzix\Desktop\system nhl.ods
[2011-01-07 05:49:52 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-01-04 23:48:29 | 000,366,248 | ---- | C] () -- C:\Users\chudzix\Desktop\Diablo (240x320).jar
[2010-12-25 05:36:49 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010-12-25 05:11:39 | 000,001,079 | ---- | C] () -- C:\Users\chudzix\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-12-25 05:11:39 | 000,001,055 | ---- | C] () -- C:\Users\chudzix\Desktop\Spybot - Search & Destroy.lnk
[2010-12-25 04:11:03 | 3218,956,288 | -HS- | C] () -- C:\hiberfil.sys
[2010-12-25 02:53:48 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010-12-25 02:53:48 | 000,002,052 | ---- | C] () -- C:\Windows\UDB.zip
[2010-12-25 02:53:48 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010-12-25 02:53:48 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010-12-25 02:53:48 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010-12-25 02:46:06 | 002,244,934 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010-12-25 02:45:51 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-12-25 02:35:33 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk
[2010-12-20 19:12:40 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForchudzix.job
[2010-12-17 18:01:53 | 000,891,727 | ---- | C] () -- C:\Users\chudzix\Desktop\Egzamin Gimnazjalny język angielski ARKUSZ-1.pdf
[2010-12-16 17:55:21 | 000,662,016 | ---- | C] () -- C:\Users\chudzix\Desktop\sukienka.doc
[2010-12-14 17:02:16 | 217,577,257 | ---- | C] () -- C:\Users\chudzix\Desktop\Repetytorium gimnazjalisty część językowa.pdf
[2010-12-14 16:17:39 | 000,000,919 | ---- | C] () -- C:\Users\chudzix\Desktop\SubEdit-Player.lnk
[2010-12-14 16:17:39 | 000,000,799 | ---- | C] () -- C:\Users\chudzix\Application Data\Microsoft\Internet Explorer\Quick Launch\SubEdit-Player.lnk
[2010-12-14 16:08:04 | 000,032,110 | ---- | C] () -- C:\Users\chudzix\Desktop\South.Park.S14E03.HDTV.FQM.en.srt
[2010-12-13 23:55:08 | 000,044,544 | R--- | C] () -- C:\Users\chudzix\Desktop\konspekt new inter.doc
[2010-11-19 00:13:51 | 000,010,855 | ---- | C] () -- C:\Users\chudzix\Documents\płyta dla izy.odt
[2010-11-15 02:20:57 | 000,010,856 | ---- | C] () -- C:\Users\chudzix\Documents\plytka dla izy.odt
[2010-11-15 02:20:57 | 000,000,106 | -H-- | C] () -- C:\Users\chudzix\Documents\.~lock.plytka dla izy.odt#
[2010-11-14 16:35:46 | 000,022,912 | ---- | C] () -- C:\Users\chudzix\Documents\fifa 11 talenty.odt
[2010-11-05 16:09:33 | 730,613,760 | ---- | C] () -- C:\Users\chudzix\Desktop\kac wegas pl.avi
[2010-11-03 20:39:45 | 294,923,381 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-10-24 11:01:56 | 000,821,168 | ---- | C] () -- C:\Users\chudzix\Documents\KONKURS_j_niemiecki_etap_szkolny.wps
[2010-10-19 14:42:58 | 000,012,600 | ---- | C] () -- C:\Users\chudzix\Documents\business english for patrycja.odt
[2010-09-16 23:46:58 | 000,000,036 | -H-- | C] () -- C:\Users\chudzix\AppData\Roaming\swk.ini
[2010-04-23 18:55:30 | 000,000,319 | R--- | C] () -- C:\Windows\game.ini
[2010-03-28 00:05:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010-02-10 18:55:59 | 000,000,069 | R--- | C] () -- C:\Windows\NeroDigital.ini
[2009-12-22 00:26:14 | 000,053,693 | R--- | C] () -- C:\Windows\UNDPX2A.sys
[2009-11-11 12:48:45 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009-11-10 14:12:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-11-05 02:04:12 | 000,001,618 | ---- | C] () -- C:\Users\chudzix\AppData\Roaming\wklnhst.dat
[2009-05-18 11:34:38 | 000,000,363 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009-03-31 12:40:48 | 000,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2009-03-17 01:44:48 | 000,000,000 | ---- | C] () -- C:\Users\chudzix\AppData\Local\FnF4.txt
[2009-02-16 02:56:48 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-02-16 02:56:46 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-02-16 02:56:45 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009-02-16 02:56:43 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-02-05 13:11:35 | 000,000,404 | R--- | C] () -- C:\Windows\BRWMARK.INI
[2009-02-05 13:11:35 | 000,000,027 | R--- | C] () -- C:\Windows\BRPP2KA.INI
[2009-02-05 13:03:21 | 000,031,567 | R--- | C] () -- C:\Windows\maxlink.ini
[2009-02-02 22:06:59 | 000,168,448 | ---- | C] () -- C:\Users\chudzix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-01 00:57:18 | 000,000,680 | ---- | C] () -- C:\Users\chudzix\AppData\Local\d3d9caps.dat
[2009-01-31 23:18:55 | 000,000,000 | ---- | C] () -- C:\Users\chudzix\AppData\Local\QSwitch.txt
[2009-01-31 23:18:55 | 000,000,000 | ---- | C] () -- C:\Users\chudzix\AppData\Local\DSwitch.txt
[2009-01-31 23:18:55 | 000,000,000 | ---- | C] () -- C:\Users\chudzix\AppData\Local\AtStart.txt
[2008-03-28 10:19:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007-11-14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-03-08 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-11-05 16:10:55 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\BESTplayer
[2010-09-16 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\Cool Record Edit Pro
[2009-01-31 23:18:20 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\DigitalPersona
[2010-12-25 04:50:31 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\GetRightToGo
[2009-10-27 01:15:08 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\Leadertech
[2009-03-12 11:22:50 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\OpenOffice.org
[2009-05-04 00:15:04 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\Opera
[2010-09-14 19:56:41 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\ScanSoft
[2009-11-14 23:57:34 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\Sports Interactive
[2009-11-05 02:04:15 | 000,000,000 | ---D | M] -- C:\Users\chudzix\AppData\Roaming\Template
[2011-01-07 07:34:30 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-01-08 02:35:22 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EF30A4CF-31CE-49F4-A991-D9D65CDE903C}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2006-09-18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-04-11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009-07-08 18:48:35 | 000,596,281 | ---- | M] () -- C:\caisslog.txt
[2006-09-18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-01-07 07:36:07 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2010-12-07 21:22:57 | 000,023,684 | ---- | M] () -- C:\lxcg.log
[2009-07-30 14:03:05 | 000,007,588 | ---- | M] () -- C:\mksbasel.cpp.log
[2011-01-07 07:36:06 | 3532,742,656 | -HS- | M] () -- C:\pagefile.sys
[2011-01-07 05:33:12 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2011-01-07 05:33:12 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2010-08-24 15:30:48 | 000,002,360 | ---- | M] () -- C:\{1047367B-EA16-43FB-ADC7-EA860815272B}
[2010-08-25 19:20:18 | 000,002,320 | ---- | M] () -- C:\{15095E62-16D1-4E71-AE30-ED949866A551}
[2010-08-25 19:18:08 | 000,002,768 | ---- | M] () -- C:\{3F3792BA-6828-4AA9-AED6-C7F25C5E4B24}
[2010-08-24 15:29:24 | 000,002,800 | ---- | M] () -- C:\{46CCEC53-0153-45DA-BE57-D117861CA506}
[2010-08-24 15:38:22 | 000,002,696 | ---- | M] () -- C:\{96ACB4BF-68B9-44A4-83AC-0A8A46C2A14D}
[2010-08-25 19:22:41 | 000,003,048 | ---- | M] () -- C:\{D26EDB8E-6397-489E-BEC6-FBD2F279AFF0}


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-21 03:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-21 03:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\BEEP.SYS

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
[2004-08-03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\CDROM.SYS

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2007-01-12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\NDIS.SYS
[2008-01-21 03:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2008-01-21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\winlogon.exe
[2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
[/log]

[color="#FF0000"]//Logi wstawiamy w tagi
//Poprawiam
//Tom01[/color]

Tomek01
komentarz
komentarz

W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
[2010-12-04 16:46:05 | 000,000,000 | ---D | M] (vShare) -- C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\vshare@toolbar
[2010-04-06 20:13:39 | 000,002,425 | ---- | M] () -- C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\searchplugins\askcom.xml
[2010-12-04 16:48:19 | 000,001,583 | ---- | M] () -- C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\searchplugins\web-search.xml
[2010-12-25 02:53:49 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
O33 - MountPoints2\{1e61641f-8902-11de-b19d-00238b13638c}\Shell - "" = AutoRun
O33 - MountPoints2\{1e61641f-8902-11de-b19d-00238b13638c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1e61643d-8902-11de-b19d-00238b13638c}\Shell - "" = AutoRun
O33 - MountPoints2\{1e61643d-8902-11de-b19d-00238b13638c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e506f7ff-1621-11de-a2fb-002186c8589f}\Shell - "" = AutoRun
O33 - MountPoints2\{e506f7ff-1621-11de-a2fb-002186c8589f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e506f848-1621-11de-a2fb-002186c8589f}\Shell - "" = AutoRun
O33 - MountPoints2\{e506f848-1621-11de-a2fb-002186c8589f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84

:Files
C:\Windows\tasks\User_Feed_Synchronization-{EF30A4CF-31CE-49F4-A991-D9D65CDE903C}.job

:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]
Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT



Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i raporty pokaż na forum.

suetownsend
komentarz
komentarz

Dziękuję za zainteresowanie. Wyniknął jednak problem. Wpisałam wszystko tak jak podane, komputer się zresetował, oczywiście standardowo pojawił się "Windows Error Recovery" przed startem systemu. No ale nie wiem, jak wrzucić log z usuwania. Myślałam, że włączę po prostu OTL i jakoś tam znajdę, ale OTL tajemniczo zniknął z pulpitu i z dysku. Co robić w takim wypadku?

Tomek01
komentarz
komentarz

A jaką opcję wcisnąłeś ?

Log z usuwania powinien sam się pojawić po restarcie systemu.

suetownsend
komentarz
komentarz

Ok, ściągnęłam OTL jeszcze raz i przy pierwszym uruchomieniu pojawił się log:

[log] All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Web Search..." removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\vshare@toolbar\modules folder moved successfully.
C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.
C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\vshare@toolbar\locale folder moved successfully.
C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\vshare@toolbar\components folder moved successfully.
C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\extensions\vshare@toolbar folder moved successfully.
C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\searchplugins\askcom.xml moved successfully.
C:\Users\chudzix\AppData\Roaming\Mozilla\Firefox\Profiles\s1b3b43r.default\searchplugins\web-search.xml moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\platform\Linux_x86_64-gcc3\components folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\platform\Linux_x86_64-gcc3 folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\platform\Linux_x86-gcc3\components folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\platform\Linux_x86-gcc3 folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\platform folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\data folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\components folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX\chrome folder moved successfully.
C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e61641f-8902-11de-b19d-00238b13638c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e61641f-8902-11de-b19d-00238b13638c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e61641f-8902-11de-b19d-00238b13638c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e61641f-8902-11de-b19d-00238b13638c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e61643d-8902-11de-b19d-00238b13638c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e61643d-8902-11de-b19d-00238b13638c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e61643d-8902-11de-b19d-00238b13638c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e61643d-8902-11de-b19d-00238b13638c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e506f7ff-1621-11de-a2fb-002186c8589f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e506f7ff-1621-11de-a2fb-002186c8589f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e506f7ff-1621-11de-a2fb-002186c8589f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e506f7ff-1621-11de-a2fb-002186c8589f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e506f848-1621-11de-a2fb-002186c8589f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e506f848-1621-11de-a2fb-002186c8589f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e506f848-1621-11de-a2fb-002186c8589f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e506f848-1621-11de-a2fb-002186c8589f}\ not found.
File F:\AutoRun.exe not found.
ADS C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== FILES ==========
C:\Windows\tasks\User_Feed_Synchronization-{EF30A4CF-31CE-49F4-A991-D9D65CDE903C}.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chudzix
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 405956546 bytes
->Java cache emptied: 261533 bytes
->FireFox cache emptied: 83734255 bytes
->Opera cache emptied: 25160 bytes
->Flash cache emptied: 3016841 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2568273 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 617650 bytes
RecycleBin emptied: 17425132933 bytes

Total Files Cleaned = 17 091,00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01082011_142055

Files\Folders moved on Reboot...
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R36EHLW5\ads[2].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NNCLTCAQ\index[1].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NNCLTCAQ\OTL[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NNCLTCAQ\overWordLayer[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NNCLTCAQ\overWordLayer[2].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NNCLTCAQ\search[2].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JNWK5ESU\ads[2].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JNWK5ESU\google_pl[1].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWF0TZP8\ads[2].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FWF0TZP8\instalkipl[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\32O32M1W\4525[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\32O32M1W\ads[2].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\32O32M1W\index[1].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\32O32M1W\overWordLayer[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\32O32M1W\search[1].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\32O32M1W\search[2].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27FWQ6E4\4493[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27FWQ6E4\4499[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27FWQ6E4\4521[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27FWQ6E4\4522[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27FWQ6E4\ads[2].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27FWQ6E4\overWordLayer[1].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27FWQ6E4\overWordLayer[2].html moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1U2H4ALX\likebox[1].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1U2H4ALX\like[1].htm moved successfully.
C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Users\chudzix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
[/log]

Teraz zabieram się za DrWeb i Malwarebytes. Czy skany przeprowadzać w trybie awaryjnym?

Tomek01
komentarz
komentarz

Nie musisz w awaryjnym.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.