x-kom hosting

Proszę o sprawdzenie logów

annmegmonn
utworzono
utworzono

Witam,
proszę o pomoc która wiąże się z usunięciem wirusów. Otóż laptop nie działa poprawnie, po ściągnięciu gry z torrentów doczepił się trojan. Wykrył go Avast. Niestety trojan bardzo się rozprzestrzenił i spowodował że nie działa już internet. Żadna przeglądarka nie wczytuje, bo pojawia się błąd. Wyczytałam gdzieś na forum, że trzeba przeskanować Malwarebytes anti malware i tak też zrobiłam. Przesyłam w załączniku Logi z laptopa.



[url=http://www.wrzuc.to/3w2hbqg.wt]mbam-log-2011-07-22 (18-45-36).txt[/url]

wirusolog
komentarz
komentarz

Mam nadzieje, że usunąleś to co znalazł MBAM...
Daj log z OTL >>> http://www.forumpc.pl/index.php?showtopic=104338

annmegmonn
komentarz
komentarz (edytowane)

[quote name='wirusolog' timestamp='1311362381' post='1304600']
Mam nadzieje, że usunąleś to co znalazł MBAM...
Daj log z OTL >>> http://www.forumpc.pl/index.php?showtopic=104338
[/quote]

Dla pewności potwierdzam, że usunęłam pliki czy jakkolwiek się to zwie znalezione przez MBAM x)

A oto logi:
[u][b]1) OTL [/b][/u]
<log>
OTL logfile created on: 2011-07-23 03:05:53 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

2,93 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 58,64% Memory free
6,08 Gb Paging File | 4,91 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,96 Gb Total Space | 139,13 Gb Free Space | 62,68% Space Free | Partition Type: NTFS
Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
PRC - [2010-11-05 02:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-10-29 13:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-08-25 18:45:44 | 000,136,216 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2010-08-25 18:45:42 | 000,266,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2010-08-25 18:45:40 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2010-08-25 18:45:36 | 000,171,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2010-08-17 15:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2009-11-18 15:13:18 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2009-11-18 03:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009-11-18 03:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009-11-18 03:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2009-11-17 19:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-05-19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009-04-22 16:25:20 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-22 16:10:23 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-03-03 04:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-02-26 13:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008-10-09 16:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008-09-24 02:21:52 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008-09-15 16:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008-08-02 01:14:02 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-05-29 15:32:32 | 002,685,496 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008-05-02 01:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008-04-17 20:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008-04-17 20:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008-04-15 23:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008-04-11 18:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008-04-03 20:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008-01-21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008-01-21 04:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008-01-21 04:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2008-01-21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2008-01-21 04:24:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-01-21 04:24:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe
PRC - [2008-01-21 04:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008-01-21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2008-01-21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-10-18 01:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007-09-26 16:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006-11-02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
MOD - [2011-06-17 03:25:36 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011-06-17 03:25:36 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011-04-21 17:00:34 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-04-21 16:57:48 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-04-12 16:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2011-01-21 17:46:57 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2011-01-21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-12-20 17:39:14 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-08-31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010-08-17 05:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll
MOD - [2010-06-28 18:15:53 | 001,315,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-16 18:10:45 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-17 16:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-06-15 17:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-04-23 14:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-04-22 16:25:40 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-04-22 16:22:25 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-04-22 16:10:21 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-04-22 16:09:47 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-21 04:24:57 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-21 04:24:46 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2008-01-21 04:24:38 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2008-01-21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008-01-21 04:24:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2008-01-21 04:24:36 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2008-01-21 04:24:27 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2008-01-21 04:24:26 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2008-01-21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-21 04:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2008-01-21 04:24:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2008-01-21 04:24:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2008-01-21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2008-01-21 04:24:14 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2008-01-21 04:24:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2008-01-21 04:24:13 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2008-01-21 04:24:11 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2008-01-21 04:24:10 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008-01-21 04:24:10 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2008-01-21 04:24:06 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2008-01-21 04:23:50 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2008-01-21 04:23:44 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2008-01-21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-21 04:23:42 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2008-01-21 04:23:27 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2010-10-12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
SRV - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-08-13 11:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-08-13 11:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-08-13 11:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-08-13 11:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG)
DRV - [2010-08-09 05:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010-07-29 05:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010-07-29 04:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010-07-29 04:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010-07-23 13:25:13 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-07-23 13:25:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-07-23 11:22:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-13 03:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010-06-27 06:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010-06-27 06:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86)
DRV - [2010-06-13 12:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2008-12-20 09:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-06-29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008-06-10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-06-05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007-10-18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006-11-28 19:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2006-11-28 19:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=91&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - File not found
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51859

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT5V5&o=15793&locale=en_US&apn_uid=BEEE2D2B-7BDC-402F-8DDA-85483E8EC75C&apn_ptnrs=UP&apn_sauid=7499AC06-11E0-4806-9A67-973C65BD3D0A&apn_dtid=&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51859
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-22 14:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011-07-22 14:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-24 22:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-02 20:30:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M]

[2009-09-18 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions
[2011-06-26 12:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions
[2010-09-25 12:49:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-06-26 12:24:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com
[2010-01-15 17:39:06 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com
[2011-05-29 17:05:32 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\toolbar@ask.com
[2011-07-23 02:41:58 | 000,002,559 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\askcom.xml
[2010-04-23 21:08:32 | 000,001,827 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\bing.xml
[2011-06-26 12:23:40 | 000,002,055 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\daemon-search.xml
[2010-08-20 10:53:28 | 000,002,064 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\youtube-video-search.xml
[2011-07-22 14:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-24 23:42:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011-02-17 21:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011-07-22 14:25:38 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011-06-24 22:40:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-02-17 20:59:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-06-02 20:29:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ORAHSSSessionManager] File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [conhost] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe (VSD Software)
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [heueya] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [keioke] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [leameec] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [nwv69b] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [reouk] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant)
O7 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{255188e3-9fd7-11e0-8b62-9b34c9a445bb}\Shell - "" = AutoRun
O33 - MountPoints2\{255188e3-9fd7-11e0-8b62-9b34c9a445bb}\Shell\AutoRun\command - "" = F:\TRTauto.exe
O33 - MountPoints2\{255188f0-9fd7-11e0-8b62-9b34c9a445bb}\Shell - "" = AutoRun
O33 - MountPoints2\{255188f0-9fd7-11e0-8b62-9b34c9a445bb}\Shell\AutoRun\command - "" = G:\TRTauto.exe
O33 - MountPoints2\{353808eb-b1ee-11e0-a237-d563b2da5dbe}\Shell - "" = AutoRun
O33 - MountPoints2\{353808eb-b1ee-11e0-a237-d563b2da5dbe}\Shell\AutoRun\command - "" = H:\TRTauto.exe
O33 - MountPoints2\{7f3cf48a-97d1-11df-b6af-e2c7be346a47}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3cf48a-97d1-11df-b6af-e2c7be346a47}\Shell\AutoRun\command - "" = I:\AUTORUN.EXE
O33 - MountPoints2\{962d83bc-77c5-11df-a1c1-a18cdb995fb4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\zDjiX.Exe
O33 - MountPoints2\{d14ead3b-9645-11df-bc07-8a1bee7c34b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d14ead3b-9645-11df-bc07-8a1bee7c34b3}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{d14ead42-9645-11df-bc07-8a1bee7c34b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d14ead42-9645-11df-bc07-8a1bee7c34b3}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-07-23 03:01:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2011-07-22 15:12:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2011-07-22 15:12:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-22 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-07-22 15:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-07-22 15:11:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-07-22 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-07-22 14:24:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011-07-22 14:23:42 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2011-07-22 14:23:42 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2011-07-22 14:23:42 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2011-07-22 14:23:42 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symtdiv.sys
[2011-07-22 14:23:42 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys
[2011-07-22 14:23:42 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2011-07-22 14:23:42 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025
[2011-07-22 14:23:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011-07-22 14:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011-07-22 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011-07-22 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security 2011 EN + trial reset - peb.pl-ks_93
[2011-07-22 14:14:59 | 000,000,000 | -HSD | C] -- C:\found.000
[2011-07-20 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\Documents\Ankh - The Lost Treasures
[2011-07-20 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic
[2011-07-20 14:21:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Color-Brush
[2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Crown
[2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Crown
[2011-07-20 05:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011-07-18 11:16:04 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011-07-18 11:16:04 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011-07-18 11:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011-07-18 11:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011-07-18 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations
[2011-07-15 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Nancy Drew
[2011-07-15 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011-06-28 21:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011-06-25 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2010-08-25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-07-23 02:45:49 | 000,594,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-07-23 02:45:49 | 000,102,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-07-23 02:41:09 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011-07-23 02:39:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-07-23 02:39:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-23 02:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-07-23 02:38:58 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2011-07-22 15:12:04 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-22 14:25:31 | 002,184,938 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011-07-22 14:24:13 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011-07-22 14:24:13 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011-07-22 14:23:55 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011-07-22 14:07:33 | 000,007,052 | ---- | M] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2011-07-20 19:27:33 | 000,004,946 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\F443.637
[2011-07-20 11:03:55 | 292,026,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-07-20 06:26:54 | 000,000,104 | ---- | M] () -- C:\Users\Anna\Desktop\Recycle Bin.lnk
[2011-07-20 05:00:40 | 000,000,000 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\chrtmp
[2011-07-20 05:00:28 | 000,000,162 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat
[2011-07-13 11:30:04 | 000,316,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-06-29 14:34:04 | 000,000,000 | ---- | M] () -- C:\Windows\Shadow.INI
[2011-06-26 17:08:44 | 000,000,000 | ---- | M] () -- C:\Windows\Game.INI
[2011-06-21 18:56:44 | 000,017,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011-06-21 18:56:42 | 000,026,416 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011-06-01 16:53:42 | 000,012,765 | ---- | M] () -- C:\Users\Anna\Documents\grecja.html
[1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-07-22 15:12:03 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-22 14:24:21 | 002,184,938 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011-07-22 14:24:14 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011-07-22 14:24:14 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011-07-22 14:23:55 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011-07-22 14:23:30 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2011-07-22 14:23:30 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2011-07-22 14:23:30 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNetV.inf
[2011-07-22 14:23:30 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2011-07-22 14:23:30 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2011-07-22 14:23:30 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2011-07-22 14:23:30 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf
[2011-07-22 14:23:19 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\symnetv.cat
[2011-07-22 14:23:19 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2011-07-22 14:23:19 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2011-07-22 14:23:19 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat
[2011-07-22 14:23:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini
[2011-07-20 06:26:54 | 000,000,104 | ---- | C] () -- C:\Users\Anna\Desktop\Recycle Bin.lnk
[2011-07-20 05:00:40 | 000,000,000 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\chrtmp
[2011-07-20 05:00:28 | 000,000,162 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat
[2011-07-20 04:59:52 | 000,004,946 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\F443.637
[2011-07-18 11:15:58 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2011-06-29 14:34:04 | 000,000,000 | ---- | C] () -- C:\Windows\Shadow.INI
[2011-06-26 17:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2011-06-02 20:30:23 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-06-01 16:53:42 | 000,012,765 | ---- | C] () -- C:\Users\Anna\Documents\grecja.html
[2011-02-13 16:53:35 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2010-11-10 23:06:31 | 000,174,683 | ---- | C] () -- C:\Windows\hpoins45.dat
[2010-11-06 15:09:43 | 000,000,000 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\wklnhst.dat
[2010-08-25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010-08-25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010-08-25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010-08-25 17:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010-08-25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010-08-25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010-08-09 21:53:23 | 000,000,187 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010-08-06 22:51:00 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini
[2010-07-24 23:46:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-07-23 13:25:13 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010-07-23 13:25:13 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010-07-22 18:52:11 | 000,314,368 | ---- | C] () -- C:\Windows\KSGDeInstall.exe
[2010-04-24 16:28:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-04-24 16:28:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-04-24 16:28:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010-04-24 16:28:10 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-04-24 16:28:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-04-23 18:13:52 | 000,007,052 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2010-02-05 08:43:26 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat
[2009-12-05 16:35:30 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-12-04 16:37:12 | 000,035,840 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-18 20:42:23 | 000,000,413 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009-09-18 20:42:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009-09-18 14:51:47 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini
[2009-09-17 17:11:34 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009-09-17 17:11:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009-09-17 17:11:31 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009-09-17 17:11:31 | 000,088,064 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009-09-17 17:11:30 | 000,099,092 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009-09-17 17:11:26 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009-06-09 19:23:05 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009-04-22 16:10:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-04-22 16:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-07-06 22:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008-07-06 22:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008-06-29 16:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,316,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,594,344 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,102,418 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-03-09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-07-20 05:57:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\BitTorrent
[2011-05-02 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Casual Mechanics
[2011-07-20 06:27:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Crown
[2010-07-23 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DAEMON Tools Lite
[2011-07-18 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations
[2010-08-09 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DrDietman2
[2009-09-04 16:13:33 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\FloodLightGames
[2011-05-06 22:24:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Friday's games
[2009-12-09 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\funkitron
[2009-09-09 13:23:30 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Gamelab
[2011-07-20 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic
[2009-12-06 15:03:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Imagic403N
[2010-01-30 00:21:55 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\iWin
[2011-04-23 12:56:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Magic3
[2009-12-08 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\muvee Technologies
[2011-07-17 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nitro PDF
[2010-12-02 00:13:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Notepad++
[2009-10-18 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nowe Gadu-Gadu
[2009-11-28 09:08:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenFM
[2009-09-17 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Oxford
[2011-05-05 00:34:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PeerNetworking
[2009-09-16 11:06:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PlayFirst
[2010-02-07 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SBTT
[2009-09-25 03:08:34 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SPORE Creature Creator
[2010-11-06 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Template
[2011-07-20 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\uTorrent
[2011-05-02 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\V-Games
[2011-03-25 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VDownloader
[2010-11-12 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VendelGAMES
[2011-07-22 20:49:11 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008-01-21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-07-23 02:38:58 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-23 02:38:57 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys
[2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2007-05-18 06:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008-01-21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008-01-21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C5AE4E07
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:488F7244

< End of report >
</log>

[b][u]2. Extras[/u][/b]
<log>
OTL Extras logfile created on: 2011-07-23 03:05:53 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

2,93 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 58,64% Memory free
6,08 Gb Paging File | 4,91 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,96 Gb Total Space | 139,13 Gb Free Space | 62,68% Space Free | Partition Type: NTFS
Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{386DCE31-654E-472A-B9E6-101CC3476D72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{388029A1-F8F7-4A0F-93A3-4708E8BACF4E}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F0ABE11-660E-4FAF-89A8-C71269A670B4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4E25237A-0D54-4AB3-B083-2A16D3793EEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E729D74-1BF5-44A1-9BFB-28DEEA3F0626}" = rport=10243 | protocol=6 | dir=out | app=system |
"{67A10C69-BFA5-4E52-9FB0-4EB4A63397C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DE9F1EE-BCD5-4C5E-9885-E7BA858EFAC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7014ACAF-6577-48FA-B2CC-5792141BAC4F}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B014A4D-D52A-4D15-9E52-16BAFB98B516}" = lport=17001 | protocol=17 | dir=in | name=ko.kurnik.pl |
"{9260E63B-2EBD-4ADD-A32C-80708AE1E79F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95831269-91D6-4D70-ACC9-164E6DCF5B85}" = lport=445 | protocol=6 | dir=in | app=system |
"{99A77498-FACD-43D0-BA22-066EC5EF8F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B01A3A09-D112-45CF-AA71-F308D2D7AD4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B512A2D8-367B-4E2F-83C1-2C7D3FCBCC0C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBC78D0F-D7DD-4C93-A79A-231C20AA7529}" = lport=137 | protocol=17 | dir=in | app=system |
"{CBF1E23F-6D33-413A-A525-C04984590FFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{D0EB1410-F9F1-4740-8707-06ECFA574AB1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D686C1F6-B1D2-45AE-B998-3811FBDCD3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F119DCC0-ADC1-42ED-A6F6-97DC88E04FC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6857440-7DA4-45E9-B5D0-E9197CFE449A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9E32DEB-9208-4B4C-812D-2981AFF516EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBA6E6A9-DDBC-40AD-9FA2-3E50B3A92BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0C9D0D83-CABE-447B-A547-0490CEBCCFED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{10656DC8-778B-4CA5-B215-7E2A103BD2AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{10E99A8F-37A5-4B27-A3A1-6337D3602992}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{158ECF4E-52E6-4BD6-9B15-3A1033ED4BF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21513197-96E2-4AC5-BAAF-50373B52FAEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2324828B-ED0F-4BD2-A7C4-B5AD534FDA57}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3851096C-36DD-4835-9499-0C154EBF6AF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{399F70A6-311D-4EEA-8311-85DFADC7F5B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{3D491E2A-5057-4E8F-9D15-DE73E22E8F46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4189FAB8-890B-48FC-B300-28B0D12BF263}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4B4B9515-500C-4C6F-A697-AC72624785E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B87C204-8FF3-470B-B356-4BFE87153F8A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{50956512-86C8-4EFE-900E-33C8DC094593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{58AF6471-CAEC-4822-9EA3-B46A77303DE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{59713904-77D7-4711-83C5-3C43ABE510D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{5BE493D5-F19C-421E-B9C0-2705C81A1AC3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6939465A-FA8B-4737-9DB7-A3429B302E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77F8EFC5-4C8A-41C0-82A5-E81C505121EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CD4006B-374E-4052-B379-C4D7623A4A7F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8077F54E-396B-412A-AF51-D721847374B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86B0D20B-A9F3-4235-B637-E41061920648}" = protocol=6 | dir=out | app=system |
"{8F08D2B7-2116-4F17-BABA-D01B795293F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{99F99351-1809-4D3D-852C-00E13A256640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC1B5872-D4FB-489D-B5BB-59E29145E6B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B8ED8B1D-42E2-41BA-ADF2-0F712F42FF1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8FE4E2F-1FFF-4129-8700-05B35A6E33BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9DEC4E0-7510-42DF-97BE-1252049A8786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CD0BACCB-26E2-458A-8F2C-DC558A827955}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DBA43BB8-8528-4842-8C35-C73A0A286A0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC9B8ABB-C5AA-4F2B-92D8-EA37692D09BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E63A7C88-F35D-4136-8781-EB38E7A9A539}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E6A70BD9-E44D-45B7-B82C-DA8B7B4E52C6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EC72D096-B027-4BFE-98B8-0C24900250D4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EF57BBE4-C5B2-4C59-B33E-D968626128E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F533671D-3BC9-407D-B0C7-416FD18C5156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F628E70F-D14B-4DCE-8C27-F1A918D540F3}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FF8DDCD0-C18D-4888-BCBF-E164FD87EC2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13A47A39-2C01-4604-8494-8AC628C6C582}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{1A7D5A70-4E78-4CE9-9AFF-F20B5F4D744D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{1E0857E6-56F2-47A3-9FFD-0FD1499D8978}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{CD44667E-F363-405E-9B70-058DCAFACBAD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{D59BE3C9-0248-4617-9D29-A720BA51CAAA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{FAB7C0E5-32ED-44BF-9140-7060B5A287CD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{4B48EDDD-2652-4EAC-AA4B-AC40D6D50F9F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{59731E99-DA6F-41D2-9D8E-012D46F542B8}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{699BCB26-36F8-41AA-8CEA-9DB45F707B47}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9E6C223B-D6C5-48B4-9209-9B0967E6C8EA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{A35553BA-AEC4-4FB4-ADBA-FF7AC7EB0F80}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{DC9C02FE-6B40-4A03-B9A5-2B5F82D2CD8C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A50CB27-D2D5-4B7D-A001-30B1782A450B}" = DJ_AIO_06_K209a-z_SW_Min
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3ECDDA-562C-4281-BFE5-A4C8F32EACA3}" = K209a-z
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6051912A-F7B8-445C-A99D-81AA4C118836}" = HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6
"{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live
"{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2
"{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dzieńdobry!" = Dzieńdobry!
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"Larry 7" = Larry 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Organizer ucznia_is1" = Organizer ucznia v1.0
"Oxford Wordpower Genie" = Oxford Wordpower Genie
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"Slownik jezyka polskiego 3t" = Słownik języka polskiego PWN
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Web Player Beta" = Veoh Web Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"WTA-059fb0fd-b8d8-4443-9f2f-1ef716b6ac80" = Nancy Drew - Curse of Blackmoor Manor
"WTA-0861cc54-ec49-4001-a4fd-21f471969c6e" = Natalie Brooks - Mystery at Hillcrest High
"WTA-223e2a26-507b-41a8-86d7-b4cd0657f9cd" = Pizza Chef 2
"WTA-3df06af8-8ee8-476e-ac7c-796aad66da7f" = Nancy Drew Dossier - Lights, Camera, Curses
"WTA-447aeb2b-886f-4f03-9af8-313f57cac62b" = Nancy Drew - The Phantom of Venice
"WTA-5c1baa70-9736-45ba-9a68-594992602e97" = Jewelry Secret: Mystery Stones
"WTA-6c40bcb4-2c92-4b4e-9fd1-467e7a2c02e3" = Lamp of Aladdin
"WTA-716722e1-fc74-4410-a606-bca808f76b7a" = Magic Encyclopedia - Illusions
"WTA-73ab29f6-8c46-4e63-aa14-067b3f991b31" = Ankh - The Lost Treasures
"WTA-74a522d8-4237-4701-8ccd-af6af2b93896" = Farm Craft 2: Global Vegetable Crisis
"WTA-87131e9b-2788-4ade-8202-5139abf9dfa8" = Guardians of Magic: Amanda's Awakening
"WTA-a5b8a596-480d-4d62-a46e-981fd5914522" = Star Crossed Love
"WTA-aeeb9eb2-a7a3-4302-ac80-a4fd79ddb165" = Royal Trouble
"WTA-b33633d7-04bb-4e59-8ce9-a588f228b1cc" = BurgerTime Deluxe
"WTA-c852c0f3-ac6b-4571-9c0b-30b68c6f008d" = Nancy Drew Dossier - Resorting to Danger!
"WTA-cccbacc6-39a0-452e-ab7d-ab7a29f6c532" = Dream Inn: The Driftwood
"WTA-cdf86317-d8b7-4840-b870-81b84a83b9f5" = Text Express 2 Deluxe
"WTA-e1b5858f-56fd-4b45-b57e-a49c8d84ad6d" = Magic Encyclopedia - Moon Light
"WTA-ff4f570d-41eb-4a16-8321-60c84451dbb4" = FunPark Beach Blast

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-07-20 06:55:38 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-20 14:27:39 | Computer Name = komputersiostra | Source = VSS | ID = 8194
Description =

Error - 2011-07-20 14:28:05 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-20 14:28:05 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-21 15:29:52 | Computer Name = komputersiostra | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 744 Start Time: 01cc47d84d850769 Termination Time: 8658

Error - 2011-07-22 06:46:03 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-22 06:46:03 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-22 08:03:17 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-22 08:03:17 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-22 21:01:46 | Computer Name = komputersiostra | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.26.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: ea4 Start Time: 01cc48d1a17b4f45 Termination Time: 31

[ OSession Events ]
Error - 2009-12-11 11:58:54 | Computer Name = komputersiostra | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2709
seconds with 2400 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010-04-09 11:51:38 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026
Description =

Error - 2010-04-09 16:00:18 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.

Error - 2010-04-09 16:12:21 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.

Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 2010-04-10 03:19:26 | Computer Name = komputersiostra | Source = HTTP | ID = 15016
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026
Description =

Error - 2010-04-10 09:27:50 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.


< End of report >
</log>

I dziękuję za zajęcie się tą skomplikowaną sprawą ;)) x)

wirusolog
komentarz
komentarz

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [conhost] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [heueya] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [keioke] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [leameec] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [nwv69b] File not found
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [reouk] File not found
O4 - HKLM..\Run: [ORAHSSSessionManager] File not found
O4 - HKLM..\Run: [] File not found
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C5AE4E07
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:488F7244

:Files
C:\Users\Anna\AppData\Roaming\F443.637
C:\Windows\MEMORY.DMP
C:\Users\Anna\Desktop\Recycle Bin.lnk
C:\Users\Anna\AppData\Roaming\chrtmp
C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat
C:\Program Files\Common Files\WinPcapNmap.exe
C:\Users\Anna\AppData\Roaming\wklnhst.dat
C:\Windows\kit.ini

:Commands
[emptyflash]
[resethosts]
[emptytemp][/code]
Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera.

[b]2.[/b] W aplecie panelu sterowania ([b]Dodaj lub usuń programy[/b]) do deinstalacji śmieć: [b]Ask Toolbar[/b]

[b]3.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover[/url][/b][/color][/u] i wciśnij w nim [size=150][b]Clean[/b][/size]
Pokaż raport z tego narzędzia.

[b]4.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL + raport z usuwania.

Czyli końcowo pokazujesz:
[b][list]
[*]Raport z usuwania OTL (po restarcie),
[*]Raport z czyszczenia Ad-Remover'em,
[*]Nowe logi z OTL.
[/list][/b]

annmegmonn
komentarz
komentarz

[u][b][color="#8B0000"]1. Raport z usuwania OTL (po restarcie)[/color][/b][/u]

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\conhost not found.
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\heueya not found.
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\keioke not found.
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\leameec not found.
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nwv69b not found.
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\reouk not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ORAHSSSessionManager not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Unable to delete ADS C:\ProgramData\Temp:C5AE4E07 .
Unable to delete ADS C:\ProgramData\Temp:488F7244 .
========== FILES ==========
File\Folder C:\Users\Anna\AppData\Roaming\F443.637 not found.
File\Folder C:\Windows\MEMORY.DMP not found.
File\Folder C:\Users\Anna\Desktop\Recycle Bin.lnk not found.
File\Folder C:\Users\Anna\AppData\Roaming\chrtmp not found.
File\Folder C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat not found.
File\Folder C:\Program Files\Common Files\WinPcapNmap.exe not found.
File\Folder C:\Users\Anna\AppData\Roaming\wklnhst.dat not found.
File\Folder C:\Windows\kit.ini not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Anna
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Anna
->Temp folder emptied: 4112624022 bytes
->Temporary Internet Files folder emptied: 80576325 bytes
->Java cache emptied: 1955709 bytes
->FireFox cache emptied: 110818355 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76644107 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4 180,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07232011_122119

Files\Folders moved on Reboot...
C:\Users\Anna\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

[color="#8B0000"][u][b]
2. Raport z czyszczenia ad-removerem
[/b][/u][/color]

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:33:52 on 23/07/2011, Normal boot

Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Anna@KOMPUTERSIOSTRA (Hewlett-Packard HP G60 Notebook PC)

============== ACTION(S) ==============


File deleted: C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\i5ksixjt.default\searchplugins\askcom.xml
Folder deleted: C:\Users\Anna\AppData\LocalLow\AskToolbar
Folder deleted: C:\Users\Anna\AppData\Local\OpenCandy
Folder deleted: C:\Users\Anna\AppData\LocalLow\ShopperReports3
Folder deleted: C:\ProgramData\Trymedia

(!) -- Temporary files deleted.


-- File opened: C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\i5ksixjt.default\Prefs.js --
Line deleted: user_pref("browser.search.defaultengine", "Ask.com");
Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");
Line deleted: user_pref("browser.search.order.1", "Ask.com");
Line deleted: user_pref("browser.search.selectedEngine", "Ask.com");
Line deleted: user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{BBDA0591-3099-...
Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprintin...
-- File closed --


Key deleted: HKLM\Software\Classes\CLSID\{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}
Key deleted: HKLM\Software\Classes\AppID\{3EBC05B0-0F38-4912-ADCC-E37B58372712}
Key deleted: HKLM\Software\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key deleted: HKLM\Software\Classes\AppID\{EE5E2FD6-07B5-41A5-AD55-1D5C26833D4B}
Key deleted: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Key deleted: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Key deleted: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Key deleted: HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Key deleted: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Key deleted: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Key deleted: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Key deleted: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Key deleted: HKLM\Software\Trymedia Systems
Key deleted: HKCU\Software\AppDataLow\Software\Hotbar
Key deleted: HKCU\Software\AppDataLow\Software\ShopperReports3
Key deleted: HKLM\Software\VDownloader\OpenCandy
Key deleted: HKLM\Software\Classes\Installer\Products\875483692A6C6CE429DC6BA206170304
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\875483692A6C6CE429DC6BA206170304
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [5.0 (en-US)] ****

HKLM_MozillaPlugins\@soe.sony.com/installer,version=1.0.3 (x)
HKLM_MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 (x)
HKLM_MozillaPlugins\NitroPDF (x)
Searchplugins\amazondotcom.xml (hxxp://www.amazon.com/exec/obidos/external-search/)
Searchplugins\answers.xml (hxxp://www.answers.com/main/ntquery)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Searchplugins\creativecommons.xml (hxxp://search.creativecommons.org/)
Searchplugins\eBay.xml (hxxp://rover.ebay.com/rover/1/711-47294-18009-3/4)
Searchplugins\wikipedia.xml (hxxp://en.wikipedia.org/wiki/Special:Search)
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension for Firefox )
HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\
HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

-- C:\Users\Anna\AppData\Roaming\Mozilla\FireFox\Profiles\i5ksixjt.default --
Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar)
Searchplugins\youtube-video-search.xml (?)
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

========================================

**** Internet Explorer Version [7.0.6001.18000] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Livebox\SearchURLHook\SearchPageURL.dll) (x)
HKCU_Toolbar\WebBrowser|{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} (x)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) (x)
HKLM_Toolbar|{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} (x)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) (x)
HKCU_ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} - C:\Program Files\WildTangent Games\App\BrowserIntegration\wtapp_ProtocolHandler.exe (WildTangent, Inc.)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Pomocnik rejestracji usługi Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
BHO\{C08DF07A-3E49-4E25-9AB0-D3882835F153} - "QUICKfind BHO Object" (C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 15 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 23/07/2011 12:34:05 (7391 Byte(s))

End at: 12:35:35, 23/07/2011

============== E.O.F ==============


[color="#2F4F4F"][u][b]3. Nowe logi z OTL (wkleiłam ten sam tekst w skrypcie jak podczas operacji "WYKONAJ SKRYPT") i właśnie nie wiem czy dobrze? czy miałam może w skrypcie napisać przypadkiem ten sam tekst, co na samym początku, gdy tworzyłam pierwszy log przy Twoim pierwszym poście? bo jakby coś to zrobię poprawkę..
[/b][/u][/color]
[u][b]LOG OTL [/b][/u]
<log>
OTL logfile created on: 2011-07-23 12:43:18 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

2,93 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,90% Memory free
6,06 Gb Paging File | 4,91 Gb Available in Paging File | 80,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,96 Gb Total Space | 143,03 Gb Free Space | 64,44% Space Free | Partition Type: NTFS
Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
Drive F: | 14,56 Mb Total Space | 10,63 Mb Free Space | 72,96% Space Free | Partition Type: FAT
Drive K: | 1,86 Gb Total Space | 0,96 Gb Free Space | 51,67% Space Free | Partition Type: FAT

Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
PRC - [2010-11-05 02:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-10-29 13:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-08-25 18:45:44 | 000,136,216 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2010-08-25 18:45:42 | 000,266,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2010-08-25 18:45:40 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2010-08-25 18:45:36 | 000,171,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2010-08-17 15:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2009-11-18 15:13:18 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2009-11-18 03:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009-11-18 03:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009-11-18 03:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2009-11-17 19:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2009-07-26 14:44:28 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-05-19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009-04-22 16:25:20 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-22 16:10:23 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-04-22 16:10:23 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
PRC - [2009-04-22 16:10:22 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
PRC - [2009-03-03 04:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-02-26 13:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008-10-09 16:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008-10-09 16:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008-09-24 02:21:52 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008-09-15 16:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008-08-02 01:14:02 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008-06-12 11:38:00 | 000,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-05-29 15:32:32 | 002,685,496 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008-05-02 01:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008-04-17 20:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008-04-17 20:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008-04-15 23:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008-04-11 18:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008-04-03 20:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008-01-21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008-01-21 04:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008-01-21 04:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2008-01-21 04:24:59 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2008-01-21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2008-01-21 04:24:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-01-21 04:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008-01-21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2008-01-21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-10-18 01:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007-09-26 16:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006-11-02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
MOD - [2011-06-17 03:25:36 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011-06-17 03:25:36 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011-04-21 17:00:34 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-04-21 16:57:48 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-04-12 16:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2011-01-21 17:46:57 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2011-01-21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-12-20 17:39:14 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-08-31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010-08-17 05:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll
MOD - [2010-06-28 18:15:53 | 001,315,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-16 18:10:45 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-17 16:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-06-15 17:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-04-23 14:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-04-22 16:25:40 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-04-22 16:22:25 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-04-22 16:10:21 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-04-22 16:09:47 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-21 04:24:57 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-21 04:24:46 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2008-01-21 04:24:38 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2008-01-21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008-01-21 04:24:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2008-01-21 04:24:36 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2008-01-21 04:24:27 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2008-01-21 04:24:26 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2008-01-21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-21 04:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2008-01-21 04:24:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2008-01-21 04:24:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2008-01-21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2008-01-21 04:24:14 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2008-01-21 04:24:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2008-01-21 04:24:13 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2008-01-21 04:24:11 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2008-01-21 04:24:10 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008-01-21 04:24:10 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2008-01-21 04:24:06 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2008-01-21 04:23:50 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2008-01-21 04:23:44 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2008-01-21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-21 04:23:42 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2008-01-21 04:23:27 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2010-10-12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
SRV - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-08-13 11:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-08-13 11:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-08-13 11:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-08-13 11:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG)
DRV - [2010-08-09 05:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010-07-29 05:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010-07-29 04:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010-07-29 04:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010-07-23 13:25:13 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-07-23 13:25:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-07-23 11:22:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-13 03:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010-06-27 06:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010-06-27 06:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86)
DRV - [2010-06-13 12:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2008-12-20 09:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-06-29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008-06-10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-06-05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007-10-18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006-11-28 19:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2006-11-28 19:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - File not found
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51859

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51859
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-22 14:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011-07-22 14:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-24 22:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-02 20:30:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M]

[2009-09-18 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions
[2011-07-23 12:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions
[2010-09-25 12:49:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-06-26 12:24:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com
[2010-01-15 17:39:06 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com
[2010-04-23 21:08:32 | 000,001,827 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\bing.xml
[2011-06-26 12:23:40 | 000,002,055 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\daemon-search.xml
[2010-08-20 10:53:28 | 000,002,064 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\youtube-video-search.xml
[2011-07-22 14:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-24 23:42:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011-02-17 21:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-24 22:40:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-02-17 20:59:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-06-02 20:29:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-07-23 12:21:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe (VSD Software)
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant)
O7 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-02-22 02:02:40 | 000,000,136 | RHS- | M] () - K:\AUTORUN.FCB -- [ FAT ]
O33 - MountPoints2\{255188e3-9fd7-11e0-8b62-9b34c9a445bb}\Shell - "" = AutoRun
O33 - MountPoints2\{255188e3-9fd7-11e0-8b62-9b34c9a445bb}\Shell\AutoRun\command - "" = F:\TRTauto.exe
O33 - MountPoints2\{255188f0-9fd7-11e0-8b62-9b34c9a445bb}\Shell - "" = AutoRun
O33 - MountPoints2\{255188f0-9fd7-11e0-8b62-9b34c9a445bb}\Shell\AutoRun\command - "" = G:\TRTauto.exe
O33 - MountPoints2\{353808eb-b1ee-11e0-a237-d563b2da5dbe}\Shell - "" = AutoRun
O33 - MountPoints2\{353808eb-b1ee-11e0-a237-d563b2da5dbe}\Shell\AutoRun\command - "" = H:\TRTauto.exe
O33 - MountPoints2\{7f3cf48a-97d1-11df-b6af-e2c7be346a47}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3cf48a-97d1-11df-b6af-e2c7be346a47}\Shell\AutoRun\command - "" = I:\AUTORUN.EXE
O33 - MountPoints2\{962d83bc-77c5-11df-a1c1-a18cdb995fb4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\zDjiX.Exe
O33 - MountPoints2\{d14ead3b-9645-11df-bc07-8a1bee7c34b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d14ead3b-9645-11df-bc07-8a1bee7c34b3}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{d14ead42-9645-11df-bc07-8a1bee7c34b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d14ead42-9645-11df-bc07-8a1bee7c34b3}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-07-23 12:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011-07-23 12:30:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-07-23 12:11:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-07-23 03:01:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2011-07-22 15:12:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2011-07-22 15:12:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-22 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-07-22 15:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-07-22 15:11:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-07-22 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-07-22 14:24:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011-07-22 14:23:42 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2011-07-22 14:23:42 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2011-07-22 14:23:42 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2011-07-22 14:23:42 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symtdiv.sys
[2011-07-22 14:23:42 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys
[2011-07-22 14:23:42 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2011-07-22 14:23:42 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025
[2011-07-22 14:23:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011-07-22 14:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011-07-22 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011-07-22 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security 2011 EN + trial reset - peb.pl-ks_93
[2011-07-22 14:14:59 | 000,000,000 | -HSD | C] -- C:\found.000
[2011-07-20 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\Documents\Ankh - The Lost Treasures
[2011-07-20 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic
[2011-07-20 14:21:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Color-Brush
[2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Crown
[2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Crown
[2011-07-20 05:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011-07-18 11:16:04 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011-07-18 11:16:04 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011-07-18 11:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011-07-18 11:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011-07-18 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations
[2011-07-15 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Nancy Drew
[2011-07-15 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011-06-25 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2010-08-25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-07-23 12:39:44 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011-07-23 12:38:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-07-23 12:38:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-23 12:38:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-07-23 12:38:32 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-23 12:33:51 | 000,001,636 | ---- | M] () -- C:\Users\Anna\Desktop\AD-R.lnk
[2011-07-23 12:21:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011-07-23 02:45:49 | 000,594,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-07-23 02:45:49 | 000,102,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-07-23 02:35:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2011-07-22 15:12:04 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-22 14:25:31 | 002,184,938 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011-07-22 14:24:13 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011-07-22 14:24:13 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011-07-22 14:23:55 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011-07-22 14:07:33 | 000,007,052 | ---- | M] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2011-07-13 11:30:04 | 000,316,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-06-29 14:34:04 | 000,000,000 | ---- | M] () -- C:\Windows\Shadow.INI
[2011-06-26 17:08:44 | 000,000,000 | ---- | M] () -- C:\Windows\Game.INI
[2011-06-21 18:56:44 | 000,017,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011-06-21 18:56:42 | 000,026,416 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011-06-01 16:53:42 | 000,012,765 | ---- | M] () -- C:\Users\Anna\Documents\grecja.html
[1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-07-23 12:33:50 | 000,001,636 | ---- | C] () -- C:\Users\Anna\Desktop\AD-R.lnk
[2011-07-22 15:12:03 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-22 14:24:21 | 002,184,938 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011-07-22 14:24:14 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011-07-22 14:24:14 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011-07-22 14:23:55 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011-07-22 14:23:30 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2011-07-22 14:23:30 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2011-07-22 14:23:30 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNetV.inf
[2011-07-22 14:23:30 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2011-07-22 14:23:30 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2011-07-22 14:23:30 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2011-07-22 14:23:30 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf
[2011-07-22 14:23:19 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\symnetv.cat
[2011-07-22 14:23:19 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2011-07-22 14:23:19 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2011-07-22 14:23:19 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat
[2011-07-22 14:23:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini
[2011-07-18 11:15:58 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2011-06-29 14:34:04 | 000,000,000 | ---- | C] () -- C:\Windows\Shadow.INI
[2011-06-26 17:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2011-06-02 20:30:23 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-06-01 16:53:42 | 000,012,765 | ---- | C] () -- C:\Users\Anna\Documents\grecja.html
[2010-11-10 23:06:31 | 000,174,683 | ---- | C] () -- C:\Windows\hpoins45.dat
[2010-08-25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010-08-25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010-08-25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010-08-25 17:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010-08-25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010-08-25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010-08-09 21:53:23 | 000,000,187 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010-07-24 23:46:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-07-23 13:25:13 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010-07-23 13:25:13 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010-07-22 18:52:11 | 000,314,368 | ---- | C] () -- C:\Windows\KSGDeInstall.exe
[2010-04-24 16:28:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-04-24 16:28:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-04-24 16:28:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010-04-24 16:28:10 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-04-24 16:28:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-04-23 18:13:52 | 000,007,052 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2010-02-05 08:43:26 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat
[2009-12-05 16:35:30 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-12-04 16:37:12 | 000,035,840 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-18 20:42:23 | 000,000,413 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009-09-18 20:42:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009-09-18 14:51:47 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini
[2009-09-17 17:11:34 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009-09-17 17:11:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009-09-17 17:11:31 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009-09-17 17:11:31 | 000,088,064 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009-09-17 17:11:30 | 000,099,092 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009-09-17 17:11:26 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009-06-09 19:23:05 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009-04-22 16:10:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-04-22 16:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-07-06 22:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008-07-06 22:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008-06-29 16:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,316,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,594,344 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,102,418 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-03-09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-07-20 05:57:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\BitTorrent
[2011-05-02 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Casual Mechanics
[2011-07-20 06:27:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Crown
[2010-07-23 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DAEMON Tools Lite
[2011-07-18 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations
[2010-08-09 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DrDietman2
[2009-09-04 16:13:33 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\FloodLightGames
[2011-05-06 22:24:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Friday's games
[2009-12-09 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\funkitron
[2009-09-09 13:23:30 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Gamelab
[2011-07-20 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic
[2009-12-06 15:03:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Imagic403N
[2010-01-30 00:21:55 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\iWin
[2011-04-23 12:56:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Magic3
[2009-12-08 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\muvee Technologies
[2011-07-17 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nitro PDF
[2010-12-02 00:13:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Notepad++
[2009-10-18 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nowe Gadu-Gadu
[2009-11-28 09:08:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenFM
[2009-09-17 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Oxford
[2011-05-05 00:34:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PeerNetworking
[2009-09-16 11:06:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PlayFirst
[2010-02-07 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SBTT
[2009-09-25 03:08:34 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SPORE Creature Creator
[2010-11-06 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Template
[2011-07-20 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\uTorrent
[2011-05-02 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\V-Games
[2011-03-25 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VDownloader
[2010-11-12 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VendelGAMES
[2011-07-23 12:37:30 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< :OTL >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [conhost] File not found >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [heueya] File not found >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [keioke] File not found >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [leameec] File not found >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [nwv69b] File not found >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [reouk] File not found >[/color]

[color=#A23BEC]< O4 - HKLM..\Run: [ORAHSSSessionManager] File not found >[/color]

[color=#A23BEC]< O4 - HKLM..\Run: [] File not found >[/color]

[color=#A23BEC]< @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C5AE4E07 >[/color]

[color=#A23BEC]< @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:488F7244 >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< :Files >[/color]

[color=#A23BEC]< C:\Users\Anna\AppData\Roaming\F443.637 >[/color]

[color=#A23BEC]< C:\Windows\MEMORY.DMP >[/color]

[color=#A23BEC]< C:\Users\Anna\Desktop\Recycle Bin.lnk >[/color]

[color=#A23BEC]< C:\Users\Anna\AppData\Roaming\chrtmp >[/color]

[color=#A23BEC]< C:\Users\Anna\AppData\Roaming\5xb4y8f33.bat >[/color]

[color=#A23BEC]< C:\Program Files\Common Files\WinPcapNmap.exe >[/color]

[color=#A23BEC]< C:\Users\Anna\AppData\Roaming\wklnhst.dat >[/color]

[color=#A23BEC]< C:\Windows\kit.ini >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< :Commands >[/color]

[color=#A23BEC]< [emptyflash] >[/color]

[color=#A23BEC]< [resethosts] >[/color]

[color=#A23BEC]< [emptytemp] >[/color]

< End of report >
</log>

[b][u]EXTRAS[/u][/b]
<log>

OTL Extras logfile created on: 2011-07-23 12:43:18 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

2,93 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,90% Memory free
6,06 Gb Paging File | 4,91 Gb Available in Paging File | 80,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,96 Gb Total Space | 143,03 Gb Free Space | 64,44% Space Free | Partition Type: NTFS
Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
Drive F: | 14,56 Mb Total Space | 10,63 Mb Free Space | 72,96% Space Free | Partition Type: FAT
Drive K: | 1,86 Gb Total Space | 0,96 Gb Free Space | 51,67% Space Free | Partition Type: FAT

Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{386DCE31-654E-472A-B9E6-101CC3476D72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{388029A1-F8F7-4A0F-93A3-4708E8BACF4E}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F0ABE11-660E-4FAF-89A8-C71269A670B4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4E25237A-0D54-4AB3-B083-2A16D3793EEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E729D74-1BF5-44A1-9BFB-28DEEA3F0626}" = rport=10243 | protocol=6 | dir=out | app=system |
"{67A10C69-BFA5-4E52-9FB0-4EB4A63397C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DE9F1EE-BCD5-4C5E-9885-E7BA858EFAC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7014ACAF-6577-48FA-B2CC-5792141BAC4F}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B014A4D-D52A-4D15-9E52-16BAFB98B516}" = lport=17001 | protocol=17 | dir=in | name=ko.kurnik.pl |
"{9260E63B-2EBD-4ADD-A32C-80708AE1E79F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95831269-91D6-4D70-ACC9-164E6DCF5B85}" = lport=445 | protocol=6 | dir=in | app=system |
"{99A77498-FACD-43D0-BA22-066EC5EF8F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B01A3A09-D112-45CF-AA71-F308D2D7AD4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B512A2D8-367B-4E2F-83C1-2C7D3FCBCC0C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBC78D0F-D7DD-4C93-A79A-231C20AA7529}" = lport=137 | protocol=17 | dir=in | app=system |
"{CBF1E23F-6D33-413A-A525-C04984590FFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{D0EB1410-F9F1-4740-8707-06ECFA574AB1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D686C1F6-B1D2-45AE-B998-3811FBDCD3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F119DCC0-ADC1-42ED-A6F6-97DC88E04FC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6857440-7DA4-45E9-B5D0-E9197CFE449A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9E32DEB-9208-4B4C-812D-2981AFF516EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBA6E6A9-DDBC-40AD-9FA2-3E50B3A92BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0C9D0D83-CABE-447B-A547-0490CEBCCFED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{10656DC8-778B-4CA5-B215-7E2A103BD2AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{10E99A8F-37A5-4B27-A3A1-6337D3602992}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{158ECF4E-52E6-4BD6-9B15-3A1033ED4BF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21513197-96E2-4AC5-BAAF-50373B52FAEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2324828B-ED0F-4BD2-A7C4-B5AD534FDA57}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3851096C-36DD-4835-9499-0C154EBF6AF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{399F70A6-311D-4EEA-8311-85DFADC7F5B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{3D491E2A-5057-4E8F-9D15-DE73E22E8F46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4189FAB8-890B-48FC-B300-28B0D12BF263}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4B4B9515-500C-4C6F-A697-AC72624785E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B87C204-8FF3-470B-B356-4BFE87153F8A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{50956512-86C8-4EFE-900E-33C8DC094593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{58AF6471-CAEC-4822-9EA3-B46A77303DE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{59713904-77D7-4711-83C5-3C43ABE510D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{5BE493D5-F19C-421E-B9C0-2705C81A1AC3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6939465A-FA8B-4737-9DB7-A3429B302E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77F8EFC5-4C8A-41C0-82A5-E81C505121EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CD4006B-374E-4052-B379-C4D7623A4A7F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8077F54E-396B-412A-AF51-D721847374B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86B0D20B-A9F3-4235-B637-E41061920648}" = protocol=6 | dir=out | app=system |
"{8F08D2B7-2116-4F17-BABA-D01B795293F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{99F99351-1809-4D3D-852C-00E13A256640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC1B5872-D4FB-489D-B5BB-59E29145E6B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B8ED8B1D-42E2-41BA-ADF2-0F712F42FF1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8FE4E2F-1FFF-4129-8700-05B35A6E33BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9DEC4E0-7510-42DF-97BE-1252049A8786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CD0BACCB-26E2-458A-8F2C-DC558A827955}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DBA43BB8-8528-4842-8C35-C73A0A286A0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC9B8ABB-C5AA-4F2B-92D8-EA37692D09BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E63A7C88-F35D-4136-8781-EB38E7A9A539}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E6A70BD9-E44D-45B7-B82C-DA8B7B4E52C6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EC72D096-B027-4BFE-98B8-0C24900250D4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EF57BBE4-C5B2-4C59-B33E-D968626128E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F533671D-3BC9-407D-B0C7-416FD18C5156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F628E70F-D14B-4DCE-8C27-F1A918D540F3}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FF8DDCD0-C18D-4888-BCBF-E164FD87EC2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13A47A39-2C01-4604-8494-8AC628C6C582}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{1A7D5A70-4E78-4CE9-9AFF-F20B5F4D744D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{1E0857E6-56F2-47A3-9FFD-0FD1499D8978}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{CD44667E-F363-405E-9B70-058DCAFACBAD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{D59BE3C9-0248-4617-9D29-A720BA51CAAA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{FAB7C0E5-32ED-44BF-9140-7060B5A287CD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{4B48EDDD-2652-4EAC-AA4B-AC40D6D50F9F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{59731E99-DA6F-41D2-9D8E-012D46F542B8}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{699BCB26-36F8-41AA-8CEA-9DB45F707B47}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9E6C223B-D6C5-48B4-9209-9B0967E6C8EA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{A35553BA-AEC4-4FB4-ADBA-FF7AC7EB0F80}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{DC9C02FE-6B40-4A03-B9A5-2B5F82D2CD8C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A50CB27-D2D5-4B7D-A001-30B1782A450B}" = DJ_AIO_06_K209a-z_SW_Min
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3ECDDA-562C-4281-BFE5-A4C8F32EACA3}" = K209a-z
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6051912A-F7B8-445C-A99D-81AA4C118836}" = HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6
"{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live
"{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2
"{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover par C_XX
"ALLPlayer_is1" = ALLPlayer V4.X
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dzieńdobry!" = Dzieńdobry!
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"Larry 7" = Larry 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Organizer ucznia_is1" = Organizer ucznia v1.0
"Oxford Wordpower Genie" = Oxford Wordpower Genie
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"Slownik jezyka polskiego 3t" = Słownik języka polskiego PWN
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Web Player Beta" = Veoh Web Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"WTA-059fb0fd-b8d8-4443-9f2f-1ef716b6ac80" = Nancy Drew - Curse of Blackmoor Manor
"WTA-0861cc54-ec49-4001-a4fd-21f471969c6e" = Natalie Brooks - Mystery at Hillcrest High
"WTA-223e2a26-507b-41a8-86d7-b4cd0657f9cd" = Pizza Chef 2
"WTA-3df06af8-8ee8-476e-ac7c-796aad66da7f" = Nancy Drew Dossier - Lights, Camera, Curses
"WTA-447aeb2b-886f-4f03-9af8-313f57cac62b" = Nancy Drew - The Phantom of Venice
"WTA-5c1baa70-9736-45ba-9a68-594992602e97" = Jewelry Secret: Mystery Stones
"WTA-6c40bcb4-2c92-4b4e-9fd1-467e7a2c02e3" = Lamp of Aladdin
"WTA-716722e1-fc74-4410-a606-bca808f76b7a" = Magic Encyclopedia - Illusions
"WTA-73ab29f6-8c46-4e63-aa14-067b3f991b31" = Ankh - The Lost Treasures
"WTA-74a522d8-4237-4701-8ccd-af6af2b93896" = Farm Craft 2: Global Vegetable Crisis
"WTA-87131e9b-2788-4ade-8202-5139abf9dfa8" = Guardians of Magic: Amanda's Awakening
"WTA-a5b8a596-480d-4d62-a46e-981fd5914522" = Star Crossed Love
"WTA-aeeb9eb2-a7a3-4302-ac80-a4fd79ddb165" = Royal Trouble
"WTA-b33633d7-04bb-4e59-8ce9-a588f228b1cc" = BurgerTime Deluxe
"WTA-c852c0f3-ac6b-4571-9c0b-30b68c6f008d" = Nancy Drew Dossier - Resorting to Danger!
"WTA-cccbacc6-39a0-452e-ab7d-ab7a29f6c532" = Dream Inn: The Driftwood
"WTA-cdf86317-d8b7-4840-b870-81b84a83b9f5" = Text Express 2 Deluxe
"WTA-e1b5858f-56fd-4b45-b57e-a49c8d84ad6d" = Magic Encyclopedia - Moon Light
"WTA-ff4f570d-41eb-4a16-8321-60c84451dbb4" = FunPark Beach Blast

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-07-21 15:29:52 | Computer Name = komputersiostra | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 744 Start Time: 01cc47d84d850769 Termination Time: 8658

Error - 2011-07-22 06:46:03 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-22 06:46:03 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-22 08:03:17 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-22 08:03:17 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-22 21:01:46 | Computer Name = komputersiostra | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.26.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: ea4 Start Time: 01cc48d1a17b4f45 Termination Time: 31

Error - 2011-07-23 06:29:35 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-23 06:29:35 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-23 06:30:31 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-23 06:30:31 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 2009-12-11 11:58:54 | Computer Name = komputersiostra | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2709
seconds with 2400 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010-04-09 11:51:38 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026
Description =

Error - 2010-04-09 16:00:18 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.

Error - 2010-04-09 16:12:21 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.

Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 2010-04-10 03:19:26 | Computer Name = komputersiostra | Source = HTTP | ID = 15016
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026
Description =

Error - 2010-04-10 09:27:50 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.


< End of report >
</log>

To by było na tyle

wirusolog
komentarz
komentarz

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
[2011-06-26 12:24:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com
[2010-01-15 17:39:06 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - File not found

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
[/code]
Kliknij w [b]Wykonaj Skrypt[/b]. Tym razem restartu nie będzie a pojawi się po chwili notatnik - wklej mi jego zawartość.

annmegmonn
komentarz
komentarz (edytowane)

========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com\chrome\content folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\skin folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\locale\en-US folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\locale folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\defaults\preferences folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\defaults folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com\content folder moved successfully.
C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\searchrecs@veoh.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{08C06D61-F1F3-4799-86F8-BE1A89362C85} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}\ deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ deleted successfully.

OTL by OldTimer - Version 3.2.26.1 log created on 07242011_173803

wirusolog
komentarz
komentarz (edytowane)

Wszystko zostało pomyślnie usunięte.

[hr]

[b]1.[/b] Uruchom OTL i wciśnij [b]Sprzątanie[/b].

[b]2.[/b] Uruchom Ad-Remover i wciśnij przycisk [b]UNINNSTAL[/b].

[b]3.[/b] [list]
[*]System jest dziurawy. Aktualizacja SP do wersji [url=http://www.microsoft.com/downloads/pl-pl/details.aspx?FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d][b][color=blue][u]Windows Vista SP2[/url][/b][/color][/u] + przeglądarka [url=http://windows.microsoft.com/pl-PL/internet-explorer/products/ie/home][b][color=blue][u]Internet Explorer 9[/url][/b][/color][/u].
[*]Starszą Java odmontuj zastępując [url="http://www.oracle.com/technetwork/java/javase/downloads/index.html"][color="#0000FF"][b]Java 6 Update 26 (JRE)[/b][/color][/url]
[*]Starszy Adobe Reader odinstaluj i wstaw najnowszy [url="http://get.adobe.com/reader/"][color="#0000FF"][b]Adobe Reader X (10.1)[/b][/color][/url] (nie zaznaczaj montażu sponsoringu McAfee).
[*]Do aktualizacji wtyczki Adobe: [url="http://get.adobe.com/flashplayer/"][color="#0000FF"][b]Adobe Flash Player 10.3.181.34[/b][/color][/url] + [url="http://get.adobe.com/shockwave/"][color="#0000FF"][b]Adobe Shockwave Player 11.6.0.626[/b][/color][/url].
[*]Kodeki też możesz zaaktualizować.
[*]Aktualizacja liska do wersji [url=http://www.mozilla.com/pl/firefox/][b][color=blue][u]5.01[/url][/b][/color][/u][/list]

[b]4.[/b] Do wyczyszczenia punkty przywracania systemu: [url=http://www.searchengines.pl/Czyszczenie-punktow-przywracania-systemu-t141981.html][b][color="#0000FF"][u]LINK[/url][/b][/color][/u]

[b]5.[/b] Zalecam [b]pełne skanowanie[/b] [url=http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][b][color="#0000FF"][u]MBAM[/url][/b][/color][/u] (po instalacji zaaktualizuj ręczne baze wirusów, usuń to co znajdzie i wklej raport końcowy).

[b]6.[/b] Przeskanuj też cały system za pomocą [url=http://www.hotfix.pl/instrukcja-uzytkowania-dr-web-cureit--a193.htm][b][color=blue][u]Dr.Web CureIt![/url][/b][/color][/u]

annmegmonn
komentarz
komentarz (edytowane)

Zainstalowałam tak jak napisaleś te dodatkowe elementy dla visty (pierwszy link- przebiegło pozytywnie, bez błędów), potem próbowałam zainstalować internet exloprer po czym wyświetlil mi się komunikat, że należy pobrać odpowiednie aktualizacje.. a takowych nie znajadę, bo dostępu do internetu jako tako ciagle nie mam.. próbowałam jeszcze poinstalować adobe readera i flash playera, ale wyskakuje też coś z tymi błędami aktualizacji (podejrzewam, że to po prostu przez brak dostępu do neta.. )

skanowania jak na razie nie próbowałam, nie wiem czy je zrobić w MBAM czy w ogóle nie?

a właśnie, co do java to niby pobrałam to Java 6 update 26 (jre) ale tam potem jest wiele do wyboru z windowsa ja akurat pobrałam windows x86 kernell czy jakoś tak, ale po odpaleniu znowu wyskoczyły błędy

wirusolog
komentarz
komentarz

Nie mam pojęcia, czemu nie posiadasz internetu...
Może pokaż nowe logi z OTL.

annmegmonn
komentarz
komentarz

nie wiem czy Ci to jakoś pomoże, ale gdy próbuję włączyć przegladarke (chociażby mozille) wyskakuje mi coś takiego:

"the proxy server is refusing connection" -> i raczej nie będzie to problem z połączeniem sieci, bo na innym laptopie działa doskonale

Ogólnie to jeszcze nie wiem czy to istotne, ale akurat laptop został kupiony za granicą i polskiego menu nie ma (chociaż nie wiem czy to w ogóle mogloby wpłynąć na wynikające błędy) ale i tak mówię bo nie mam nic do stracenia x)

i podczas bycia na kompie i nicnierobienia przy wlaczonym ,ale wciąż niedziałającym necie wyświetliło mi się jeszcze niedawno, że MBAM zablokował podejrzaną stronę, ale nie zdążyłam przepisać jaką, bo chmurka zniknęła x)

a oto log z OTL:
<log>
OTL logfile created on: 2011-07-25 17:44:42 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

2,93 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,70% Memory free
6,08 Gb Paging File | 4,73 Gb Available in Paging File | 77,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,96 Gb Total Space | 136,08 Gb Free Space | 61,31% Space Free | Partition Type: NTFS
Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-07-25 17:40:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-08-25 18:45:44 | 000,136,216 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2010-08-25 18:45:42 | 000,266,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2010-08-25 18:45:40 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2010-08-25 18:45:36 | 000,171,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2009-11-18 15:13:18 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2009-11-18 03:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009-11-18 03:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009-11-18 03:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2009-11-17 19:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-05-19 09:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009-04-10 23:28:16 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-04-10 23:28:10 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009-04-10 23:28:06 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-04-10 23:28:00 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-04-10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-04-10 23:28:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
PRC - [2009-04-10 23:28:00 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
PRC - [2009-04-10 23:27:50 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009-04-10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-10 23:27:34 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-04-10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009-02-26 13:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008-10-09 16:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008-09-24 02:21:52 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008-09-15 16:13:38 | 000,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008-08-02 01:14:02 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-05-29 15:32:32 | 002,685,496 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008-05-02 01:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008-04-17 20:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008-04-17 20:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008-04-15 23:51:00 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008-04-11 18:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008-04-03 20:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008-01-21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008-01-21 04:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008-01-21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008-01-21 04:23:32 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007-10-18 01:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007-09-26 16:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006-11-02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-07-25 17:40:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
MOD - [2011-06-17 03:25:36 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011-06-17 03:25:36 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011-04-28 18:00:50 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-04-21 18:04:00 | 000,834,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-04-12 18:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010-08-17 05:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll
MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-04-10 23:28:26 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-04-10 23:28:26 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-04-10 23:28:26 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-04-10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-04-10 23:28:26 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-04-10 23:28:26 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-04-10 23:28:26 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2009-04-10 23:28:26 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-04-10 23:28:26 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-04-10 23:28:24 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-04-10 23:28:24 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-04-10 23:28:24 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-04-10 23:28:24 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-04-10 23:28:24 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-04-10 23:28:22 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-04-10 23:28:22 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-04-10 23:28:22 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009-04-10 23:28:20 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-04-10 23:28:20 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-04-10 23:28:20 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2009-04-10 23:28:18 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-04-10 23:28:18 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-04-10 23:27:14 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2008-01-21 04:25:29 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008-01-21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-21 04:24:06 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2008-01-21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2010-10-12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
SRV - [2008-10-06 18:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-08-13 11:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-08-13 11:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-08-13 11:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-08-13 11:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG)
DRV - [2010-08-09 05:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010-07-29 05:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010-07-29 04:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010-07-29 04:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010-07-23 13:25:13 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-07-23 13:25:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-07-23 11:22:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-13 03:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010-06-27 06:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010-06-27 06:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86)
DRV - [2010-06-13 12:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2008-12-20 09:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-06-29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008-06-10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-06-05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007-10-18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006-11-28 19:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2006-11-28 19:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51859

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51859
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-22 14:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011-07-22 14:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-24 22:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-02 20:30:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-10 23:20:05 | 000,000,000 | ---D | M]

[2009-09-18 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions
[2011-07-24 17:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions
[2010-09-25 12:49:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\i5ksixjt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-23 21:08:32 | 000,001,827 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\bing.xml
[2011-06-26 12:23:40 | 000,002,055 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\daemon-search.xml
[2010-08-20 10:53:28 | 000,002,064 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\i5ksixjt.default\searchplugins\youtube-video-search.xml
[2011-07-25 17:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-24 23:42:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011-07-22 14:25:38 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011-06-24 22:40:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-02-17 20:59:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-06-02 20:29:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-07-23 12:21:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe (VSD Software)
O4 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant)
O7 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-07-25 17:43:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2011-07-25 17:24:05 | 000,731,424 | ---- | C] (Solid State Networks) -- C:\Users\Anna\Desktop\install_flashplayer10_mssd_aih.exe
[2011-07-25 16:50:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011-07-25 16:50:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011-07-25 16:50:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011-07-25 16:29:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011-07-25 15:56:03 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011-07-25 15:55:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011-07-25 15:46:51 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011-07-25 15:46:50 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011-07-25 15:46:49 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011-07-25 15:46:49 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011-07-25 15:46:49 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011-07-25 15:46:49 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011-07-25 15:46:49 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011-07-25 15:46:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011-07-25 15:46:48 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011-07-25 15:46:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011-07-25 15:46:48 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011-07-25 15:46:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011-07-25 15:46:44 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011-07-25 15:46:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011-07-25 15:46:44 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011-07-25 15:46:44 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011-07-25 15:46:44 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011-07-25 15:46:44 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2011-07-25 15:46:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011-07-25 15:46:43 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011-07-25 15:46:43 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011-07-25 15:46:43 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011-07-25 15:46:43 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011-07-25 15:46:43 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011-07-25 15:46:43 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011-07-25 15:46:43 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011-07-25 15:46:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011-07-25 15:46:43 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011-07-25 15:46:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011-07-25 15:46:43 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011-07-25 15:46:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011-07-25 15:46:42 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011-07-25 15:46:42 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011-07-25 15:46:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011-07-25 15:46:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011-07-25 15:46:42 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011-07-25 15:46:41 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011-07-25 15:46:41 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011-07-25 15:46:41 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011-07-25 15:46:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011-07-25 15:46:40 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011-07-25 15:46:40 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011-07-25 15:46:40 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011-07-25 15:46:40 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011-07-25 15:46:40 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011-07-25 15:46:40 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011-07-25 15:46:39 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011-07-25 15:46:39 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011-07-25 15:46:39 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011-07-25 15:46:39 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011-07-25 15:46:39 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011-07-25 15:46:39 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011-07-25 15:46:39 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011-07-25 15:46:39 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011-07-25 15:46:39 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011-07-25 15:46:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011-07-25 15:46:39 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011-07-25 15:46:39 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011-07-25 15:46:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011-07-25 15:46:38 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011-07-25 15:46:38 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011-07-25 15:46:38 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011-07-25 15:46:38 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011-07-25 15:46:38 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011-07-25 15:46:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011-07-25 15:46:37 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011-07-25 15:46:37 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011-07-25 15:46:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011-07-25 15:46:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011-07-25 15:46:36 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011-07-25 15:46:36 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011-07-25 15:46:36 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011-07-25 15:46:36 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011-07-25 15:46:36 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011-07-25 15:46:36 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011-07-25 15:46:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011-07-25 15:46:35 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011-07-25 15:46:35 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011-07-25 15:46:35 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011-07-25 15:46:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011-07-25 15:46:34 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011-07-25 15:46:34 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011-07-25 15:46:28 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011-07-25 15:46:15 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011-07-25 15:46:15 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011-07-25 15:46:15 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011-07-25 15:46:15 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011-07-25 15:46:15 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011-07-25 15:46:14 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011-07-25 15:46:14 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011-07-25 15:46:14 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011-07-25 15:46:14 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011-07-25 15:46:14 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011-07-25 15:46:14 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011-07-25 15:46:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011-07-25 15:46:14 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011-07-25 15:46:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011-07-25 15:46:13 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011-07-25 15:46:13 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011-07-25 15:46:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011-07-25 15:46:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011-07-25 15:46:13 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011-07-25 15:46:13 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011-07-25 15:46:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011-07-25 15:46:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011-07-25 15:46:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011-07-25 15:46:11 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011-07-25 15:46:11 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011-07-25 15:46:11 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011-07-25 15:46:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011-07-25 15:46:11 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011-07-25 15:46:11 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011-07-25 15:46:11 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011-07-25 15:46:11 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011-07-25 15:46:11 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011-07-25 15:46:10 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011-07-25 15:46:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011-07-25 15:46:10 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011-07-25 15:46:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011-07-25 15:46:10 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011-07-25 15:46:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011-07-25 15:46:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011-07-25 15:46:09 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011-07-25 15:46:09 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011-07-25 15:46:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011-07-25 15:46:09 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011-07-25 15:46:08 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011-07-25 15:46:08 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011-07-25 15:46:08 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011-07-25 15:46:08 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011-07-25 15:46:08 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011-07-25 15:46:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011-07-25 15:46:08 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011-07-25 15:46:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011-07-25 15:46:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011-07-25 15:46:08 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011-07-25 15:46:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011-07-25 15:46:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011-07-25 15:46:07 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011-07-25 15:46:07 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011-07-25 15:46:07 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011-07-25 15:46:07 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011-07-25 15:46:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011-07-25 15:46:06 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011-07-25 15:46:06 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011-07-25 15:46:06 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011-07-25 15:46:06 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011-07-25 15:46:06 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011-07-25 15:46:06 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011-07-25 15:46:06 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011-07-25 15:46:06 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011-07-25 15:46:06 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011-07-25 15:46:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011-07-25 15:46:06 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011-07-25 15:46:06 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011-07-25 15:46:05 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011-07-25 15:46:05 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011-07-25 15:46:05 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011-07-25 15:46:04 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011-07-25 15:46:03 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011-07-25 15:46:03 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011-07-25 15:46:03 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011-07-25 15:46:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011-07-25 15:46:02 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011-07-25 15:46:01 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011-07-25 15:46:01 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011-07-25 15:46:01 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011-07-25 15:46:01 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011-07-25 15:46:01 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011-07-25 15:46:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011-07-25 15:46:01 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011-07-25 15:46:00 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011-07-25 15:46:00 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011-07-25 15:46:00 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011-07-25 15:45:59 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011-07-25 15:45:59 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011-07-25 15:45:59 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011-07-25 15:45:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011-07-25 15:45:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011-07-25 15:45:59 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011-07-25 15:45:59 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011-07-25 15:45:59 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011-07-25 15:45:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011-07-25 15:45:58 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011-07-25 15:45:58 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011-07-25 15:45:58 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011-07-25 15:45:58 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011-07-25 15:45:58 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011-07-25 15:45:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011-07-25 15:45:58 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011-07-25 15:45:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011-07-25 15:45:58 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011-07-25 15:45:57 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011-07-25 15:45:57 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011-07-25 15:45:57 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011-07-25 15:45:57 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011-07-25 15:45:57 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011-07-25 15:45:57 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011-07-25 15:45:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011-07-25 15:45:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011-07-25 15:45:56 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011-07-25 15:45:56 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011-07-25 15:45:56 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011-07-25 15:45:56 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011-07-25 15:45:56 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011-07-25 15:45:56 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011-07-25 15:45:56 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011-07-25 15:45:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011-07-25 15:45:56 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-07-25 15:45:54 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011-07-25 15:45:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011-07-25 15:45:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011-07-25 15:45:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011-07-25 15:45:52 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011-07-25 15:45:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011-07-25 15:45:52 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011-07-25 15:45:51 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011-07-25 15:45:51 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011-07-25 15:45:51 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011-07-25 15:45:51 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011-07-25 15:45:50 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011-07-25 15:45:50 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011-07-25 15:45:50 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011-07-25 15:45:50 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011-07-25 15:45:50 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011-07-25 15:45:50 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011-07-25 15:45:50 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011-07-25 15:45:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011-07-25 15:45:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011-07-25 15:45:48 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011-07-25 15:45:48 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011-07-25 15:45:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011-07-25 15:45:48 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011-07-25 15:45:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2011-07-25 15:45:47 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011-07-25 15:45:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011-07-25 15:45:47 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011-07-25 15:45:47 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011-07-25 15:45:47 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011-07-25 15:45:47 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011-07-25 15:45:47 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011-07-25 15:45:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-07-25 15:45:47 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011-07-25 15:45:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011-07-25 15:45:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011-07-25 15:45:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011-07-25 15:45:46 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011-07-25 15:45:46 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011-07-25 15:45:46 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011-07-25 15:45:46 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011-07-25 15:45:46 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011-07-25 15:45:46 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011-07-25 15:45:46 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011-07-25 15:45:46 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011-07-25 15:45:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011-07-25 15:45:46 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011-07-25 15:45:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011-07-25 15:45:45 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011-07-25 15:45:45 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011-07-25 15:45:45 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011-07-25 15:45:45 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011-07-25 15:45:45 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011-07-25 15:45:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011-07-25 15:45:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011-07-25 15:45:44 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-07-25 15:45:44 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011-07-25 15:45:44 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011-07-25 15:45:44 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011-07-25 15:45:44 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011-07-25 15:45:43 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011-07-25 15:45:43 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011-07-25 15:45:43 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011-07-25 15:45:43 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011-07-25 15:45:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011-07-25 15:45:42 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011-07-25 15:45:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011-07-25 15:45:41 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011-07-25 15:45:41 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011-07-25 15:45:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011-07-25 15:45:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011-07-25 15:45:40 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011-07-25 15:45:40 | 000,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-07-25 15:45:40 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011-07-25 15:45:40 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011-07-25 15:45:40 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011-07-25 15:45:40 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011-07-25 15:45:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011-07-25 15:45:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011-07-25 15:45:40 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011-07-25 15:45:40 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011-07-25 15:45:39 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011-07-25 15:45:39 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011-07-25 15:45:39 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011-07-25 15:45:39 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011-07-25 15:45:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-07-25 15:45:39 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011-07-25 15:45:38 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011-07-25 15:45:38 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011-07-25 15:45:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011-07-25 15:45:37 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011-07-25 15:45:37 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011-07-25 15:45:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011-07-25 15:45:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011-07-25 15:45:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011-07-25 15:45:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011-07-25 15:45:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011-07-25 15:45:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011-07-25 15:45:36 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011-07-25 15:45:35 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011-07-25 15:45:35 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011-07-25 15:45:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011-07-25 15:45:35 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011-07-25 15:45:35 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011-07-25 15:45:35 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011-07-25 15:45:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011-07-25 15:45:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011-07-25 15:45:35 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011-07-25 15:45:35 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011-07-25 15:45:34 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2011-07-25 15:45:34 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011-07-25 15:45:34 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011-07-25 15:45:34 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011-07-25 15:45:34 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011-07-25 15:45:34 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011-07-25 15:45:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011-07-25 15:45:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011-07-25 15:45:33 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011-07-25 15:45:33 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011-07-25 15:45:33 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011-07-25 15:45:33 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011-07-25 15:45:33 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011-07-25 15:45:33 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011-07-25 15:45:33 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011-07-25 15:45:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011-07-25 15:45:32 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011-07-25 15:45:32 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011-07-25 15:45:32 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011-07-25 15:45:32 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011-07-25 15:45:32 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011-07-25 15:45:32 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011-07-25 15:45:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011-07-25 15:45:31 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011-07-25 15:45:31 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011-07-25 15:45:31 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011-07-25 15:45:31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011-07-25 15:45:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011-07-25 15:45:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011-07-25 15:45:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011-07-25 15:45:30 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011-07-25 15:45:30 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011-07-25 15:45:30 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011-07-25 15:45:30 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011-07-25 15:45:29 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011-07-25 15:45:29 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011-07-25 15:45:29 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011-07-25 15:45:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011-07-25 15:45:28 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011-07-25 15:45:28 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011-07-25 15:45:28 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011-07-25 15:45:28 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011-07-25 15:45:28 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011-07-25 15:45:28 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011-07-25 15:45:28 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011-07-25 15:45:28 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011-07-25 15:45:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011-07-25 15:45:27 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011-07-25 15:45:27 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011-07-25 15:45:27 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011-07-25 15:45:27 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011-07-25 15:45:27 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011-07-25 15:45:26 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011-07-25 15:45:25 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011-07-25 15:45:25 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011-07-25 15:45:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011-07-25 15:45:25 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011-07-25 15:45:24 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011-07-25 15:45:24 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011-07-25 15:45:24 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011-07-25 15:45:24 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011-07-25 15:45:23 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011-07-25 15:45:23 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011-07-25 15:45:23 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011-07-25 15:45:23 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011-07-25 15:45:23 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011-07-25 15:45:23 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011-07-25 15:45:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011-07-25 15:45:22 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011-07-25 15:45:22 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011-07-25 15:45:22 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011-07-25 15:45:22 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011-07-25 15:45:22 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011-07-25 15:45:22 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011-07-25 15:45:22 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011-07-25 15:45:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011-07-25 15:45:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011-07-25 15:45:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011-07-25 15:45:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011-07-25 15:45:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011-07-25 15:45:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011-07-25 15:45:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011-07-25 15:45:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011-07-25 15:45:21 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011-07-25 15:45:21 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011-07-25 15:45:21 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011-07-25 15:45:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011-07-25 15:45:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011-07-25 15:45:21 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011-07-25 15:45:21 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011-07-25 15:45:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011-07-25 15:45:20 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011-07-25 15:45:20 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011-07-25 15:45:20 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011-07-25 15:45:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011-07-25 15:45:20 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011-07-25 15:45:19 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011-07-25 15:45:18 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011-07-25 15:45:18 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011-07-25 15:45:18 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011-07-25 15:45:18 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011-07-25 15:45:18 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011-07-25 15:42:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011-07-25 15:28:10 | 498,580,680 | ---- | C] (Microsoft Corporation) -- C:\Users\Anna\Desktop\Windows6.0-KB948465-X86(2).exe
[2011-07-25 12:42:22 | 001,168,176 | ---- | C] (Microsoft Corporation) -- C:\Users\Anna\Desktop\IE9-WindowsVista-x86-plk.exe
[2011-07-23 12:30:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-07-22 15:12:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2011-07-22 15:12:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-22 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-07-22 15:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-07-22 15:11:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-07-22 15:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-07-22 14:24:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011-07-22 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011-07-22 14:23:42 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2011-07-22 14:23:42 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2011-07-22 14:23:42 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2011-07-22 14:23:42 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symtdiv.sys
[2011-07-22 14:23:42 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys
[2011-07-22 14:23:42 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2011-07-22 14:23:42 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011-07-22 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025
[2011-07-22 14:23:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011-07-22 14:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011-07-22 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011-07-22 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security 2011 EN + trial reset - peb.pl-ks_93
[2011-07-22 14:14:59 | 000,000,000 | -HSD | C] -- C:\found.000
[2011-07-20 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\Documents\Ankh - The Lost Treasures
[2011-07-20 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic
[2011-07-20 14:21:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Color-Brush
[2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Crown
[2011-07-20 06:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Crown
[2011-07-20 05:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011-07-18 11:16:04 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011-07-18 11:16:04 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011-07-18 11:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011-07-18 11:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011-07-18 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations
[2011-07-15 19:37:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Nancy Drew
[2011-07-15 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011-07-14 15:52:58 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-07-14 15:52:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011-07-13 01:07:27 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011-06-25 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011-06-23 22:15:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011-06-23 22:15:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011-06-23 22:15:50 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011-06-23 22:15:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011-06-23 22:15:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011-06-23 22:15:49 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011-06-23 22:15:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011-06-23 22:15:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011-06-23 22:15:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011-06-23 22:15:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011-06-23 22:15:48 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011-06-23 22:15:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011-06-23 22:15:41 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011-06-23 22:15:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011-06-23 22:15:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011-06-23 22:15:23 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011-06-23 22:15:22 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011-06-23 22:15:22 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011-06-23 22:15:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011-06-23 22:15:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011-06-23 22:15:19 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011-06-23 22:15:18 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011-06-23 22:15:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011-06-23 22:15:17 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011-06-23 22:15:16 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011-06-23 22:15:16 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011-06-23 22:15:16 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011-06-23 22:15:16 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011-06-23 22:15:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011-06-23 22:15:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011-06-23 22:15:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011-06-23 22:15:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011-06-23 22:15:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011-06-23 22:15:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011-06-23 22:15:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011-06-23 22:15:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011-06-23 22:15:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011-06-23 22:15:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011-06-23 22:15:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011-06-23 22:15:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011-06-23 22:15:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011-06-23 22:15:03 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011-06-23 22:15:02 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011-06-23 22:15:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011-06-23 22:15:00 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011-06-23 22:14:59 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011-06-23 22:14:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011-06-23 22:14:56 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011-06-23 22:14:54 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011-06-23 22:14:53 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011-06-23 22:14:53 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011-06-23 22:14:51 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011-06-23 22:14:51 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011-06-23 22:14:46 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011-06-23 22:14:45 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011-06-23 22:14:45 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011-06-23 22:14:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011-06-23 22:14:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011-06-23 22:14:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011-06-23 22:14:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011-06-23 22:14:40 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011-06-23 22:14:39 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011-06-23 22:14:37 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011-06-23 22:14:37 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011-06-23 22:14:34 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011-06-23 22:14:33 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011-06-23 22:14:33 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011-06-23 22:14:33 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011-06-23 22:14:32 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011-06-23 22:14:32 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011-06-23 22:14:15 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011-06-23 22:14:14 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011-06-23 22:14:14 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011-06-23 22:14:13 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011-06-23 22:14:12 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011-06-23 22:14:10 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011-06-23 22:14:08 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011-06-23 22:14:06 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011-06-16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-06-16 20:16:22 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-06-16 20:16:22 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-06-16 20:16:22 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-06-16 20:16:21 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011-06-16 20:16:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010-08-25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-07-25 17:40:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2011-07-25 17:25:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-07-25 17:25:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-07-25 17:20:50 | 000,731,424 | ---- | M] (Solid State Networks) -- C:\Users\Anna\Desktop\install_flashplayer10_mssd_aih.exe
[2011-07-25 17:07:55 | 000,000,134 | ---- | M] () -- C:\Users\Anna\Desktop\Rozwiązywanie problemów z programem Internet Explorer.url
[2011-07-25 17:04:30 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011-07-25 17:03:49 | 000,000,903 | ---- | M] () -- C:\Users\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-07-25 17:02:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-07-25 17:02:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-25 17:01:56 | 002,185,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011-07-25 16:57:00 | 000,316,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-07-25 16:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-07-25 16:55:51 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-25 13:55:16 | 498,580,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Anna\Desktop\Windows6.0-KB948465-X86(2).exe
[2011-07-25 12:59:16 | 000,000,104 | ---- | M] () -- C:\Users\Anna\Desktop\Recycle Bin - Shortcut.lnk
[2011-07-25 12:18:22 | 072,436,296 | ---- | M] () -- C:\Users\Anna\Desktop\launch.exe
[2011-07-25 11:51:02 | 001,168,176 | ---- | M] (Microsoft Corporation) -- C:\Users\Anna\Desktop\IE9-WindowsVista-x86-plk.exe
[2011-07-23 12:21:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011-07-22 15:12:04 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-22 14:24:13 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011-07-22 14:24:13 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011-07-22 14:24:13 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011-07-22 14:23:55 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011-07-22 14:07:33 | 000,007,052 | ---- | M] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-06-29 14:34:04 | 000,000,000 | ---- | M] () -- C:\Windows\Shadow.INI
[2011-06-26 17:08:44 | 000,000,000 | ---- | M] () -- C:\Windows\Game.INI
[2011-06-21 18:56:44 | 000,017,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011-06-21 18:56:42 | 000,026,416 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011-06-02 15:34:49 | 002,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011-06-01 16:53:42 | 000,012,765 | ---- | M] () -- C:\Users\Anna\Documents\grecja.html
[1 C:\Users\Anna\Desktop\*.tmp files -> C:\Users\Anna\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-07-25 17:07:55 | 000,000,134 | ---- | C] () -- C:\Users\Anna\Desktop\Rozwiązywanie problemów z programem Internet Explorer.url
[2011-07-25 15:46:40 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011-07-25 15:46:38 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011-07-25 15:46:15 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011-07-25 15:46:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011-07-25 15:46:11 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011-07-25 15:45:34 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011-07-25 15:45:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-07-25 15:45:22 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011-07-25 15:45:22 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011-07-25 15:45:20 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011-07-25 12:59:16 | 000,000,104 | ---- | C] () -- C:\Users\Anna\Desktop\Recycle Bin - Shortcut.lnk
[2011-07-25 12:40:22 | 072,436,296 | ---- | C] () -- C:\Users\Anna\Desktop\launch.exe
[2011-07-22 15:12:03 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-22 14:24:21 | 002,185,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011-07-22 14:24:14 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011-07-22 14:24:14 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011-07-22 14:23:55 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011-07-22 14:23:30 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2011-07-22 14:23:30 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2011-07-22 14:23:30 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNetV.inf
[2011-07-22 14:23:30 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2011-07-22 14:23:30 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2011-07-22 14:23:30 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2011-07-22 14:23:30 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf
[2011-07-22 14:23:19 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\symnetv.cat
[2011-07-22 14:23:19 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2011-07-22 14:23:19 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2011-07-22 14:23:19 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2011-07-22 14:23:19 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat
[2011-07-22 14:23:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini
[2011-07-18 11:15:58 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2011-06-29 14:34:04 | 000,000,000 | ---- | C] () -- C:\Windows\Shadow.INI
[2011-06-26 17:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2011-06-02 20:30:23 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-06-01 16:53:42 | 000,012,765 | ---- | C] () -- C:\Users\Anna\Documents\grecja.html
[2010-11-10 23:06:31 | 000,174,683 | ---- | C] () -- C:\Windows\hpoins45.dat
[2010-08-25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010-08-25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010-08-25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010-08-25 17:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010-08-25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010-08-25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010-08-09 21:53:23 | 000,000,187 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010-07-24 23:46:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-07-23 13:25:13 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010-07-23 13:25:13 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010-07-22 18:52:11 | 000,314,368 | ---- | C] () -- C:\Windows\KSGDeInstall.exe
[2010-04-24 16:28:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-04-24 16:28:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-04-24 16:28:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010-04-24 16:28:10 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-04-24 16:28:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-04-23 18:13:52 | 000,007,052 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat
[2010-02-05 08:43:26 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat
[2009-12-05 16:35:30 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-12-04 16:37:12 | 000,035,840 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-18 20:42:23 | 000,000,413 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009-09-18 20:42:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009-09-18 14:51:47 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini
[2009-09-17 17:11:34 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009-09-17 17:11:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009-09-17 17:11:31 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009-09-17 17:11:31 | 000,088,064 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009-09-17 17:11:30 | 000,099,092 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009-09-17 17:11:26 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009-06-09 19:23:05 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009-04-22 16:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-07-06 22:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008-07-06 22:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008-06-29 16:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,316,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-03-09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-07-20 05:57:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\BitTorrent
[2011-05-02 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Casual Mechanics
[2011-07-20 06:27:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Crown
[2010-07-23 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DAEMON Tools Lite
[2011-07-18 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations
[2010-08-09 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DrDietman2
[2009-09-04 16:13:33 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\FloodLightGames
[2011-05-06 22:24:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Friday's games
[2009-12-09 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\funkitron
[2009-09-09 13:23:30 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Gamelab
[2011-07-20 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\GuardiansOfMagic
[2009-12-06 15:03:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Imagic403N
[2010-01-30 00:21:55 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\iWin
[2011-04-23 12:56:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Magic3
[2009-12-08 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\muvee Technologies
[2011-07-17 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nitro PDF
[2010-12-02 00:13:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Notepad++
[2009-10-18 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Nowe Gadu-Gadu
[2009-11-28 09:08:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenFM
[2009-09-17 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Oxford
[2011-05-05 00:34:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PeerNetworking
[2009-09-16 11:06:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PlayFirst
[2010-02-07 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SBTT
[2009-09-25 03:08:34 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SPORE Creature Creator
[2010-11-06 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Template
[2011-07-20 05:57:07 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\uTorrent
[2011-05-02 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\V-Games
[2011-03-25 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VDownloader
[2010-11-12 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\VendelGAMES
[2011-07-25 16:54:28 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-04-10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-07-25 16:55:51 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-25 16:55:50 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009-04-22 16:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-21 04:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2007-05-18 06:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2009-04-10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008-01-21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >
</log>

[b][u]EXTRAS[/u][/b]

<log>
OTL Extras logfile created on: 2011-07-25 17:44:42 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

2,93 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,70% Memory free
6,08 Gb Paging File | 4,73 Gb Available in Paging File | 77,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,96 Gb Total Space | 136,08 Gb Free Space | 61,31% Space Free | Partition Type: NTFS
Drive D: | 10,92 Gb Total Space | 1,82 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Computer Name: KOMPUTERSIOSTRA | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{386DCE31-654E-472A-B9E6-101CC3476D72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{388029A1-F8F7-4A0F-93A3-4708E8BACF4E}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F0ABE11-660E-4FAF-89A8-C71269A670B4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4E25237A-0D54-4AB3-B083-2A16D3793EEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E729D74-1BF5-44A1-9BFB-28DEEA3F0626}" = rport=10243 | protocol=6 | dir=out | app=system |
"{67A10C69-BFA5-4E52-9FB0-4EB4A63397C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DE9F1EE-BCD5-4C5E-9885-E7BA858EFAC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7014ACAF-6577-48FA-B2CC-5792141BAC4F}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B014A4D-D52A-4D15-9E52-16BAFB98B516}" = lport=17001 | protocol=17 | dir=in | name=ko.kurnik.pl |
"{9260E63B-2EBD-4ADD-A32C-80708AE1E79F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95831269-91D6-4D70-ACC9-164E6DCF5B85}" = lport=445 | protocol=6 | dir=in | app=system |
"{99A77498-FACD-43D0-BA22-066EC5EF8F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B01A3A09-D112-45CF-AA71-F308D2D7AD4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B512A2D8-367B-4E2F-83C1-2C7D3FCBCC0C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBC78D0F-D7DD-4C93-A79A-231C20AA7529}" = lport=137 | protocol=17 | dir=in | app=system |
"{CBF1E23F-6D33-413A-A525-C04984590FFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{D0EB1410-F9F1-4740-8707-06ECFA574AB1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D686C1F6-B1D2-45AE-B998-3811FBDCD3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F119DCC0-ADC1-42ED-A6F6-97DC88E04FC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6857440-7DA4-45E9-B5D0-E9197CFE449A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9E32DEB-9208-4B4C-812D-2981AFF516EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBA6E6A9-DDBC-40AD-9FA2-3E50B3A92BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0C9D0D83-CABE-447B-A547-0490CEBCCFED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{10656DC8-778B-4CA5-B215-7E2A103BD2AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{10E99A8F-37A5-4B27-A3A1-6337D3602992}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{158ECF4E-52E6-4BD6-9B15-3A1033ED4BF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21513197-96E2-4AC5-BAAF-50373B52FAEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2324828B-ED0F-4BD2-A7C4-B5AD534FDA57}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3851096C-36DD-4835-9499-0C154EBF6AF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{399F70A6-311D-4EEA-8311-85DFADC7F5B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{3D491E2A-5057-4E8F-9D15-DE73E22E8F46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4189FAB8-890B-48FC-B300-28B0D12BF263}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4B4B9515-500C-4C6F-A697-AC72624785E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B87C204-8FF3-470B-B356-4BFE87153F8A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{50956512-86C8-4EFE-900E-33C8DC094593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{58AF6471-CAEC-4822-9EA3-B46A77303DE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{59713904-77D7-4711-83C5-3C43ABE510D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{5BE493D5-F19C-421E-B9C0-2705C81A1AC3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6939465A-FA8B-4737-9DB7-A3429B302E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77F8EFC5-4C8A-41C0-82A5-E81C505121EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CD4006B-374E-4052-B379-C4D7623A4A7F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8077F54E-396B-412A-AF51-D721847374B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86B0D20B-A9F3-4235-B637-E41061920648}" = protocol=6 | dir=out | app=system |
"{8F08D2B7-2116-4F17-BABA-D01B795293F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{99F99351-1809-4D3D-852C-00E13A256640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC1B5872-D4FB-489D-B5BB-59E29145E6B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B8ED8B1D-42E2-41BA-ADF2-0F712F42FF1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8FE4E2F-1FFF-4129-8700-05B35A6E33BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9DEC4E0-7510-42DF-97BE-1252049A8786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CD0BACCB-26E2-458A-8F2C-DC558A827955}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DBA43BB8-8528-4842-8C35-C73A0A286A0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC9B8ABB-C5AA-4F2B-92D8-EA37692D09BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E63A7C88-F35D-4136-8781-EB38E7A9A539}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E6A70BD9-E44D-45B7-B82C-DA8B7B4E52C6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EC72D096-B027-4BFE-98B8-0C24900250D4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EF57BBE4-C5B2-4C59-B33E-D968626128E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F533671D-3BC9-407D-B0C7-416FD18C5156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F628E70F-D14B-4DCE-8C27-F1A918D540F3}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FF8DDCD0-C18D-4888-BCBF-E164FD87EC2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13A47A39-2C01-4604-8494-8AC628C6C582}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{1A7D5A70-4E78-4CE9-9AFF-F20B5F4D744D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{1E0857E6-56F2-47A3-9FFD-0FD1499D8978}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{CD44667E-F363-405E-9B70-058DCAFACBAD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{D59BE3C9-0248-4617-9D29-A720BA51CAAA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{FAB7C0E5-32ED-44BF-9140-7060B5A287CD}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{4B48EDDD-2652-4EAC-AA4B-AC40D6D50F9F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{59731E99-DA6F-41D2-9D8E-012D46F542B8}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{699BCB26-36F8-41AA-8CEA-9DB45F707B47}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9E6C223B-D6C5-48B4-9209-9B0967E6C8EA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{A35553BA-AEC4-4FB4-ADBA-FF7AC7EB0F80}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{DC9C02FE-6B40-4A03-B9A5-2B5F82D2CD8C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A50CB27-D2D5-4B7D-A001-30B1782A450B}" = DJ_AIO_06_K209a-z_SW_Min
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3ECDDA-562C-4281-BFE5-A4C8F32EACA3}" = K209a-z
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6051912A-F7B8-445C-A99D-81AA4C118836}" = HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6
"{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live
"{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2
"{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"ALLPlayer_is1" = ALLPlayer V4.X
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dzieńdobry!" = Dzieńdobry!
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"Larry 7" = Larry 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Organizer ucznia_is1" = Organizer ucznia v1.0
"Oxford Wordpower Genie" = Oxford Wordpower Genie
"Shop for HP Supplies" = Shop for HP Supplies
"Slownik jezyka polskiego 3t" = Słownik języka polskiego PWN
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Web Player Beta" = Veoh Web Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"WTA-059fb0fd-b8d8-4443-9f2f-1ef716b6ac80" = Nancy Drew - Curse of Blackmoor Manor
"WTA-0861cc54-ec49-4001-a4fd-21f471969c6e" = Natalie Brooks - Mystery at Hillcrest High
"WTA-223e2a26-507b-41a8-86d7-b4cd0657f9cd" = Pizza Chef 2
"WTA-3df06af8-8ee8-476e-ac7c-796aad66da7f" = Nancy Drew Dossier - Lights, Camera, Curses
"WTA-447aeb2b-886f-4f03-9af8-313f57cac62b" = Nancy Drew - The Phantom of Venice
"WTA-5c1baa70-9736-45ba-9a68-594992602e97" = Jewelry Secret: Mystery Stones
"WTA-6c40bcb4-2c92-4b4e-9fd1-467e7a2c02e3" = Lamp of Aladdin
"WTA-716722e1-fc74-4410-a606-bca808f76b7a" = Magic Encyclopedia - Illusions
"WTA-73ab29f6-8c46-4e63-aa14-067b3f991b31" = Ankh - The Lost Treasures
"WTA-74a522d8-4237-4701-8ccd-af6af2b93896" = Farm Craft 2: Global Vegetable Crisis
"WTA-87131e9b-2788-4ade-8202-5139abf9dfa8" = Guardians of Magic: Amanda's Awakening
"WTA-a5b8a596-480d-4d62-a46e-981fd5914522" = Star Crossed Love
"WTA-aeeb9eb2-a7a3-4302-ac80-a4fd79ddb165" = Royal Trouble
"WTA-b33633d7-04bb-4e59-8ce9-a588f228b1cc" = BurgerTime Deluxe
"WTA-c852c0f3-ac6b-4571-9c0b-30b68c6f008d" = Nancy Drew Dossier - Resorting to Danger!
"WTA-cccbacc6-39a0-452e-ab7d-ab7a29f6c532" = Dream Inn: The Driftwood
"WTA-cdf86317-d8b7-4840-b870-81b84a83b9f5" = Text Express 2 Deluxe
"WTA-e1b5858f-56fd-4b45-b57e-a49c8d84ad6d" = Magic Encyclopedia - Moon Light
"WTA-ff4f570d-41eb-4a16-8321-60c84451dbb4" = FunPark Beach Blast

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-07-25 09:44:50 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-25 09:44:50 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-25 11:13:07 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-25 11:13:07 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-25 11:13:48 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-25 11:13:48 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-25 11:15:51 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-25 11:15:51 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

Error - 2011-07-25 11:16:18 | Computer Name = komputersiostra | Source = SPP | ID = 16387
Description =

Error - 2011-07-25 11:16:18 | Computer Name = komputersiostra | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 2009-12-11 11:58:54 | Computer Name = komputersiostra | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2709
seconds with 2400 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010-04-09 11:51:38 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026
Description =

Error - 2010-04-09 16:00:18 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.

Error - 2010-04-09 16:12:21 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.

Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 2010-04-10 03:19:12 | Computer Name = komputersiostra | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 2010-04-10 03:19:26 | Computer Name = komputersiostra | Source = HTTP | ID = 15016
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-10 03:20:09 | Computer Name = komputersiostra | Source = Service Control Manager | ID = 7026
Description =

Error - 2010-04-10 09:27:50 | Computer Name = komputersiostra | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C68E4392-A60A-4116-A1F1-8E85293A2A3B}
because another computer on the network has the same name. The server could not
start.


< End of report >
</log>

wirusolog
komentarz
komentarz (edytowane)

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51859
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51859

:Commands
[Reboot]
[/code]
Klik w [b]Wykonaj Skryot[/b]. OTL poprosi Cię o restart komputera - zgódź się i po restarcie pojawi się notatnik - wklej mi go.
Zobacz czy internet działa.

[b]2.[/b] Poproszę o wykaz z [url=http://www.hotfix.pl/instrukcja-obslugi-tdsskiller-a341.htm][b][color=blue][u]TDSSKiller'a[/url][/b][/color][/u].

annmegmonn
komentarz
komentarz

Po restarcie kompa wyszły mi jakieś syfy na komputrze - jakieś pliki z kompa nawet niektóre dokumenty zapisane w powerpoincie czy coś.. ale w sumie one pojawiły się przy wcześnieszym wykonywaniu skryptu.. po czym w czasie sprzątania znikły

notatki nie pokazał mi się wcale, ale poszperałam i znalazłam log na dysku c, oto i on:

<log>
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
HKU\S-1-5-21-516021690-3537927130-1024571334-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-516021690-3537927130-1024571334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 51859 removed from network.proxy.http_port
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 07252011_181947
</log>
[color="#FF8C00"][u][b]
TU SPRÓBOWAŁAM WEJSĆ NA NETA I NIE OGĘ UWIERZYĆ, ALE SIĘ UDAŁO Xd[/b][/u][/color]

no i teraz wykaz:

2011/07/25 18:26:31.0326 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2011/07/25 18:26:31.0326 ================================================================================
2011/07/25 18:26:31.0326 SystemInfo:
2011/07/25 18:26:31.0326
2011/07/25 18:26:31.0326 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/25 18:26:31.0326 Product type: Workstation
2011/07/25 18:26:31.0326 ComputerName: KOMPUTERSIOSTRA
2011/07/25 18:26:31.0326 UserName: Anna
2011/07/25 18:26:31.0326 Windows directory: C:\Windows
2011/07/25 18:26:31.0326 System windows directory: C:\Windows
2011/07/25 18:26:31.0326 Processor architecture: Intel x86
2011/07/25 18:26:31.0326 Number of processors: 2
2011/07/25 18:26:31.0326 Page size: 0x1000
2011/07/25 18:26:31.0326 Boot type: Normal boot
2011/07/25 18:26:31.0326 ================================================================================
2011/07/25 18:26:32.0901 Initialize success
2011/07/25 18:26:48.0501 ================================================================================
2011/07/25 18:26:48.0501 Scan started
2011/07/25 18:26:48.0501 Mode: Manual;
2011/07/25 18:26:48.0501 ================================================================================
2011/07/25 18:26:49.0983 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/25 18:26:50.0295 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/25 18:26:50.0904 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/25 18:26:51.0075 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/25 18:26:51.0216 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/25 18:26:51.0434 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/25 18:26:51.0637 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/25 18:26:51.0777 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/25 18:26:51.0902 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2011/07/25 18:26:52.0058 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/25 18:26:52.0214 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2011/07/25 18:26:52.0401 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/25 18:26:52.0526 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/25 18:26:52.0666 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/25 18:26:52.0807 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/25 18:26:52.0947 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/25 18:26:53.0072 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/25 18:26:53.0228 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
2011/07/25 18:26:53.0400 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/25 18:26:53.0602 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/25 18:26:53.0821 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
2011/07/25 18:26:53.0992 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/25 18:26:54.0195 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/25 18:26:54.0367 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/25 18:26:54.0523 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/25 18:26:54.0944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/25 18:26:55.0178 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/25 18:26:55.0381 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/25 18:26:55.0521 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/25 18:26:55.0677 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/25 18:26:55.0802 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/25 18:26:56.0130 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/25 18:26:56.0301 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/25 18:26:56.0410 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/25 18:26:56.0629 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/25 18:26:56.0894 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2011/07/25 18:26:57.0066 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
2011/07/25 18:26:57.0253 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/25 18:26:57.0362 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/25 18:26:57.0502 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/25 18:26:57.0690 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/25 18:26:57.0877 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/25 18:26:58.0314 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/25 18:26:58.0501 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/25 18:26:58.0641 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/25 18:26:58.0922 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/25 18:26:59.0281 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/25 18:26:59.0437 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/25 18:26:59.0686 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/25 18:26:59.0827 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/25 18:27:00.0014 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/25 18:27:00.0108 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/25 18:27:00.0279 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/25 18:27:00.0482 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/25 18:27:00.0716 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/25 18:27:00.0888 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/25 18:27:01.0044 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/25 18:27:01.0200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/25 18:27:01.0324 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/25 18:27:01.0621 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/25 18:27:01.0917 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/25 18:27:02.0120 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/25 18:27:02.0307 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/25 18:27:02.0650 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/25 18:27:02.0791 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/25 18:27:02.0978 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/25 18:27:03.0118 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/25 18:27:03.0274 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/07/25 18:27:03.0415 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/25 18:27:03.0586 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/25 18:27:04.0023 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/25 18:27:04.0335 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/25 18:27:04.0507 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/25 18:27:04.0647 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/25 18:27:04.0850 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/25 18:27:05.0146 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/25 18:27:05.0396 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys
2011/07/25 18:27:06.0004 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/25 18:27:06.0472 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/25 18:27:06.0675 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/07/25 18:27:06.0831 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2011/07/25 18:27:06.0956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/25 18:27:07.0112 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/25 18:27:07.0408 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/25 18:27:07.0564 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/25 18:27:07.0736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/25 18:27:07.0845 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/25 18:27:08.0017 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/25 18:27:08.0157 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/25 18:27:08.0298 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/25 18:27:08.0407 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/25 18:27:08.0532 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/07/25 18:27:08.0703 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/25 18:27:08.0953 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/25 18:27:09.0078 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/25 18:27:09.0265 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/25 18:27:09.0390 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/25 18:27:09.0530 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/25 18:27:09.0639 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/25 18:27:09.0951 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/25 18:27:10.0107 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/25 18:27:10.0372 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/25 18:27:10.0466 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/25 18:27:10.0700 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/25 18:27:10.0903 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/25 18:27:11.0090 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/25 18:27:11.0262 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/25 18:27:11.0355 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/07/25 18:27:11.0496 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/25 18:27:11.0683 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/25 18:27:11.0870 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/25 18:27:12.0057 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/25 18:27:12.0213 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/25 18:27:12.0478 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/25 18:27:12.0681 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/25 18:27:12.0853 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/25 18:27:13.0024 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/07/25 18:27:13.0149 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/25 18:27:13.0305 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/25 18:27:13.0461 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/25 18:27:13.0711 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/25 18:27:13.0882 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/25 18:27:14.0023 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/25 18:27:14.0210 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/25 18:27:14.0350 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/25 18:27:14.0475 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/25 18:27:14.0631 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/25 18:27:15.0037 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/25 18:27:15.0255 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS
2011/07/25 18:27:15.0552 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS
2011/07/25 18:27:15.0786 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/25 18:27:16.0035 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/25 18:27:16.0238 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/25 18:27:16.0394 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/25 18:27:16.0722 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/25 18:27:17.0018 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/25 18:27:17.0236 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/25 18:27:17.0548 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/07/25 18:27:17.0829 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/25 18:27:18.0079 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/25 18:27:18.0219 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/25 18:27:18.0484 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/25 18:27:18.0625 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/25 18:27:18.0781 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/25 18:27:18.0952 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/25 18:27:19.0155 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/25 18:27:19.0296 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/25 18:27:19.0951 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/25 18:27:20.0122 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/25 18:27:20.0263 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/25 18:27:20.0434 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/25 18:27:20.0575 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
2011/07/25 18:27:20.0793 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2011/07/25 18:27:20.0980 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/25 18:27:21.0168 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
2011/07/25 18:27:21.0292 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/25 18:27:21.0558 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/25 18:27:21.0838 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/25 18:27:21.0994 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/25 18:27:22.0150 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/25 18:27:22.0494 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/25 18:27:22.0665 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/25 18:27:22.0821 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/25 18:27:22.0993 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/25 18:27:23.0118 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/25 18:27:23.0258 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/25 18:27:23.0445 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/25 18:27:23.0632 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/25 18:27:23.0804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/25 18:27:23.0991 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/25 18:27:24.0085 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/25 18:27:24.0241 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/25 18:27:24.0459 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/25 18:27:24.0646 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/07/25 18:27:24.0818 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
2011/07/25 18:27:24.0990 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/25 18:27:25.0161 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/25 18:27:25.0426 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/25 18:27:25.0598 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/25 18:27:25.0754 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/25 18:27:26.0004 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/25 18:27:26.0331 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/25 18:27:26.0472 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/25 18:27:26.0596 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/25 18:27:26.0706 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/25 18:27:26.0908 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/25 18:27:27.0096 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/25 18:27:27.0267 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/25 18:27:27.0408 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/25 18:27:27.0673 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/25 18:27:27.0891 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/07/25 18:27:27.0891 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/25 18:27:27.0907 sptd - detected Locked file (1)
2011/07/25 18:27:28.0110 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS
2011/07/25 18:27:28.0297 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS
2011/07/25 18:27:28.0484 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/25 18:27:28.0656 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/25 18:27:28.0796 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/25 18:27:29.0607 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/25 18:27:29.0841 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/25 18:27:30.0138 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS
2011/07/25 18:27:30.0340 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS
2011/07/25 18:27:30.0496 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/07/25 18:27:30.0652 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS
2011/07/25 18:27:30.0824 SYMTDIv (a5fb04f87a9cc3ea6b839fefd6790419) C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS
2011/07/25 18:27:30.0996 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/25 18:27:31.0089 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/25 18:27:31.0308 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/25 18:27:31.0635 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/25 18:27:31.0838 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/25 18:27:31.0978 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/25 18:27:32.0103 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/25 18:27:32.0275 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/25 18:27:32.0462 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/25 18:27:32.0634 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/25 18:27:32.0883 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/25 18:27:33.0086 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/25 18:27:33.0195 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/25 18:27:33.0351 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/25 18:27:33.0492 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/25 18:27:33.0694 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/25 18:27:33.0835 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/25 18:27:33.0975 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/25 18:27:34.0116 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/25 18:27:34.0256 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/25 18:27:34.0521 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/25 18:27:34.0771 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/25 18:27:34.0958 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/25 18:27:35.0145 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/25 18:27:35.0286 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/25 18:27:35.0473 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/25 18:27:35.0613 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/25 18:27:35.0738 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/25 18:27:35.0972 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/25 18:27:36.0128 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/25 18:27:36.0502 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/25 18:27:36.0814 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/25 18:27:37.0002 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/25 18:27:37.0173 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/25 18:27:37.0329 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2011/07/25 18:27:37.0470 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/25 18:27:37.0594 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/25 18:27:37.0813 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/25 18:27:38.0016 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/25 18:27:38.0234 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/25 18:27:38.0406 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 18:27:38.0452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 18:27:38.0702 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/25 18:27:38.0858 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/25 18:27:39.0139 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/25 18:27:39.0357 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/25 18:27:39.0607 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/25 18:27:39.0763 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/25 18:27:39.0950 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/25 18:27:40.0106 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/25 18:27:40.0324 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/07/25 18:27:40.0418 ================================================================================
2011/07/25 18:27:40.0418 Scan finished
2011/07/25 18:27:40.0418 ================================================================================
2011/07/25 18:27:40.0449 Detected object count: 1
2011/07/25 18:28:59.0448 Locked file(sptd) - User select action: Skip

[color="#2E8B57"]
Tu mi jakiś syf jeden się pokazał, ale dałam że pomijam go.. zgaduję, ze pewnie miałam go usunąć ;p[/color]

[u]A i złapałam tą chmurkę co MBAM blokuje - pozwól, że zacytuję:

Podejrzana strona- 194.242.2.62
Typ- wychodzące
Port: 49234
Działanie: svchost.exe[/u]

wirusolog
komentarz
komentarz

To co wykrył TDSSKiller to fałszywy alarm.
No i możesz teraz wykonywać dalsze punkty w poście nr. [b]#8[/b].

annmegmonn
komentarz
komentarz

wszystko zrobione,
[url="http://www.sendspace.com/file/rd696l"]oto wyniki skanu MBAM'em:[/url]

i robiłam także ten skan doktorkiem, ale zaraz po szybkim skanowaniu zrobił mi się restart kompa i chciałam powtórzyć i znowu się zrobił .. więc nie mogłam zrobić pełnego skanowania no chyba, że spróbuję jeszcze raz..
[url="http://www.sendspace.com/file/kofdx0"]Log z szybkiego skanowania[/url]

wirusolog
komentarz
komentarz

Podczas szybkiego skanowania musisz zapauzować i wybrać Pełne skanowanie.

annmegmonn
komentarz
komentarz

ok, to spróbuję tak jak mówisz

wyniki z tego pełnego skanowania wyślę Ci jednak dopiero ok. 10 sierpnia, bo właśnie wyjeżdzam,
mam nadzieję, że będziesz w stanie sprawdzić to w tym terminie ;)

a za dotychczasową pomoc serdeczne dzięki ;)

  • 4 tygodnie później...
annmegmonn
komentarz
komentarz (edytowane)

oto raport z pełnego skanowania DoctorWeb'em :
http://www.sendspace.com/file/bqim3i

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.