Hidden program files folder

My first post, so welcome everyone.

I had a virus, which I deleted with Spybot S&D and Eset Nod32 antivirus (it may not have been removed completely). For now the infected PC is not connected to the internet.

I found the virus and started scan by looking into msconfig. I saw two objects:

element: _scott_-{97BAE4-4CF2-5FFC-B9DB 1D 1D324E}
localisation: C:\Users\Mikaka\AppData\Roaming\_scott_css.exe

element: _scott_vrc
localisation: C:\Program Files\_scott_svchost.exe

The program files folder is hidden by the virus, you go to C: and it is not there. What can I do about it?? Its not hidden through the standard windows hidden files (I have showing of hidden files enabled, and I still cannot see it).

I tried combofix but it doesn't work for OS higher then XP, how can I restore my Program Files folder?? Help
The Program Files is still there (programs that are installed there are working, and you can find things there through search in start menu, but you cannot see the folder itself).

Infected computer:
Intel Core2Duo E4500 2.20GHz @ 2.20GHz
3 GB GoodRAM 800
Gigabyte GA-P35-S3
NVIDIA Geforce 8600 GTS 256 MB
Sound Blaster X-FI Gamer
250 + 500GB Seagate Discs
Windows 7 build 7229

Here is a screenshot of my C: drive
http://img208.imageshack.us/i/przechwytywaniek.png/

Help!

hidden pgm folder

Mikaka said:

My first post, so welcome everyone.

I had a virus, which I deleted with Spybot S&D and Eset Nod32 antivirus (it may not have been removed completely). For now the infected PC is not connected to the internet.

I found the virus and started scan by looking into msconfig. I saw two objects:

element: _scott_-{97BAE4-4CF2-5FFC-B9DB 1D 1D324E}
localisation: C:\Users\Mikaka\AppData\Roaming\_scott_css.exe

element: _scott_vrc
localisation: C:\Program Files\_scott_svchost.exe

The program files folder is hidden by the virus, you go to C: and it is not there. What can I do about it?? Its not hidden through the standard windows hidden files (I have showing of hidden files enabled, and I still cannot see it).

I tried combofix but it doesn't work for OS higher then XP, how can I restore my Program Files folder?? Help
The Program Files is still there (programs that are installed there are working, and you can find things there through search in start menu, but you cannot see the folder itself).

Infected computer:
Intel Core2Duo E4500 2.20GHz @ 2.20GHz
3 GB GoodRAM 800
Gigabyte GA-P35-S3
Sound Blaster X-FI Gamer
250 + 500GB Seagate Discs
Windows 7 build 7229

Here is a screenshot of my C: drive
Imageshack - 001arn2.jpg

Help!

Click to expand...

First welcome to sevenforums.

Ok if you had a dos disk this would be easy. boot from dos cd.. program folder, etc. do you have something that you can boot from outside win 7?

Ken

Hi Mikaka, welcome to the forum.

You may want to try typing c:\program files into the start menu search?

You should then be able to click 'Orgranize' then 'Properties' to view/change the properties of the folder.

Hope this helps




Jeff

Orbital Shark, the search doesn't return anything (it does on the other computer, but not on the one infected).

zigzag3143, does Windows 7 or Windows Vista dvd count??

Download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.39 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

I'd like to see if MBam will detect anything on the Win7 build that you're running.

Jacee said:

Download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.39 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

I'd like to see if MBam will detect anything on the Win7 build that you're running.

Click to expand...

Its scanning, should I wait for it to scan entire computer or C: disk alone will suffice?
I install all programs except games on C: drive.

An interesting issue after a long time.
Hi mate, if Malware bytes doesn't detect anything then remove your current AV and install Avast and when you will install it, it will ask you to perform a boot scan, hit Yes and restart your computer. Avast will then perform a boot scan and it should remove it off. I have dealt with the same issue before and did this trick to get rid off the virus.

@zigzag3143 Will these DOS bootdisks be fine?? Bootdisk.Com - Free Windows Bootdisks, Free DOS boot disk
If yes, which one should I choose?

dinesh said:

An interesting issue after a long time.
Hi mate, if Malware bytes doesn't detect anything then remove your current AV and install Avast and when you will install it, it will ask you to perform a boot scan, hit Yes and restart your computer. Avast will then perform a boot scan and it should remove it off. I have dealt with the same issue before and did this trick to get rid off the virus.

Click to expand...

I'll check it out if Malware bytes won't help.

I'll check it out if Malware bytes won't help.

Click to expand...

Waiting for your post.

Here is the log from Malware bytes (I choose english when installing the program, but log and the program itself aren't in english, don't know why).

After reboot, Program Files didn't showed up, but I found out something. If I uncheck "hide protected system files" it does show up, and I can look into its properties. There "hidden" is checked but its greyed out, and I cannot uncheck it. How can I uncheck it??

Look at the properties:
Imageshack - przechwytywaniej

I'm gonna do boot scan with avast anyway.

Also one question, if virus is still visible in msconfig, but unchecked so it isn't starting, does that mean that its executables are still present in the system??

Open registry editor.
Go to Hkey local machine>software>microsoft>windows>current version>run. Delete Run and Run Once key. It will delete the entries in msconfig.

I deleted both keys, everything that was scheduled to start is unchecked, except Operating System, and Google Update entries in msconfig (they're invisible on the screen, because msconfig is scrolled down, to show virus entries.

How do I remove two marked on the red entries from the list, so they're be gone forever??

http://img229.imageshack.us/i/przechwytywanie.png/

I'll do the Avast boot scan in maybe 2 hours, because brother is playing game, I hope virus isn't active, I've scanned C: with Nod32 two times already (second time came clean).

uncheck all items in msconfig. its fine to have those entries as long as you've deleted both the reg keys.
run hijack this to see if it finds anything.
finally, do a boot scan and let us know if it worked.

Have you visited 'GameSpot' forums and downloaded any games, cheats or etc?

I've run Hijack this, it only gave me a log, I don't know what to do with it, so I'm posting it here in attachment. I can also run the bootscan now unless you want me to do something before I start it.

I manually changed extension from .log to .txt as these forums don't allow .log files in attachments.

Last time I downloaded Harry Potter 6 demo, and yes, I may have downloaded some cheat.

Okay, let's see if we can see where they're hiding ....

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Mikaka said:

I've run Hijack this, it only gave me a log, I don't know what to do with it, so I'm posting it here in attachment. I can also run the bootscan now unless you want me to do something before I start it.

I manually changed extension from .log to .txt as these forums don't allow .log files in attachments.

Last time I downloaded Harry Potter 6 demo, and yes, I may have downloaded some cheat.

Click to expand...

copy the log and paste in the big box at www.hijackthis.de and click analyze.
it will show you which entries are harmful, delete all harmful entries by running hijackthis and checking all nasty entries.

OTL.txt

OTL logfile created on: 2009-07-18 22:33:05 - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\Mikaka\Desktop
Ultimate Edition (Version = 6.1.7229) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7229.0)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 1,35 Gb Free Space | 3,48% Space Free | Partition Type: NTFS
Drive D: | 170,90 Gb Total Space | 4,81 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive E: | 22,92 Gb Total Space | 4,46 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 2,36 Gb Free Space | 0,51% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 2,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
Drive K: | 1,90 Gb Total Space | 1,89 Gb Free Space | 99,59% Space Free | Partition Type: FAT32

Computer Name: MIKAKA-PC
Current User Name: Mikaka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxdfcoms.exe ( )
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\System32\UStorSrv.exe (OTi)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Users\Mikaka\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppIDSvc [On_Demand | Stopped]) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (AxInstSV [On_Demand | Stopped]) -- C:\Windows\System32\AxInstSV.dll (Microsoft Corporation)
SRV - (BDESVC [Unknown | Stopped]) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (defragsvc [On_Demand | Stopped]) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (Dhcp [Auto | Running]) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache [On_Demand | Stopped]) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [Auto | Running]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gupdate1c9f77828ea13e3 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (HomeGroupListener [On_Demand | Running]) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider [On_Demand | Running]) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (lxdfCATSCustConnectService [Auto | Stopped]) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdfserv.exe (Lexmark International, Inc.)
SRV - (lxdf_device [Auto | Running]) -- C:\Windows\System32\lxdfcoms.exe ( )
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (p2pimsvc [On_Demand | Running]) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc [On_Demand | Stopped]) -- C:\Windows\System32\peerdistsvc.dll (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (PNRPAutoReg [On_Demand | Stopped]) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (PNRPsvc [On_Demand | Running]) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (Power [Auto | Running]) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (RpcEptMapper [Unknown | Running]) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SensrSvc [On_Demand | Stopped]) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (sppsvc [Auto | Stopped]) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (sppuinotify [On_Demand | Stopped]) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (Themes [Auto | Running]) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (UStorage Server Service [Auto | Running]) -- C:\Windows\System32\UStorSrv.exe (OTi)
SRV - (WbioSrvc [On_Demand | Stopped]) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wlidsvc [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WwanSvc [On_Demand | Stopped]) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (1394ohci [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\1394ohci.sys (?iç?oš?f? Č?????aťi?n)
DRV - (AcpiPmi [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (adp94xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adpu320 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdk8.sys (?ič??šôf? €???o?áťí??)
DRV - (AmdPPM [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdppm.sys (?ić?ó??fť €?r?ôřatio?)
DRV - (amdsata [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (amdsbs [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (amdxata [Boot | Running]) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (AppID [On_Demand | Stopped]) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (arc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (arcsas [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (b06bdrv [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (b57nd60x [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (Brserid [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (cmdide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CNG [Boot | Running]) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (CompositeBus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (CT20XUT [On_Demand | Stopped]) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT.SYS [On_Demand | Running]) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX [On_Demand | Stopped]) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX.SYS [On_Demand | Running]) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT [On_Demand | Stopped]) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS [On_Demand | Running]) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (discache [System | Running]) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (eamon [Auto | Running]) -- C:\Windows\System32\DRIVERS\eamon.sys (ESET)
DRV - (ebdrv [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (ehdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (elxstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (emupia [On_Demand | Running]) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (epfwwfpr [Auto | Running]) -- C:\Windows\System32\DRIVERS\epfwwfpr.sys (ESET)
DRV - (FsDepends [On_Demand | Stopped]) -- C:\Windows\System32\drivers\FsDepends.sys (Microsoft Corporation)
DRV - (fssfltr [Auto | Running]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (giveio [Boot | Running]) -- C:\Windows\system32\giveio.sys ()
DRV - (ha20x2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (hcw85cir [On_Demand | Stopped]) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (HDAudBus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HDAudBus.sys (?ícřősofť ?????ŕ???ön)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (HpSAMD [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (hwpolicy [Boot | Running]) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (iaStorV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (iirsp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (intelppm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\intelppm.sys (?íc??§?fţ ?oř?őřaţi??)
DRV - (KSecPkg [Boot | Running]) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_FC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (LSI_SAS2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (LSI_SCSI [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (megasas [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (MegaSR [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (mshidkmdf [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (mssmbios [System | Running]) -- C:\Windows\System32\DRIVERS\mssmbios.sys (????oş?fţ €?????aţiő?)
DRV - (MTConfig [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (NdisCap [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ndiscap.sys (Microsoft Corporation)
DRV - (nfrd960 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (ohci1394 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ohci1394.sys (?i?rő§?fť Co????aţ?ő?)
DRV - (ossrv [On_Demand | Running]) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (pcw [Boot | Running]) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (Processor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\processr.sys (??çřöš?fť Ć?????â?i??)
DRV - (ql2300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (RasAgileVpn [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AgileVpn.sys (Microsoft Corporation)
DRV - (rdpbus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP [System | Running]) -- C:\Windows\System32\drivers\rdprefmp.sys (Microsoft Corporation)
DRV - (rdyboost [Boot | Running]) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (RTL8167 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rt86win7.sys (Realtek Corporation )
DRV - (RTL8169 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (RTL85n86 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\RTL85n86.sys (Realtek)
DRV - (s3cap [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (scfilter [Unknown | Stopped]) -- C:\Windows\System32\DRIVERS\scfilter.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (speedfan [Boot | Running]) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (SRK [Auto | Running]) -- C:\Windows\System32\drivers\SRK.sys ()
DRV - (stexstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (storflt [Boot | Running]) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (umbus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\umbus.sys (??ćřoşôfť Ć?ř?ó??ť???)
DRV - (UmPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbhub [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\usbhub.sys (?ičř?śôfť C??????ţio?)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (vdrvroot [Boot | Running]) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (vhdmp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (ViaC7 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\viac7.sys (??čŕ?š?ft €?ř??raţi??)
DRV - (viaide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (vmbus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (VMBusHID [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (vsmraid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vwifibus [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (WacomPen [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\wacompen.sys (?íçřo??f? ?????řät???)
DRV - (WfpLwf [System | Running]) -- C:\Windows\System32\DRIVERS\wfplwf.sys (Microsoft Corporation)
DRV - (WIMMount [On_Demand | Stopped]) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Witamy w MSN Polska
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 BA 91 5B 2E 05 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-06-05 00:01:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2009-06-27 20:52:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2009-06-27 20:52:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: (317745 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 Proben bei 1000Gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 steam units cs pwnage photoshop at 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10896 more lines...
O2 - BHO: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Mikaka\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Pasek narzędzi) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Block frame with Ad Muncher - File not found
O8 - Extra context menu item: Block image with Ad Muncher - File not found
O8 - Extra context menu item: Block link with Ad Muncher - File not found
O8 - Extra context menu item: Don't filter page with Ad Muncher - File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: Report page to the Ad Muncher developers - File not found
O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-04-29 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-05-10 16:29:38 | 00,000,009 | ---- | M] () - F:\autocad.txt -- [ NTFS ]
O32 - AutoRun File - [2006-05-19 00:10:52 | 04,386,816 | R--- | M] () - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006-05-19 00:10:52 | 04,386,816 | R--- | M] () - H:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006-05-19 00:10:52 | 00,000,047 | R--- | M] () - H:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{6e1c3ca9-3d9f-11de-8dbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1c3ca9-3d9f-11de-8dbe-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2006-05-19 00:10:52 | 04,386,816 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRunCD.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[4 C:\Windows\System32\*.tmp files]
[2009-07-18 22:29:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Mikaka\Desktop\OTL.exe
[2009-07-18 22:05:27 | 00,002,039 | ---- | C] () -- C:\Users\Mikaka\Desktop\HijackThis.lnk
[2009-07-18 22:05:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-07-18 19:17:56 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-07-18 19:17:54 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009-07-18 19:17:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009-07-18 19:17:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-07-18 19:14:53 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mikaka\Desktop\mbam-setup.exe
[2009-07-18 18:04:38 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009-07-18 17:51:05 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009-07-15 01:08:30 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009-07-14 22:49:11 | 00,139,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009-07-14 22:48:52 | 00,189,672 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009-07-14 19:44:51 | 00,003,072 | ---- | C] () -- C:\Windows\System32\drivers\SRK.sys
[2009-07-14 19:06:47 | 00,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
[2009-07-14 18:49:59 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2009-07-13 21:00:40 | 00,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009-07-13 13:42:27 | 00,001,076 | ---- | C] () -- C:\Users\Mikaka\Desktop\Testy B 2009.lnk
[2009-07-13 13:40:14 | 00,001,086 | ---- | C] () -- C:\Users\Mikaka\Desktop\Znaki Drogowe.lnk
[2009-07-13 13:40:06 | 00,000,000 | ---D | C] -- C:\Program Files\Grupa IMAGE
[2009-07-12 21:25:45 | 00,000,612 | ---- | C] () -- C:\Users\Public\Desktop\4Story.lnk
[2009-07-12 20:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009-07-12 20:06:30 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\dvdcss
[2009-07-12 20:04:07 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\vlc
[2009-07-12 20:02:06 | 00,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009-07-12 20:01:56 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009-07-12 12:35:52 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\Call of Juarez - Bound in Blood
[2009-07-12 12:19:09 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009-07-12 12:19:09 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2009-07-12 12:19:09 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009-07-12 12:19:09 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2009-07-12 12:19:08 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009-07-12 12:19:08 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2009-07-12 12:19:08 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009-07-12 12:19:08 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2009-07-12 12:19:08 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009-07-12 12:19:08 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2009-07-12 12:19:08 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009-07-12 12:19:08 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2009-07-12 00:46:13 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\Publish Providers
[2009-07-12 00:46:08 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\Vegas Movie Studio PE 9.0 Projects
[2009-07-12 00:46:08 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\Sony
[2009-07-12 00:46:08 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Local\Sony
[2009-07-12 00:44:26 | 00,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2009-07-12 00:44:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2009-07-12 00:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009-07-12 00:43:41 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009-07-12 00:25:59 | 00,000,020 | ---- | C] () -- C:\Windows\ôU
[2009-07-11 17:25:09 | 00,007,606 | ---- | C] () -- C:\Users\Mikaka\AppData\Local\Resmon.ResmonCfg
[2009-07-10 22:47:07 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\UltraVNC
[2009-07-10 22:46:45 | 00,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2009-07-09 23:50:21 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\EA Games
[2009-07-09 23:27:55 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2009-07-09 23:27:55 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009-07-09 23:27:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009-07-09 22:56:29 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009-07-09 22:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009-07-07 15:33:16 | 05,890,129 | ---- | C] () -- C:\Users\Mikaka\Documents\Moje dzieła SPORE - Kopia - Kopia.rar
[2009-07-07 15:20:03 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\Moje dzieła SPORE - Kopia - Kopia
[2009-07-07 14:56:34 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\Moje dzieła SPORE - Kopia
[2009-07-07 14:55:49 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\Mojedzielaspore
[2009-07-02 21:26:08 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009-07-02 15:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\Opera 10 Beta
[2009-07-02 00:45:18 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\SPORE
[2009-07-01 11:15:58 | 00,001,089 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2009-07-01 11:15:56 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009-07-01 11:15:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2009-06-30 20:31:13 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Local\AA3DeployClient
[2009-06-30 20:31:12 | 00,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2009-06-30 16:27:20 | 00,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2488381202-3099855390-259660320-1000UA.job
[2009-06-30 16:27:19 | 00,001,010 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2488381202-3099855390-259660320-1000Core.job
[2009-06-30 11:07:08 | 00,001,036 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009-06-30 11:07:08 | 00,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009-06-30 01:31:50 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Local\Cooliris
[2009-06-30 01:19:52 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Local\Mozilla
[2009-06-29 19:48:55 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-06-29 14:39:12 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\Malwarebytes
[2009-06-29 14:39:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009-06-29 12:38:16 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Local\AA2DeployClient
[2009-06-29 12:38:15 | 00,000,000 | ---D | C] -- C:\ProgramData\AA2DeployClient
[2009-06-29 12:37:42 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Local\Deployment
[2009-06-29 03:55:21 | 00,002,116 | ---- | C] () -- C:\Users\Mikaka\Desktop\Windows Live Messenger .lnk
[2009-06-29 03:53:54 | 00,055,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009-06-29 03:53:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009-06-29 03:51:45 | 00,000,020 | ---- | C] () -- C:\Windows\”úo
[2009-06-29 03:51:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009-06-29 02:21:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009-06-29 02:04:56 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009-06-28 19:17:39 | 00,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2009-06-28 18:11:31 | 00,000,931 | ---- | C] () -- C:\Users\Mikaka\Desktop\Fraps.lnk
[2009-06-28 18:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\Fraps
[2009-06-28 17:30:21 | 00,132,185 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2009-06-28 01:53:58 | 00,004,608 | ---- | C] () -- C:\Users\Mikaka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-28 00:41:21 | 00,002,141 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009-06-28 00:39:38 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009-06-27 22:05:19 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009-06-27 22:01:31 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2009-06-27 21:36:56 | 00,109,608 | ---- | C] () -- C:\Users\Mikaka\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-06-27 21:32:14 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009-06-27 21:32:13 | 00,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009-06-27 21:31:05 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009-06-27 21:31:05 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009-06-27 21:31:05 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009-06-27 21:30:49 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009-06-27 21:16:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2009-06-27 21:08:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009-06-27 21:07:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009-06-27 21:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009-06-27 21:04:15 | 00,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009-06-27 21:04:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009-06-27 21:04:00 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009-06-27 21:02:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009-06-27 20:56:11 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009-06-27 20:49:05 | 01,492,763 | -H-- | C] () -- C:\Users\Mikaka\AppData\Local\IconCache.db
[2009-06-27 20:33:12 | 24,147,27168 | -HS- | C] () -- C:\hiberfil.sys
[2009-06-27 20:09:26 | 00,000,000 | --SD | C] -- C:\Users\Mikaka\AppData\Roaming\Microsoft
[2009-06-27 20:09:26 | 00,000,000 | -HSD | C] -- C:\Users\Mikaka\Documents\My Videos
[2009-06-27 20:09:26 | 00,000,000 | -HSD | C] -- C:\Users\Mikaka\Documents\My Pictures
[2009-06-27 20:09:26 | 00,000,000 | -HSD | C] -- C:\Users\Mikaka\Documents\My Music
[2009-06-27 20:09:26 | 00,000,000 | -HSD | C] -- C:\Users\Mikaka\AppData\Local\Temporary Internet Files
[2009-06-27 20:09:26 | 00,000,000 | -HSD | C] -- C:\Users\Mikaka\AppData\Local\History
[2009-06-27 20:09:26 | 00,000,000 | -HSD | C] -- C:\Users\Mikaka\AppData\Local\Application Data
[2009-06-27 20:09:26 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\Media Center Programs
[2009-06-27 20:09:26 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Local\Temp
[2009-06-27 20:09:26 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Local\Microsoft
[2009-06-27 20:08:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Creative
[2009-06-27 20:08:46 | 00,102,400 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\cttele32.dll
[2009-06-27 20:06:59 | 00,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2009-06-27 20:06:59 | 00,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009-06-27 20:06:59 | 00,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2009-06-27 20:06:59 | 00,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009-06-27 20:06:59 | 00,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2009-06-27 20:06:59 | 00,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2009-06-27 20:06:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\data
[2009-06-27 20:06:18 | 00,457,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2009-06-27 20:02:41 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009-06-27 19:06:31 | 00,000,020 | ---- | C] () -- C:\Windows\Ěůp
[2009-06-27 18:48:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2009-06-27 03:59:21 | 00,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2009-06-27 03:59:21 | 00,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2009-06-27 00:04:10 | 00,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2009-06-27 00:02:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2009-06-26 23:57:46 | 22,691,984 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\AppSetup.exe
[2009-06-26 16:13:34 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2009-06-26 14:20:53 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\SPORE
[2009-06-26 00:02:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2009-06-26 00:02:42 | 00,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2009-06-26 00:02:42 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\AppData\Roaming\Xfire
[2009-06-26 00:02:38 | 00,000,000 | ---D | C] -- C:\Program Files\Xfire
[2009-06-25 17:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009-06-25 17:50:57 | 00,000,000 | ---D | C] -- C:\Program Files\Winnydows
[2009-06-21 22:57:50 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\Battlefield 2142 Demo
[2009-06-21 01:41:58 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\GTA IV save backup
[2009-06-19 19:58:54 | 00,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Jednostki specjalne.lnk
[2009-06-19 19:50:00 | 00,000,000 | ---D | C] -- C:\Users\Mikaka\Documents\Battlefield 2
[2009-06-17 16:27:34 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-06-05 10:26:26 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009-06-05 08:19:40 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-06-05 08:04:44 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-06-04 01:37:08 | 00,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009-06-04 01:37:06 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009-06-04 00:57:38 | 00,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009-06-04 00:55:20 | 00,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009-06-04 00:55:20 | 00,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009-05-28 19:55:26 | 00,000,394 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009-05-27 09:49:00 | 00,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009-05-25 20:01:00 | 00,906,784 | ---- | C] () -- C:\Windows\System32\OWL52F.DLL
[2009-05-17 20:16:28 | 00,139,264 | R--- | C] () -- C:\Windows\System32\OPDSL.DLL
[2009-05-14 21:06:20 | 00,005,248 | ---- | C] () -- C:\Windows\giveio.sys
[2009-05-14 20:32:28 | 00,000,299 | ---- | C] () -- C:\Windows\game.ini
[2009-05-10 23:35:13 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdfcoin.dll
[2009-05-10 23:33:51 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdfoem.dll
[2009-05-10 23:33:51 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXDFPMON.DLL
[2009-05-10 23:33:51 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXDFFXPU.DLL
[2009-05-10 23:32:38 | 00,000,060 | ---- | C] () -- C:\Windows\System32\lxdfrwrd.ini
[2009-05-10 23:32:27 | 00,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdfhcp.dll
[2009-05-10 23:32:27 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdfinpa.dll
[2009-05-10 23:32:27 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdfinst.dll
[2009-05-10 23:32:27 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdfiesc.dll
[2009-05-10 23:32:26 | 01,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdfserv.dll
[2009-05-10 23:32:26 | 00,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdfusb1.dll
[2009-05-10 23:32:26 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdfpmui.dll
[2009-05-10 23:32:26 | 00,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdflmpm.dll
[2009-05-10 23:32:26 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdfprox.dll
[2009-05-10 23:32:25 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdfhbn3.dll
[2009-05-10 23:32:24 | 00,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomc.dll
[2009-05-10 23:32:24 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomm.dll
[2009-05-10 23:32:24 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdfgrd.dll
[2009-04-22 07:58:02 | 00,000,536 | ---- | C] () -- C:\Windows\win.ini
[2009-04-22 00:19:06 | 00,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007-05-25 06:24:25 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdfdrs.dll
[2007-05-23 00:09:48 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdfcaps.dll
[2007-04-18 00:17:05 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdfcnv4.dll
[2006-08-01 15:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdfvs.dll
[1996-04-03 21:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[4 C:\Windows\System32\*.tmp files]
[2009-07-18 22:32:00 | 00,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2488381202-3099855390-259660320-1000UA.job
[2009-07-18 22:28:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Mikaka\Desktop\OTL.exe
[2009-07-18 22:12:00 | 00,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009-07-18 22:11:53 | 00,016,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009-07-18 22:11:53 | 00,016,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009-07-18 22:05:27 | 00,002,039 | ---- | M] () -- C:\Users\Mikaka\Desktop\HijackThis.lnk
[2009-07-18 22:04:39 | 00,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009-07-18 22:04:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-07-18 22:04:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-07-18 22:04:31 | 24,147,27168 | -HS- | M] () -- C:\hiberfil.sys
[2009-07-18 22:03:28 | 00,054,916 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2009-07-18 22:03:28 | 00,054,916 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2009-07-18 22:03:28 | 00,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2009-07-18 22:03:15 | 01,492,763 | -H-- | M] () -- C:\Users\Mikaka\AppData\Local\IconCache.db
[2009-07-18 21:34:17 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009-07-18 19:17:56 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-07-18 19:14:06 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mikaka\Desktop\mbam-setup.exe
[2009-07-18 18:00:32 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009-07-18 18:00:13 | 01,523,412 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-07-18 18:00:13 | 00,687,914 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2009-07-18 18:00:13 | 00,607,298 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-07-18 18:00:13 | 00,131,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2009-07-18 18:00:13 | 00,103,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-07-18 17:04:24 | 00,317,745 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009-07-18 16:32:00 | 00,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2488381202-3099855390-259660320-1000Core.job
[2009-07-14 22:56:19 | 00,139,072 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009-07-14 22:56:19 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2009-07-14 22:53:52 | 00,189,672 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009-07-14 22:49:11 | 00,022,328 | ---- | M] () -- C:\Users\Mikaka\AppData\Roaming\PnkBstrK.sys
[2009-07-14 19:53:42 | 00,003,072 | ---- | M] () -- C:\Windows\System32\drivers\SRK.sys
[2009-07-14 18:50:08 | 00,669,184 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2009-07-14 18:40:11 | 00,011,780 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg
[2009-07-13 23:01:32 | 00,189,672 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009-07-13 22:35:26 | 02,347,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-13 15:22:37 | 00,109,608 | ---- | M] () -- C:\Users\Mikaka\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-07-13 13:42:27 | 00,001,076 | ---- | M] () -- C:\Users\Mikaka\Desktop\Testy B 2009.lnk
[2009-07-13 13:40:14 | 00,001,086 | ---- | M] () -- C:\Users\Mikaka\Desktop\Znaki Drogowe.lnk
[2009-07-13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009-07-13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009-07-12 21:25:45 | 00,000,612 | ---- | M] () -- C:\Users\Public\Desktop\4Story.lnk
[2009-07-12 20:02:06 | 00,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009-07-12 00:26:00 | 00,000,020 | ---- | M] () -- C:\Windows\ôU
[2009-07-11 17:25:09 | 00,007,606 | ---- | M] () -- C:\Users\Mikaka\AppData\Local\Resmon.ResmonCfg
[2009-07-09 20:33:54 | 00,317,169 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090718-170424.backup
[2009-07-07 15:34:10 | 05,890,129 | ---- | M] () -- C:\Users\Mikaka\Documents\Moje dzieła SPORE - Kopia - Kopia.rar
[2009-07-02 21:26:08 | 00,041,808 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2009-07-01 11:22:38 | 00,001,089 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2009-06-29 19:48:55 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009-06-29 03:55:21 | 00,002,116 | ---- | M] () -- C:\Users\Mikaka\Desktop\Windows Live Messenger .lnk
[2009-06-29 03:51:46 | 00,000,020 | ---- | M] () -- C:\Windows\”úo
[2009-06-29 03:43:48 | 00,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2009-06-29 02:31:51 | 00,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009-06-29 01:52:31 | 00,307,292 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090709-203353.backup
[2009-06-28 18:11:31 | 00,000,931 | ---- | M] () -- C:\Users\Mikaka\Desktop\Fraps.lnk
[2009-06-28 17:31:56 | 00,132,185 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2009-06-28 02:04:01 | 00,004,608 | ---- | M] () -- C:\Users\Mikaka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-28 00:41:21 | 00,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009-06-27 23:08:58 | 00,307,262 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090627-230923.backup
[2009-06-27 22:03:27 | 00,000,536 | ---- | M] () -- C:\Windows\win.ini
[2009-06-27 21:34:20 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009-06-27 21:32:13 | 00,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009-06-27 21:30:51 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009-06-27 21:30:51 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009-06-27 21:30:51 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009-06-27 21:30:51 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009-06-27 20:46:23 | 00,337,158 | ---- | M] () -- C:\Windows\System32\perfi015.dat
[2009-06-27 20:46:23 | 00,038,710 | ---- | M] () -- C:\Windows\System32\perfd015.dat
[2009-06-27 20:31:31 | 00,028,969 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009-06-27 20:25:59 | 00,021,412 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2009-06-27 20:06:59 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2009-06-27 20:06:59 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2009-06-27 20:06:59 | 00,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2009-06-27 19:11:22 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009-06-27 19:11:22 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2009-06-27 19:06:32 | 00,000,020 | ---- | M] () -- C:\Windows\Ěůp
[2009-06-27 03:59:21 | 00,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2009-06-27 03:59:21 | 00,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2009-06-26 16:13:34 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2009-06-26 00:02:42 | 00,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2009-06-19 19:58:54 | 00,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Jednostki specjalne.lnk

========== LOP Check ==========

[2009-07-18 20:56:30 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming
[2009-06-27 20:17:27 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\6500 Series
[2009-06-27 20:17:28 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\AIMP
[2009-07-14 22:51:30 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Azureus
[2009-07-13 13:41:46 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\BESTplayer
[2009-06-27 20:17:32 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\BSplayer Pro
[2009-07-12 20:06:30 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\dvdcss
[2009-06-29 02:41:00 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\GHISLER
[2009-06-27 20:17:32 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Leadertech
[2009-06-27 20:17:32 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Lexmark Productivity Studio
[2009-06-05 14:41:15 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Media Center Programs
[2009-06-29 03:43:47 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Notepad++
[2009-06-27 20:17:45 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Nowe Gadu-Gadu
[2009-06-27 20:17:45 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\OpenFM
[2009-07-02 15:36:03 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Opera
[2009-07-12 00:46:13 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Publish Providers
[2009-06-27 20:17:47 | 00,000,000 | RH-D | M] -- C:\Users\Mikaka\AppData\Roaming\SecuROM
[2009-07-12 00:50:51 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Sony
[2009-07-02 17:53:36 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\SPORE
[2009-06-27 20:17:48 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\The Creative Assembly
[2009-07-14 00:04:57 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\tor
[2009-07-10 22:47:07 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\UltraVNC
[2009-07-14 00:04:57 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Vidalia
[2009-05-17 00:05:13 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Windows Live Writer
[2009-06-27 20:17:49 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Windows SideBar
[2009-07-08 01:17:13 | 00,000,000 | ---D | M] -- C:\Users\Mikaka\AppData\Roaming\Xfire
[2009-07-18 21:34:17 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009-07-18 22:04:39 | 00,001,032 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009-07-18 22:12:00 | 00,001,036 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009-07-18 16:32:00 | 00,001,010 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488381202-3099855390-259660320-1000Core.job
[2009-07-18 22:32:00 | 00,001,062 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2488381202-3099855390-259660320-1000UA.job
[2009-07-18 22:04:36 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009-06-05 12:31:07 | 00,015,012 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 513 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C7EEDD66
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:16334B5B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:76098070
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:500F021A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CC02DF48
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:538A295C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:87B0D92B
< End of report >

Extras.txt

OTL Extras logfile created on: 2009-07-18 22:33:05 - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\Mikaka\Desktop
Ultimate Edition (Version = 6.1.7229) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7229.0)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 1,35 Gb Free Space | 3,48% Space Free | Partition Type: NTFS
Drive D: | 170,90 Gb Total Space | 4,81 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive E: | 22,92 Gb Total Space | 4,46 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 2,36 Gb Free Space | 0,51% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 2,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
Drive K: | 1,90 Gb Total Space | 1,89 Gb Free Space | 99,59% Space Free | Partition Type: FAT32

Computer Name: MIKAKA-PC
Current User Name: Mikaka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 4
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 4
"FirewallOverride" = 0
"FirstRunDisabled" = 4
"UpdatesDisableNotify" = 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240C3B0-AD14-4AB4-966A-484E8D14477F}" = Bezpieczeństwo rodzinne usługi Windows Live
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{05381030-963D-4779-BECA-0D7D49268EDB}" = Płatnik 7.03.001
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Pasek narzędzi
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{20EA84D4-6CB0-4FEA-8B6C-DC816CA7385F}" = Harry Potter and the Half-Blood Prince™ Demo
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ Beta 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2A5FBE73-76DA-4A31-BD86-1B0E01DC33F8}" = Windows Live Messenger
"{2BED6AD7-DD60-43BA-B65F-BEFC8CAD5B78}" = Windows Live Movie Maker Beta
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5ED20FB0-678F-41EE-9211-DC9C670FD193}" = Battlefield 1942 Multiplayer Demo
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Kosmiczne przygody
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FCEBA1E-B484-4972-883F-E2B99A12758E}" = Norma Pro
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C2BB36-ABE5-4E02-A043-E6C0F91A3E2C}" = PC VGA Camer@ Plus
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FDC4F3F-1DD7-433E-841E-E20C294609B4}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1.2 - Polish
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B535B621-5559-11DE-A7A1-005056806466}" = Google Earth Plugin
"{B6892A3F-51F5-4BA4-92E5-3F4A1A10720D}" = Podstawowe programy Windows Live
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ — śmieszne i straszne części stworów
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CF589477-3D27-4C6F-82A3-78547ACAC55D}" = Galeria fotografii usługi Windows Live
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DB4690C5-9015-401D-A96C-A49909B7C372}" = Poczta usługi Windows Live
"{DD49053A-0140-44EF-AE75-C4BC1FDB8286}" = Windows Live Writer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"4StoryPL_is1" = 4Story 1.5
"Ad Muncher" = Ad Muncher v4.73 Beta Build 30615
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Creative Volume Panel" = Volume Panel
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"DivX Tech Preview - MKV on Windows 7" = DivX Tech Preview: MKV on Windows 7
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExactFile_is1" = ExactFile 1.0.0.15
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"Homeworld2" = Homeworld2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{73C2BB36-ABE5-4E02-A043-E6C0F91A3E2C}" = PC VGA Camer@ Plus
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Kleopatra" = Kleopatra - królowa Nilu
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.0 (Basic)
"Lexmark 6500 Series" = Lexmark 6500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"Notepad++" = Notepad++
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pharaoh" = Faraon
"PowerISO" = PowerISO
"Privoxy" = Privoxy 3.0.6
"Project Reality Core_is1" = Project Reality 0860 Core
"Project Reality Levels_is1" = Project Reality 0860 Levels
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.9.0
"SFBM" = SoundFont Bank Manager
"Sorian AI Mod_is1" = Sorian AI Mod 1.9.7
"SpeedFan" = SpeedFan (remove only)
"SuperF4" = SuperF4
"Testy B 2009_is1" = Testy B 2009
"Tor" = Tor 0.2.0.34
"Totalcmd" = Total Commander (Remove or Repair)
"Ultravnc2_is1" = UltraVNC 1.0.6.4
"U-Storage Service" = U-Storage Service
"Vidalia" = Vidalia 0.1.10
"Visual Micro Lab" = Visual Micro Lab
"VLC media player" = VLC media player 1.0.0
"Vuze" = Vuze
"WaveStudio 7" = Creative WaveStudio 7
"WheelMouse" = Smart-X7 7.80
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"Xfire" = Xfire (remove only)
"Znaki Drogowe_is1" = Znaki Drogowe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



<edit>
I've fixed the hidden Program Files, found a solution on google.
I ran elevated command prompt on C: drive.
Then I wrote command:
attrib -h -s Program Files
This made the Program Files folder visible.

dinesh said:

copy the log and paste in the big box at www.hijackthis.de and click analyze.
it will show you which entries are harmful, delete all harmful entries by running hijackthis and checking all nasty entries.

Click to expand...

@ dinesh....
I've already looked over the HJT log. It doesn't show anything malicious, that's why I asked for OLT