Prosim o kontrolu

[chodnik74]

Takže opět stejná pravidla Combofixu..

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  KillAll::
  
  Driver::
  gupdatem
  gupdate
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\s74kfcxc.default\
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Ve kterém prohlížeči vám to dělá?

[majom246]

Používam Mozillu Firefox a Google Chrome. A robí mi to v oboch.


ComboFix 11-06-23.01 - Admin 23.06.2011 21:27:30.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.421.1033.18.1791.1151 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-22 17:37 . 2011-06-22 17:37 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-06-22 17:37 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-22 17:37 . 2011-06-22 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-22 17:37 . 2011-06-22 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-22 17:37 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-22 11:55 . 2011-06-22 11:56 -------- d-----w- c:\program files\CCleaner
2011-06-22 08:55 . 2011-06-22 12:04 -------- d-----w- c:\program files\trend micro
2011-06-20 19:36 . 2011-06-20 19:36 -------- d-----w- c:\program files\Rockstar Games
2011-06-20 19:35 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-06-20 19:35 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-06-20 19:35 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-06-20 19:35 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-06-20 19:35 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-06-20 19:35 . 2011-06-20 19:35 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-06-20 19:35 . 2011-06-20 19:35 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-06-09 14:09 . 2011-06-09 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2011-06-09 14:08 . 2011-06-09 14:08 -------- d-----w- c:\program files\Alawar
2011-06-08 19:39 . 2011-06-09 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2011-06-08 19:39 . 2011-06-08 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AWEM
2011-05-28 12:59 . 2004-08-03 20:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-05-28 12:59 . 2004-08-03 20:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-05-26 13:24 . 2011-05-26 13:24 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-26 13:23 . 2011-05-26 13:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Leadertech
2011-05-26 13:14 . 2011-05-26 13:14 -------- d-----w- c:\program files\EA Sports
2011-05-26 13:14 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2011-05-26 13:14 . 2008-05-30 12:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2011-05-26 13:12 . 2011-06-22 12:00 -------- d-----w- c:\windows\Logs
2011-05-26 12:56 . 2011-05-26 12:58 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-26 12:55 . 2011-06-22 10:44 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-05-26 12:55 . 2011-05-26 12:58 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-26 12:54 . 2011-05-26 13:00 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2011-05-26 12:54 . 2011-05-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 19:00 . 2006-02-28 12:00 28624 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-04-23 21:28 . 2009-05-21 16:57 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-23 21:28 . 2009-05-21 18:21 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-14 17:01 . 2011-05-21 10:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-22_21.20.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-28 12:00 . 2011-06-22 19:47 41034 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2011-06-23 13:12 41034 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2011-06-23 13:12 314706 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2011-06-22 19:47 314706 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-29 16805888]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.5.2011 14:56 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [31.8.2010 1:00 22072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [22.6.2011 19:37 39984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 17:31]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 17:31]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580818891-725345543-1004Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-21 22:56]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580818891-725345543-1004UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-21 22:56]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\s74kfcxc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 21:34
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1096)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-06-23 21:37:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-23 19:37
.
Pre-Run: 6 636 433 408 bytes free
Post-Run: 6 545 190 912 voľných bajtov
.
- - End Of File - - 6160F1BD2E54B0D8A95C8130FF2C8993

[chodnik74]

Pořád problém přetrvává? pokud ano tak pokračujte dále..


arrow: Stáhneme si na Plochu program OTL

• Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
• Pokud používáte 64 bitový systém,zaškrkněte volbu Pro 64 bitové OS,pokud ne,tak by měla být nezaškrknutá
• Zaškrkněte okýnko Pro všechny uživatele,Kontrola havět "LOP",Kontrola havět "Purity"
• Staří souborů změňte z 30 dnů na 7 dnů
• Do spodního okýnka Vlastní skenování/opravy vložte následující script:

  Kód: Vybrat vše

  netsvcs
  drivers32
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  c:\windows\*.* /U
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  /md5start
  adp3132.sys
  AGP440.sys
  ahcix86.sys
  ahcix86s.sys
  atapi.sys
  autochk.exe
  cdrom.sys
  cngaudit.dll
  cryptsvc.dll
  eNetHook.dll
  eventlog.dll
  explorer.exe
  hal.dll
  Changer.sys
  iaStor.sys
  iastorv.sys
  IdeChnDr.sys
  isapnp.sys
  JakNDis.sys
  KR10N.sys
  logevent.dll
  lsass.exe
  mv61xx.sys
  ndis.sys
  netlogon.dll
  ntelogon.dll
  nvata.sys
  nvatabus.sys
  nvgts.sys
  nvraid.sys
  nvrd32.sys
  nvstor.sys
  nvstor32.sys
  scecli.dll
  sceclt.dll
  smss.exe
  svchost.exe
  symmpi.sys
  tcpip.sys
  userinit.exe
  vaxscsi.sys
  viamraid.sys
  viasraid.sys
  ViPrt.sys
  winlogon.exe
  ws2_32.dll
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  CREATERESTOREPOINT
  

• Klikněte na tlačítko Prohledat
• Po dokončení skenu,který trvá mezi 5-15 minuty se vám zobrazý dva logy OTL.txt a Extras.txt a ty mě sem vložte

[majom246]

Zatial problem pretrvava v mozille. Pri google chrome mi zatial ziadne reklamy nevyskocili.

Kde mam kliknut na prehladanie? Na run Scan?

[chodnik74]

Ano

[majom246]

OTL logfile created on: 23.6.2011 22:36:44 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 63,15% Memory free
3,60 Gb Paging File | 3,12 Gb Available in Paging File | 86,60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 6,04 Gb Free Space | 2,60% Space Free | Partition Type: NTFS

Computer Name: YOUR-528FD50729 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.06.23 22:14:44 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011.06.14 01:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.02.06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.06.23 22:14:44 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2006.02.28 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.05.26 14:58:57 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.08.30 16:36:49 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2009.02.06 14:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.02.06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.02.06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.02.06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.10.29 05:10:58 | 003,341,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.07.30 02:29:22 | 004,751,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.01 20:27:44 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.28 01:40:18 | 001,315,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.05.29 02:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.04.15 20:14:00 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.04.15 20:13:00 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.03.28 02:18:00 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.03.11 03:18:00 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008.02.05 02:57:00 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.09.20 20:59:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-1580818891-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-448539723-1580818891-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.19 17:27:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.21 12:24:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.21 12:14:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.08.31 07:55:45 | 000,000,000 | ---D | M]

[2011.05.21 12:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011.05.26 14:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\s74kfcxc.default\extensions
[2011.05.21 12:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011.04.14 19:01:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.01.01 10:00:00 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.01.01 10:00:00 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2011.02.21 18:48:08 | 000,002,045 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2010.01.01 10:00:00 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.01.01 10:00:00 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.01.01 10:00:00 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2011.06.23 21:34:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-448539723-1580818891-725345543-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1580818891-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448539723-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-448539723-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-448539723-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.31 00:11:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 7 Days ==========

[2011.06.23 22:14:36 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011.06.23 21:37:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.06.22 23:15:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.06.22 23:09:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.06.22 23:09:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.06.22 23:09:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.06.22 23:09:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.06.22 23:09:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.06.22 23:09:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.22 23:09:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011.06.22 23:09:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Videos
[2011.06.22 23:09:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2011.06.22 22:33:43 | 004,135,090 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011.06.22 19:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011.06.22 19:37:27 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.06.22 19:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.22 19:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.06.22 19:37:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.06.22 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.22 19:35:16 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.22 14:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\rsit
[2011.06.22 14:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\zaloha registrov
[2011.06.22 14:00:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011.06.22 13:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.06.22 10:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.06.22 00:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Google Chrome
[2011.06.22 00:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Preberanie
[2011.06.20 21:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\GTA San Andreas User Files
[2011.06.20 21:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2011.06.20 21:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rockstar Games
[2011.06.19 12:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\karin

========== Files - Modified Within 7 Days ==========

[2011.06.23 22:21:03 | 001,138,814 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\prtsc2.bmp
[2011.06.23 22:15:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.23 22:14:44 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011.06.23 22:01:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580818891-725345543-1004UA.job
[2011.06.23 21:38:48 | 000,314,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.23 21:38:48 | 000,041,034 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.23 21:34:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.06.23 21:34:24 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.23 21:34:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.23 21:34:20 | 000,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011.06.23 21:26:12 | 004,135,090 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011.06.23 19:48:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.06.23 19:48:58 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.22 23:15:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.06.22 22:30:02 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011.06.22 20:14:07 | 000,000,114 | ---- | M] () -- C:\WINDOWS\ChssBase.ini
[2011.06.22 20:02:13 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011.06.22 19:37:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.22 19:35:55 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.22 13:56:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011.06.22 10:52:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.22 01:06:26 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580818891-725345543-1004Core.job
[2011.06.22 00:58:53 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.06.21 23:19:39 | 000,000,523 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011.06.20 21:36:01 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[2011.06.17 14:57:02 | 000,023,293 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\[CzT]Rocky_III.torrent

========== Files Created - No Company Name ==========

[2011.06.23 22:21:02 | 001,138,814 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\prtsc2.bmp
[2011.06.22 23:15:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.06.22 23:15:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.06.22 23:09:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.06.22 23:09:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.06.22 23:09:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.06.22 23:09:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.06.22 23:09:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.06.22 20:02:13 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011.06.22 19:37:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.22 13:56:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011.06.22 00:58:53 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.06.21 21:00:53 | 734,902,272 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Match Point - Hra osudu (2005).avi
[2011.06.21 20:48:25 | 1237,134,914 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Chlapec v pruhovaném pyžamu (2008).avi
[2011.06.20 21:36:01 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[2011.06.20 21:00:24 | 000,000,523 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011.06.17 14:57:02 | 000,023,293 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\[CzT]Rocky_III.torrent
[2011.05.24 12:52:49 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\keyfile3.drm
[2011.01.10 23:25:24 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010.12.30 23:19:00 | 003,221,660 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\SRDownloader.err
[2010.12.30 23:15:29 | 000,001,008 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\SRDownloader.nast
[2010.10.19 17:19:51 | 000,160,668 | ---- | C] () -- C:\WINDOWS\hpoins38.dat
[2010.10.19 17:19:50 | 000,000,622 | ---- | C] () -- C:\WINDOWS\hpomdl38.dat
[2010.10.10 22:06:47 | 000,000,114 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2010.09.04 17:58:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.04 17:24:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010.09.04 17:23:35 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.31 00:13:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.08.31 00:08:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.08.30 17:02:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.08.30 17:01:06 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.30 16:49:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.08.30 16:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.08.30 16:23:28 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008.10.29 03:40:41 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.10.29 03:40:41 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.10.29 03:40:41 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.08.14 19:42:21 | 000,176,214 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.04.14 22:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.08.24 11:46:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2006.02.28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 14:00:00 | 000,314,706 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 14:00:00 | 000,041,034 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 14:00:00 | 000,028,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006.02.28 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.02.28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.11.14 22:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011.02.04 12:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Audacity
[2010.10.10 22:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ChessBase
[2011.05.26 15:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
[2010.08.31 11:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ESET
[2011.01.10 23:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FreeAudioPack
[2011.05.26 15:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2011.06.22 23:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\uTorrent
[2011.03.26 13:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Advanced Chemistry Development
[2011.06.09 16:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011.06.08 21:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AWEM
[2010.10.26 18:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessBase
[2011.05.26 14:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.08.31 07:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.06.09 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2011.06.08 21:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2011.02.21 18:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011.04.23 23:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2011.01.04 15:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011.03.26 13:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Advanced Chemistry Development
[2011.06.09 16:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010.08.31 01:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2011.04.23 22:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011.06.08 21:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AWEM
[2010.10.26 18:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessBase
[2011.04.24 09:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2011.05.26 14:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.08.31 07:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.06.09 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2011.06.08 21:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2010.10.19 17:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2010.10.19 17:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011.02.21 18:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011.06.22 19:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.05.26 15:18:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.06.16 15:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011.04.23 23:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010.10.19 17:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011.02.07 06:25:03 | 000,015,496 | R-S- | M] (Tarma Software Research Pty Ltd) -- C:\Documents and Settings\All Users\Application Data\InstallMate\{1A48A935-F5EF-4747-9A11-2F7C65BB2D90}\Setup.exe
[2011.04.23 23:33:34 | 000,053,319 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{307BD415-B3E6-4E60-962A-FEF793237322}\PostBuild.exe

< %APPDATA%\*. >
[2010.09.25 19:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2011.01.02 20:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ahead
[2011.02.04 12:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Audacity
[2011.04.23 22:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVS4YOU
[2010.10.10 22:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ChessBase
[2011.04.23 23:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CyberLink
[2011.05.26 15:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
[2011.06.21 11:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\dvdcss
[2010.08.31 11:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ESET
[2011.01.10 23:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FreeAudioPack
[2011.02.16 16:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Google
[2011.04.25 17:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Help
[2010.10.19 17:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HP
[2011.06.20 21:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HPAppData
[2010.08.31 00:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Identities
[2010.08.31 01:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\InstallShield
[2011.05.26 15:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2010.08.30 16:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2011.06.22 19:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011.04.09 19:52:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2011.05.21 12:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla
[2010.10.20 18:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\U3
[2011.06.22 23:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\uTorrent
[2011.06.23 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\vlc

< %APPDATA%\*.exe /s >
[2006.04.05 19:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\U3\temp\cleanup.exe


< MD5 for: AGP440.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\cmdcons\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cdrom.sys
[2011.02.08 03:16:22 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2011.02.08 03:16:22 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtUninstallKB952011$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2006.02.28 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2006.02.28 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2006.02.28 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hal.dll
[2006.02.28 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\isapnp.sys
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.02.28 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2006.02.28 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2006.02.28 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[2006.02.28 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2006.02.28 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2006.02.28 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\smss.exe
[2006.02.28 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\dllcache\smss.exe
[2006.02.28 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[2006.02.28 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2006.02.28 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2006.02.28 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.08.30 17:00:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.08.30 17:00:36 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.08.30 17:00:36 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.06.23 21:34:20 | 000,060,452 | ---- | M] () -- C:\WINDOWS\system32\ativvaxx.cap
[2011.06.23 21:38:48 | 000,041,034 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2011.06.23 21:38:48 | 000,314,706 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2011.06.23 21:38:47 | 000,360,124 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2011.06.22 10:52:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< End of report >


OTL Extras logfile created on: 23.6.2011 22:36:44 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 63,15% Memory free
3,60 Gb Paging File | 3,12 Gb Available in Paging File | 86,60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 6,04 Gb Free Space | 2,60% Space Free | Partition Type: NTFS

Computer Name: YOUR-528FD50729 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-448539723-1580818891-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32178A6E-5DE4-443E-AA50-8FFFD7CCC32A}" = Fritz10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A120BD4-6AB8-4BF9-82A8-FC7B0FD61051}" = Nero 7 Premium
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86AD3D30-AA26-4EF2-A4B2-7B1EA4C587B8}" = Fritz10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0015-041B-0000-0000000FF1CE}_PROPLUS_{F69A7281-8297-47E2-B583-36EAA37C89EE}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{F69A7281-8297-47E2-B583-36EAA37C89EE}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{F69A7281-8297-47E2-B583-36EAA37C89EE}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}_PROPLUS_{F69A7281-8297-47E2-B583-36EAA37C89EE}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}_PROPLUS_{F69A7281-8297-47E2-B583-36EAA37C89EE}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{F69A7281-8297-47E2-B583-36EAA37C89EE}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROPLUS_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_PROPLUS_{573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROPLUS_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}_PROPLUS_{F69A7281-8297-47E2-B583-36EAA37C89EE}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_PROPLUS_{8AF3A9EB-FBB9-449F-AC11-94CE39930037}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1051-7B44-A94000000001}" = Adobe Reader 9.4.4 - Slovak
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CF652E2D-6128-49E9-833E-F131C4FC42CA}" = ChessBase 10
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D5B11428-F4C4-4FC2-AF89-4D2163BD1D28}" = ChessBase 10
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{F9E58416-8176-4583-B014-47985E5A8357}" = ESET Smart Security
"681AC783AEB04C5FAFCADE7871FE96B87C602BAF" = Windows Driver Package - Advanced Micro Devices Inc. AMD USB Filter Driver (05/27/2008 1.0.7.0)
"ACDLabs in C__ACDFREE10_" = ACD/Labs Software in C:\ACDFREE10\
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Farm Frenzy 3" = Farm Frenzy 3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.91
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.0.1200
"Mozilla Firefox 4.0.1 (x86 sk)" = Mozilla Firefox 4.0.1 (x86 sk)
"PROPLUS" = Microsoft Office Professional Plus 2007
"Registrace uživatele zařízení Canon iP1700" = Registrace uživatele zařízení Canon iP1700
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22.4.2011 10:01:46 | Computer Name = YOUR-528FD50729 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia hl.exe, verzia 1.1.1.1, zablokovaný modul hungapp,
verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 19.5.2011 16:35:11 | Computer Name = YOUR-528FD50729 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia chrome.exe, verzia 0.0.0.0, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 19.5.2011 16:35:12 | Computer Name = YOUR-528FD50729 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia chrome.exe, verzia 0.0.0.0, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 28.5.2011 10:57:47 | Computer Name = YOUR-528FD50729 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie nhl2009.exe, verzia 0.0.0.0, zlyhanie modulu nhl2009.exe,
verzia 0.0.0.0, adresa zlyhania 0x0034a311.

Error - 28.5.2011 11:57:56 | Computer Name = YOUR-528FD50729 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie nhl2009.exe, verzia 0.0.0.0, zlyhanie modulu nhl2009.exe,
verzia 0.0.0.0, adresa zlyhania 0x0043f213.

Error - 1.6.2011 7:04:11 | Computer Name = YOUR-528FD50729 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie nhl2009.exe, verzia 0.0.0.0, zlyhanie modulu nhl2009.exe,
verzia 0.0.0.0, adresa zlyhania 0x0043ea85.

Error - 4.6.2011 6:20:36 | Computer Name = YOUR-528FD50729 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia nero.exe, verzia 7.2.3.2, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 6.6.2011 11:55:24 | Computer Name = YOUR-528FD50729 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie nhl2009.exe, verzia 0.0.0.0, zlyhanie modulu nhl2009.exe,
verzia 0.0.0.0, adresa zlyhania 0x0038dfc8.

[ System Events ]
Error - 23.6.2011 2:15:00 | Computer Name = YOUR-528FD50729 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %1058 pri pokuse spustiť službu gupdate s
argumentmi /comsvc potrebnú na spustenie servera: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 23.6.2011 4:37:04 | Computer Name = YOUR-528FD50729 | Source = PlugPlayManager | ID = 12
Description = Zariadenie Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
(PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_02\4&2bb7b23&0&0028) sa už v systéme
nenachádza, pričom nebolo pripravené na odstránenie.

Error - 23.6.2011 9:08:27 | Computer Name = YOUR-528FD50729 | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.1.1 odmietol prenájom 192.168.1.2 adresy IP pre
sieťovú kartu so sieťovou adresou 00248C5EA55B (server DHCP odoslal hlásenie DHCPNACK).

Error - 23.6.2011 9:15:00 | Computer Name = YOUR-528FD50729 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %1058 pri pokuse spustiť službu gupdate s
argumentmi /comsvc potrebnú na spustenie servera: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 23.6.2011 12:41:36 | Computer Name = YOUR-528FD50729 | Source = PlugPlayManager | ID = 12
Description = Zariadenie Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
(PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_02\4&2bb7b23&0&0028) sa už v systéme
nenachádza, pričom nebolo pripravené na odstránenie.

Error - 23.6.2011 14:15:00 | Computer Name = YOUR-528FD50729 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %1058 pri pokuse spustiť službu gupdate s
argumentmi /comsvc potrebnú na spustenie servera: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 23.6.2011 15:27:27 | Computer Name = YOUR-528FD50729 | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.

Error - 23.6.2011 15:27:27 | Computer Name = YOUR-528FD50729 | Source = Service Control Manager | ID = 7034
Description = Služba Application Layer Gateway Service sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1 krát.

Error - 23.6.2011 15:27:27 | Computer Name = YOUR-528FD50729 | Source = Service Control Manager | ID = 7031
Description = Služba Bluetooth Service sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia:
Reštartovať službu.

Error - 23.6.2011 15:27:27 | Computer Name = YOUR-528FD50729 | Source = Service Control Manager | ID = 7034
Description = Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát.


< End of report >

[chodnik74]

Zítra se na to mrknu dneska už jdu spát

[majom246]

ok, ja tiez

[chodnik74]

tak dobrou noc zítra pokračujeme

[chodnik74]

Aktualizace Service pack 3 + IE 8
Máte strašné málo místa na disku C: ,prosím uvolněte místo..nepotřebnýma souborama

Stáhneme si na Plochu program OTL

• Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
• Do dolního okna Vlastní skenování/opravy vložíme následující skript a stiskneme tlačítko Opravit
  

  Kód: Vybrat vše

  :otl
  SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
  DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
  IE - HKU\S-1-5-21-448539723-1580818891-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
  [2011.05.21 12:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
  File not found (No name found) -- 
  O3 - HKU\S-1-5-21-448539723-1580818891-725345543-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  [2011.06.23 21:38:48 | 000,314,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
  [2011.06.23 21:38:48 | 000,041,034 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
  
  :commands
  [emptytemp]
  [EmptyFlash]
  [Purity]
  

• Po restartu pc se vám objeví log z OTL,ten mi sem prosím vložte..

[chodnik74]

P.S: u váš to bude tlačítko Run Fix asi

[majom246]

All processes killed
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-448539723-1580818891-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-448539723-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 1475868 bytes
->Temporary Internet Files folder emptied: 24087174 bytes
->FireFox cache emptied: 26119608 bytes
->Google Chrome cache emptied: 250848069 bytes
->Flash cache emptied: 3009 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34924 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 289,00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06242011_182610

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[chodnik74]

Výborně..jak se chová PC

[majom246]

Zda sa ze je problem vyrieseny, pc vyzerá byť v poriadku dakujem

[majom246]

PS: keby bolo ešte nieco treba, tak teraz budem tyzden odcestovany, tak to doriesime ked pridem