:OTL PRC - [2011-08-22 00:33:47 | 000,139,776 | ---- | M] () – C:\Windows\systemup.exe PRC - [2011-08-22 00:21:46 | 000,232,960 | ---- | M] () – C:\Windows\l1rezerv.exe PRC - [2011-08-22 00:20:30 | 000,382,464 | ---- | M] () – C:\Windows\update.7.1\svchostdriver.exe PRC - [2011-08-22 00:20:10 | 000,634,880 | ---- | M] () – C:\Windows\update.2\svchost.exe PRC - [2011-08-22 00:20:10 | 000,634,880 | ---- | M] () – C:\Windows\update.2\svchost.exe PRC - [2011-08-22 00:19:52 | 000,355,840 | ---- | M] () – C:\Windows\update.5.0\svchost.exe PRC - [2011-08-22 00:19:52 | 000,355,840 | ---- | M] () – C:\Windows\update.5.0\svchost.exe PRC - [2011-08-22 00:19:25 | 000,258,048 | ---- | M] () – C:\Windows\sysdriver32.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.tray-2-0\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.tray-2-0\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.tray-2-0\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.tray-2-0\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.tray-2-0\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.tray-2-0\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.1\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.1\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.1\svchost.exe PRC - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.1\svchost.exe MOD - [2011-08-21 20:48:49 | 001,213,440 | -H-- | M] () – C:\Windows\update.tray-2-0\svchost.exe SRV - [2011-08-22 00:20:30 | 000,382,464 | ---- | M] () [Auto | Running] – C:\Windows\update.7.1\svchostdriver.exe – (ddservice) SRV - [2011-08-22 00:19:25 | 000,258,048 | ---- | M] () [Auto | Running] – C:\Windows\sysdriver32.exe – (srvsysdriver32) IE - HKLM…\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKLM…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.) IE - HKLM…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df IE - HKCU…\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}” FF - prefs.js…extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190 FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js…extensions.enabledItems: vshare@toolbar:1.0.0 FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found [2011-04-26 09:57:59 | 000,000,000 | —D | M] (“DAEMON Tools Toolbar”) – C:\Users\Ania\AppData\Roaming\mozilla\Firefox\Profiles\bhe94yny.default\extensions\DTToolbar@toolbarnet.com [2011-04-10 10:38:16 | 000,000,000 | —D | M] (Conduit Engine) – C:\Users\Ania\AppData\Roaming\mozilla\Firefox\Profiles\bhe94yny.default\extensions\engine@conduit.com [2011-03-08 18:47:53 | 000,000,000 | —D | M] (vShare) – C:\Users\Ania\AppData\Roaming\mozilla\Firefox\Profiles\bhe94yny.default\extensions\vshare@toolbar [2011-01-31 09:40:58 | 000,000,863 | ---- | M] () – C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\bhe94yny.default\searchplugins\conduit.xml O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.) O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3:64bit: - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM…\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3:64bit: - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU…\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files (x86)\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O4 - HKLM…\Run: [1343480.exe] C:\Windows\TEMP\1343480.exe () O4 - HKLM…\Run: [3155430.exe] C:\Windows\TEMP\3155430.exe () O4 - HKLM…\Run: [6212670.exe] C:\Windows\TEMP\6212670.exe () O4 - HKLM…\Run: [66259334-loader2.exe] C:\Windows\TEMP\66259334-loader2.exe () O4 - HKLM…\Run: [9979540.exe] C:\Users\Ania\AppData\Local\Temp\9979540.exe () O4 - HKLM…\Run: [l1rezerv.exe] C:\Windows\l1rezerv.exe () O4 - HKLM…\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe () O4 - HKLM…\Run: [systemup] C:\Windows\systemup.exe () O4 - HKLM…\Run: [tray_ico0] C:\Windows\update.tray-2-0\svchost.exe () O4 - HKLM…\Run: [wxpdrv] C:\Windows\services32.exe () O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O31 - SafeBoot: AlternateShell - services32.exe [2011-08-22 00:21:12 | 000,000,000 | —D | C] – C:\Windows\ufa [2011-08-22 00:21:12 | 000,000,000 | —D | C] – C:\Windows\rpcminer [2011-08-22 00:21:12 | 000,000,000 | —D | C] – C:\Windows\phoenix [2011-08-22 00:20:31 | 000,000,000 | -H-D | C] – C:\Windows\update.7.1 [2011-08-22 00:20:12 | 000,000,000 | -H-D | C] – C:\Windows\update.2 [2011-08-22 00:19:53 | 000,000,000 | -H-D | C] – C:\Windows\update.5.0 [2011-08-22 00:19:04 | 000,000,000 | —D | C] – C:\Windows\av_ico [2011-08-22 00:17:49 | 000,000,000 | -H-D | C] – C:\Windows\update.1 [2011-08-22 00:17:47 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-2-0-lnk [2011-08-22 00:17:47 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-2-0 [2011-08-22 09:29:44 | 000,000,734 | ---- | M] () – C:\Windows\SysNative\drivers\etc\hîsts [2011-08-22 00:33:48 | 000,000,202 | ---- | M] () – C:\Windows\info1 [2011-08-22 00:33:47 | 000,139,776 | ---- | M] () – C:\Windows\systemup.exe [2011-08-22 00:21:46 | 000,232,960 | ---- | M] () – C:\Windows\l1rezerv.exe [2011-08-22 00:21:11 | 005,589,370 | ---- | M] () – C:\Windows\phoenix.rar [2011-08-22 00:21:11 | 001,075,284 | ---- | M] () – C:\Windows\rpcminer.rar [2011-08-22 00:21:11 | 000,246,272 | ---- | M] () – C:\Windows\unrar.exe [2011-08-22 00:21:11 | 000,182,617 | ---- | M] () – C:\Windows\ufa.rar [2011-08-22 00:20:28 | 000,904,792 | ---- | M] () – C:\Windows\geoiplist.rar [2011-08-22 00:19:56 | 000,000,000 | ---- | M] () – C:\Windows\loader2.exe_ok [2011-08-22 00:19:25 | 000,258,048 | ---- | M] () – C:\Windows\sysdriver32_.exe [2011-08-22 00:19:25 | 000,258,048 | ---- | M] () – C:\Windows\sysdriver32.exe [2011-08-21 20:48:49 | 001,213,440 | ---- | M] () – C:\Windows\services32.exe [2011-08-22 00:33:55 | 000,139,776 | ---- | C] () – C:\Windows\systemup.exe [2011-08-22 00:21:50 | 000,232,960 | ---- | C] () – C:\Windows\l1rezerv.exe [2011-08-22 00:21:11 | 005,589,370 | ---- | C] () – C:\Windows\phoenix.rar [2011-08-22 00:21:11 | 001,075,284 | ---- | C] () – C:\Windows\rpcminer.rar [2011-08-22 00:21:11 | 000,182,617 | ---- | C] () – C:\Windows\ufa.rar [2011-08-22 00:20:30 | 004,636,907 | ---- | C] () – C:\Windows\geoiplist [2011-08-22 00:20:29 | 000,246,272 | ---- | C] () – C:\Windows\unrar.exe [2011-08-22 00:20:28 | 000,904,792 | ---- | C] () – C:\Windows\geoiplist.rar [2011-08-22 00:19:53 | 000,000,202 | ---- | C] () – C:\Windows\info1 [2011-08-22 00:19:43 | 000,000,000 | ---- | C] () – C:\Windows\loader2.exe_ok [2011-08-22 00:19:39 | 000,258,048 | ---- | C] () – C:\Windows\sysdriver32_.exe [2011-08-22 00:19:25 | 000,258,048 | ---- | C] () – C:\Windows\sysdriver32.exe [2011-08-21 20:49:34 | 001,213,440 | ---- | C] () – C:\Windows\services32.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]