Spy Emergency keeps telling me dds.scr is Trojan Win32Malware (3 of Virus Total scanners : it is at least suspicious file). Why ? I hope they are only false positives and I`ll not make situation worse...
....................................................................................

This is my DDS.txt

DDS (Ver_10-03-17.01) - NTFSX64
Run by Zuza at 23:17:42,64 on 2010-09-22
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.2046.717 [GMT 2:00]

AV: Spy Emergency *On-access scanning enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Dicter\DicterService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spy Emergency\SpyEmergencySrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Winstep\WsxService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spy Emergency\SpyEmergency.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
D:\ARCHIWUM\ARCHIWUM PROGRAMÓW\system UI - tunning (wygląd i dodatki)\CapsLockWarningv2.5 (bez instalacji)\CapsLockWarning.exe
C:\Users\Grace\AppData\Roaming\WordWeb\wweb32.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Spy Emergency\SpyEmergencyWow64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
mWinlogon: Userinit=userinit.exe
BHO: Disabled:{000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: Disabled:{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No File
BHO: Disabled:{2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No File
BHO: Disabled:{53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Disabled:{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Disabled:{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No File
BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Disabled:{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Disabled:{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No File
BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: Disabled:{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files (x86)\orbitdownloader\orbitcth.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files (x86)\techsmith\snagit 10\SnagitBHO.dll
BHO: FLockObj Class: {26c3165b-fc58-4910-802d-250b2e68a04e} - c:\program files (x86)\gilisoft\privacy protector\FileLockPlugin.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5627.1104\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No File
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files (x86)\orbitdownloader\GrabPro.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files (x86)\techsmith\snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Nexus]
uRun: [SpyEmergency] c:\program files\spy emergency\SPYEMERGENCY.EXE
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [PivotSoftware] "c:\program files (x86)\portrait displays\pivot software\wpctrl.exe"
mRun: [WinPatrol] c:\program files (x86)\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NetWorx] "c:\program files (x86)\networx\networx.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\capslo~1.lnk - d:\archiwum\archiwum programów\system ui - tunning (wygląd i dodatki)\capslockwarningv2.5 (bez instalacji)\CapsLockWarning.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\wweb32~1.lnk - c:\users\grace\appdata\roaming\wordweb\wweb32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search
IE: Do&wnload selected by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/202
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: Wyślij &do programu OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files (x86)\winhttrack\WinHTTrackIEBar.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {00304450-07C2-459E-BD09-75E2AD790D4F} = 213.158.199.1 213.158.199.5
TCP: {19A54CD1-565B-4BAB-B572-51D69F847D7D} = 213.158.199.1 213.158.199.5
TCP: {9BFA33C5-A69A-4C30-A5B6-FDE483206CF8} = 213.158.199.1 213.158.199.5
TCP: {B39524DD-69A3-45B1-A739-514B8A378C2E} = 213.158.199.1 213.158.199.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
{00C6482D-C502-44C8-8409-FCE54AD9C208}
{26C3165B-FC58-4910-802D-250B2E68A04E}
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{FF6C3CF0-4B15-11D1-ABED-709549C10000}
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
TB-X64: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
mRun-x64: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files (x86)\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\rayv\rayv\plugins\nprayvplugin.dll
FF - plugin: c:\users\zuza\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FLGuard;FLGuard;c:\windows\system32\drivers\FLGuard.sys [2010-7-17 49176]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-6-8 37392]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0402000.00c\symds64.sys [2010-9-4 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0402000.00c\symefa64.sys [2010-9-4 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx64.sys [2010-9-1 954928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0402000.00c\cchpx64.sys [2010-9-4 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100920.001\IDSviA64.sys [2010-9-21 463408]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-7-16 53312]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2010-8-14 15416]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0402000.00c\ironx64.sys [2010-9-4 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0402000.00c\symtdiv.sys [2010-9-4 451120]
R2 DicterUpdateService;Dicter Service;c:\program files (x86)\dicter\DicterService.exe [2010-8-28 468992]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~2\gfi\gfibac~1\GFIHInst.exe [2010-8-16 858480]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~2\gfi\gfibac~1\GFIHSC~1.EXE [2010-8-16 2324848]
R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-9-4 126392]
R2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe [2010-6-5 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-19 1153368]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\spy emergency\SpyEmergencySrv.exe [2010-8-14 2889856]
R2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\winstep\wsxservice --> c:\program files (x86)\winstep\WsxService [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-4 132656]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-7-7 243200]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-8-10 130696]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 17464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-6-5 236544]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2010-8-14 16952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-5 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-2 16776]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-2 9096]
S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2010-8-14 22584]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-7 1255736]

=============== Created Last 30 ================

2010-09-22 12:58:16 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat
2010-09-22 12:45:22 65536 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TM.blf
2010-09-22 12:45:22 524288 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TMContainer00000000000000000002.regtrans-ms
2010-09-22 12:45:22 524288 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TMContainer00000000000000000001.regtrans-ms
2010-09-22 06:40:24 892928 ----a-w- c:\windows\syswow64\iconv.dll
2010-09-22 06:40:24 577536 ----a-w- c:\windows\syswow64\ac3filter.ax
2010-09-21 05:17:09 0 d-----w- c:\program files (x86)\SolidDocuments
2010-09-19 20:12:26 0 d-----w- c:\program files (x86)\Fantastic Flame Screensaver
2010-09-19 20:10:49 0 d-----w- c:\programdata\Laconic Software
2010-09-19 08:01:41 524288 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TMContainer00000000000000000002.regtrans-ms
2010-09-19 08:01:41 524288 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TMContainer00000000000000000001.regtrans-ms
2010-09-19 08:01:40 65536 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TM.blf
2010-09-19 04:38:02 69632 ----a-w- C:\nporbit.dll
2010-09-18 04:04:48 0 d-----w- c:\users\zuza\appdata\roaming\uTorrent
2010-09-18 04:04:48 0 d-----w- c:\program files (x86)\uTorrent
2010-09-17 13:19:21 993 ----a-w- c:\users\zuza\.rainlendar2 — 7z.lnk
2010-09-16 15:06:41 524288 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TMContainer00000000000000000002.regtrans-ms
2010-09-16 15:06:41 524288 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TMContainer00000000000000000001.regtrans-ms
2010-09-16 15:06:40 65536 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TM.blf
2010-09-16 10:32:29 0 d-----w- c:\program files (x86)\Tabbles
2010-09-16 04:06:33 0 d-----w- C:\downloads
2010-09-15 20:41:44 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 19:57:02 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:29:06 4254224 ----a-w- c:\windows\syswow64\qtp-mt334.dll
2010-09-12 06:01:11 0 d-----w- c:\users\zuza\appdata\roaming\Dropbox
2010-09-12 02:19:13 0 d-----w- c:\program files (x86)\Scanned Text Editor 1
2010-09-10 13:00:36 90112 ----a-w- c:\windows\unvise32.exe
2010-09-10 12:58:37 0 d-----w- c:\program files (x86)\The Logo Creator v5
2010-09-10 11:04:22 0 d-----w- c:\programdata\Wondershare
2010-09-10 11:02:49 0 d-----w- c:\program files (x86)\Wondershare
2010-09-10 08:05:58 0 d-----w- c:\programdata\restore
2010-09-10 04:05:47 524288 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TMContainer00000000000000000002.regtrans-ms
2010-09-10 04:05:46 65536 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TM.blf
2010-09-10 04:05:46 524288 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TMContainer00000000000000000001.regtrans-ms
2010-09-09 05:42:40 0 d-----w- c:\program files (x86)\Ncesoft
2010-09-09 02:52:23 0 d-----w- c:\program files (x86)\Flip Book Maker
2010-09-08 23:05:51 0 d-----w- c:\program files\LopeSoft
2010-09-08 11:46:12 65536 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TM.blf
2010-09-08 11:46:12 524288 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TMContainer00000000000000000002.regtrans-ms
2010-09-08 11:46:12 524288 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TMContainer00000000000000000001.regtrans-ms
2010-09-07 18:56:59 0 d-----w- c:\program files (x86)\VirusTotalUploader2
2010-09-07 12:23:06 0 d-----w- c:\programdata\McAfee
2010-09-06 06:12:16 0 d-----w- c:\users\zuza\appdata\roaming\SolidDocuments
2010-09-06 06:11:33 0 d-----w- c:\programdata\SolidDocuments
2010-09-05 23:24:59 0 d-----w- c:\programdata\TechSmith
2010-09-05 17:36:39 0 d-----w- C:\ProgramDataTechSmith
2010-09-05 09:29:04 0 d-----w- c:\program files (x86)\SnagIt 7
2010-09-05 09:24:49 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-09-04 10:11:39 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-04 10:11:39 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2010-09-04 10:11:39 107368 ----a-r- c:\windows\syswow64\GEARAspi.dll
2010-09-04 10:11:33 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-09-04 10:11:33 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-09-04 10:11:33 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-09-04 10:11:26 0 d-----w- c:\program files\Symantec
2010-09-04 10:11:26 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-04 10:10:21 0 d-----w- c:\windows\system32\drivers\N360x64
2010-09-04 10:10:17 0 d-----w- c:\program files (x86)\Norton 360
2010-09-04 10:09:42 0 d-----w- c:\program files (x86)\NortonInstaller
2010-09-04 08:54:17 106224 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-09-04 08:48:27 84936 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-09-04 08:48:20 57288 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2010-09-04 08:47:38 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-09-04 08:47:35 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2010-09-04 08:46:57 0 d-----w- c:\programdata\G DATA
2010-09-04 08:46:57 0 d-----w- c:\program files (x86)\G Data
2010-09-04 08:46:57 0 d-----w- c:\program files (x86)\common files\G DATA
2010-09-03 14:26:50 3259392 ----a-w- c:\windows\fanflame.scr
2010-09-03 11:26:24 50768 ----a-w- c:\windows\system32\drivers\uimx64.sys
2010-09-03 11:26:24 446544 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-09-03 11:26:22 566864 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
2010-09-02 12:03:21 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-09-02 12:03:21 86408 ----a-w- c:\windows\syswow64\setupempdrv03.exe
2010-09-02 12:03:21 8456 ----a-w- c:\windows\syswow64\EuGdiDrv.sys
2010-09-02 12:03:21 2209920 ----a-w- c:\windows\system32\BootMan.exe
2010-09-02 12:03:21 1774720 ----a-w- c:\windows\syswow64\BootMan.exe
2010-09-02 12:03:21 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2010-09-02 12:03:21 14848 ----a-w- c:\windows\syswow64\EuEpmGdi.dll
2010-09-02 12:03:21 14216 ----a-w- c:\windows\syswow64\epmntdrv.sys
2010-09-02 12:03:21 11264 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-09-02 12:03:21 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2010-09-01 08:49:40 0 d-----w- c:\programdata\ProcessLasso
2010-09-01 08:48:02 0 d-----w- c:\users\zuza\appdata\roaming\ProcessLasso
2010-09-01 08:47:59 0 d-----w- c:\program files\Process Lasso
2010-08-30 23:44:46 0 d-----w- c:\users\zuza\appdata\roaming\LogoMaker
2010-08-30 23:42:59 0 d-----w- c:\program files (x86)\Studio V5
2010-08-30 06:48:23 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-30 05:01:28 0 d-----w- c:\program files\common files\DESIGNER
2010-08-30 04:52:37 0 d-----w- c:\program files\Microsoft Analysis Services
2010-08-30 04:52:37 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-08-30 04:51:34 0 d-----w- c:\program files\Microsoft Office
2010-08-30 04:51:33 0 d-----w- c:\programdata\Microsoft Help
2010-08-30 02:13:30 23 --sha-w- c:\windows\system32\edacded0.dat
2010-08-30 02:13:30 23 ----a-w- c:\windows\system32\bcdadac7.xml
2010-08-30 02:13:21 0 d-----w- c:\program files (x86)\jv16 PowerTools 2009
2010-08-29 23:32:33 0 d-----w- c:\program files (x86)\PCHand
2010-08-28 21:39:25 0 d-----w- c:\program files (x86)\Dicter
2010-08-27 07:05:04 0 d-----w- c:\windows\pss
2010-08-26 16:27:35 0 d-----w- c:\users\zuza\appdata\roaming\Ashampoo
2010-08-26 16:25:09 0 d-----w- c:\programdata\ashampoo
2010-08-26 04:42:06 0 d-sh--w- C:\found.000
2010-08-26 00:56:53 2621440000 --sha-w- c:\windows\system32\MirSwap
2010-08-25 19:22:00 65536 --sha-w- c:\users\zuza\ntuser.dat{8d3e241f-b07a-11df-a6d6-001e101f859f}.TM.blf
2010-08-25 19:22:00 524288 --sha-w- c:\users\zuza\ntuser.dat{8d3e241f-b07a-11df-a6d6-001e101f859f}.TMContainer00000000000000000002.regtrans-ms
2010-08-25 19:22:00 524288 --sha-w- c:\users\zuza\ntuser.dat{8d3e241f-b07a-11df-a6d6-001e101f859f}.TMContainer00000000000000000001.regtrans-ms
2010-08-25 12:06:30 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 12:06:30 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-24 18:09:13 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-24 18:09:13 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-24 18:09:13 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-24 15:11:54 65536 ------w- c:\windows\system32\Ikeext.etl
2010-08-24 06:25:21 0 d-----w- c:\users\zuza\appdata\roaming\RayV
2010-08-24 06:25:11 0 d-----w- c:\program files (x86)\RayV
2010-08-24 02:16:14 0 d-----w- c:\users\zuza\appdata\roaming\JLC's Software
2010-08-24 02:15:49 0 d-----w- c:\program files (x86)\JLC's Software

==================== Find3M ====================

2010-09-22 14:41:36 15385 ----a-w- c:\windows\FileGuard.bin
2010-09-19 04:57:35 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-09-16 10:30:13 746852 ----a-w- c:\windows\system32\perfh015.dat
2010-09-16 10:30:13 159444 ----a-w- c:\windows\system32\perfc015.dat
2010-09-15 11:28:40 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-09-12 02:19:13 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-08-20 18:39:03 1715 ----a-w- c:\program files\chrome.exe — skrót.lnk
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-27 13:18:04 163696 ----a-w- c:\windows\GFIBckHUnwise.EXE
2010-07-17 03:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-07-14 17:55:28 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2009-07-14 17:55:28 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2009-07-14 17:55:28 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2009-07-14 17:55:28 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:18:55,82 ===============

hi vika6,


dds.scr is Trojan Win32Malware false positive.


Your log is a few days old, If you still need help post back.

Hi.
First : thanks for your reply. :thanks:
I want to admit, that I have exerienced not-specific problems for about 2 months now.
My situation was described here : http://forums.spybot.info/showthread.php?t=59547

Later, on the same day I first posted in your forum (Sept, 23th) - my Norton 360 detected a backdoor.bifrose in traymark.exe (a never used bookmark program, that I have stored on my computer ON DATA PARTITION (D:) for about a year). http://yfrog.com/jd89857988jx

Four hours later the same backdoor was detected in SYSTEM VOLUME INFORMATION (also on D drive???Why?). But the information in Norton`s File Insight (screenshot #3 http://http://yfrog.com/ht92400057jx) was a bit strange for me :
"on computer as of 2010-09-23 at 16:55:44" (please note - the previously detected backdoor was eliminated 2010-09-23 at 12:03:57).

It isn`t clear to me - was there one backdoor or more ??
How could it be found in SYSTEM volume information (on D: ?) since it was previously found on non-system drive.
Maybe it is all right, but I prefer to let you know all this. Just in case...

Next 2 days I scanned my whole computer with Norton (2x), Spybot S&D (can be launched only from renamed exe) and Malwarebytes. They all were finding the cookies only.

But all problems with performance, errors, strange behaviour and even Spybot persist !!


DDS (Ver_10-03-17.01) - NTFSX64
Run by Zuza at 10:09:54,87 on 2010-09-26
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.2046.806 [GMT 2:00]

AV: Spy Emergency *On-access scanning enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Dicter\DicterService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Spy Emergency\SpyEmergencySrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Winstep\WsxService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Winstep\Nexus-Ultimate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spy Emergency\SpyEmergency.exe
D:\ARCHIWUM\ARCHIWUM PROGRAMÓW\system UI - tunning (wygląd i dodatki)\CapsLockWarningv2.5 (bez instalacji)\CapsLockWarning.exe
C:\Users\Grace\AppData\Roaming\WordWeb\wweb32.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\PROGRAM FILES (X86)\DICTER\DICTER.EXE
C:\Windows\ehome\ehmsas.exe
C:\PROGRAM FILES (X86)\SCANSOFT\PAPERPORT\PPTD40NT.EXE
C:\Program Files (x86)\Gateway\EzTune\DTHtml.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spy Emergency\SpyEmergency.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
D:\ARCHIWUM\ARCHIWUM PROGRAMÓW\system UI - tunning (wygląd i dodatki)\CapsLockWarningv2.5 (bez instalacji)\CapsLockWarning.exe
C:\Users\Grace\AppData\Roaming\WordWeb\wweb32.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files\Spy Emergency\SpyEmergencyWow64.exe
C:\PROGRAM FILES (X86)\DICTER\DICTER.EXE
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
D:\ARCHIWUM\ARCHIWUM PROGRAMÓW\bezpieczeństwo i prywatność w internecie\specjalistyczne (ocena logów w internecie)\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
BHO: Disabled:{000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: Disabled:{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No File
BHO: Disabled:{2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No File
BHO: Disabled:{53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Disabled:{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Disabled:{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No File
BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Disabled:{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Disabled:{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No File
BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: Disabled:{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files (x86)\orbitdownloader\orbitcth.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files (x86)\techsmith\snagit 10\SnagitBHO.dll
BHO: FLockObj Class: {26c3165b-fc58-4910-802d-250b2e68a04e} - c:\program files (x86)\gilisoft\privacy protector\FileLockPlugin.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5627.1104\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No File
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files (x86)\orbitdownloader\GrabPro.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files (x86)\techsmith\snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Nexus]
uRun: [SpyEmergency] c:\program files\spy emergency\SPYEMERGENCY.EXE
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [PivotSoftware] "c:\program files (x86)\portrait displays\pivot software\wpctrl.exe"
mRun: [WinPatrol] c:\program files (x86)\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NetWorx] "c:\program files (x86)\networx\networx.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\capslo~1.lnk - d:\archiwum\archiwum programów\system ui - tunning (wygląd i dodatki)\capslockwarningv2.5 (bez instalacji)\CapsLockWarning.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\wweb32~1.lnk - c:\users\grace\appdata\roaming\wordweb\wweb32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search
IE: Do&wnload selected by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/202
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: Wyślij &do programu OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files (x86)\winhttrack\WinHTTrackIEBar.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {00304450-07C2-459E-BD09-75E2AD790D4F} = 213.158.199.1 213.158.199.5
TCP: {19A54CD1-565B-4BAB-B572-51D69F847D7D} = 213.158.199.1 213.158.199.5
TCP: {9BFA33C5-A69A-4C30-A5B6-FDE483206CF8} = 213.158.199.1 213.158.199.5
TCP: {B39524DD-69A3-45B1-A739-514B8A378C2E} = 213.158.199.1 213.158.199.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
{00C6482D-C502-44C8-8409-FCE54AD9C208}
{26C3165B-FC58-4910-802D-250B2E68A04E}
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{FF6C3CF0-4B15-11D1-ABED-709549C10000}
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
TB-X64: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
mRun-x64: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files (x86)\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\rayv\rayv\plugins\nprayvplugin.dll
FF - plugin: c:\users\zuza\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FLGuard;FLGuard;c:\windows\system32\drivers\FLGuard.sys [2010-7-17 49176]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-6-8 37392]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0403000.005\symds64.sys [2010-9-24 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0403000.005\symefa64.sys [2010-9-24 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx64.sys [2010-9-1 954928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0403000.005\cchpx64.sys [2010-9-24 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100924.001\IDSviA64.sys [2010-9-25 463408]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-7-16 53312]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2010-8-14 15416]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0403000.005\ironx64.sys [2010-9-24 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0403000.005\symtdiv.sys [2010-9-24 451120]
R2 DicterUpdateService;Dicter Service;c:\program files (x86)\dicter\DicterService.exe [2010-8-28 468992]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~2\gfi\gfibac~1\GFIHInst.exe [2010-8-16 858480]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~2\gfi\gfibac~1\GFIHSC~1.EXE [2010-8-16 2324848]
R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]
R2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe [2010-6-5 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-19 1153368]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\spy emergency\SpyEmergencySrv.exe [2010-8-14 2889856]
R2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\winstep\wsxservice --> c:\program files (x86)\winstep\WsxService [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-4 132656]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-7-7 243200]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-8-10 130696]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 17464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-6-5 236544]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2010-8-14 16952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-5 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-2 16776]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-2 9096]
S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2010-8-14 22584]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-7 1255736]

=============== Created Last 30 ================

2010-09-25 08:05:57 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-24 14:45:38 193 ----a-w- c:\windows\WORDPAD.INI
2010-09-24 01:40:04 0 d-----w- c:\program files (x86)\Panda Security
2010-09-22 22:13:40 212992 ------w- c:\windows\syswow64\UniBoxVB12.ocx
2010-09-22 22:13:40 139264 ------w- c:\windows\syswow64\uniflexsup.dll
2010-09-22 22:13:39 880640 ------w- c:\windows\syswow64\UniBox10.ocx
2010-09-22 22:13:39 53248 ------w- c:\windows\syswow64\ZLIB.DLL
2010-09-22 22:13:39 380928 ------w- c:\windows\syswow64\UniFlexGrid10.ocx
2010-09-22 22:13:39 364544 ------w- c:\windows\syswow64\UniGrid210.ocx
2010-09-22 22:13:39 1097728 begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting ------w- c:\windows\syswow64\UniBox210.ocx
2010-09-22 22:13:30 0 d-----w- c:\program files (x86)\AllWebMenus5
2010-09-22 22:13:29 0 d-----w- c:\programdata\InstallMate
2010-09-22 12:58:16 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat
2010-09-22 12:45:22 65536 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TM.blf
2010-09-22 12:45:22 524288 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TMContainer00000000000000000002.regtrans-ms
2010-09-22 12:45:22 524288 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TMContainer00000000000000000001.regtrans-ms
2010-09-22 06:40:24 892928 ----a-w- c:\windows\syswow64\iconv.dll
2010-09-22 06:40:24 577536 ----a-w- c:\windows\syswow64\ac3filter.ax
2010-09-21 05:17:09 0 d-----w- c:\program files (x86)\SolidDocuments
2010-09-19 20:12:26 0 d-----w- c:\program files (x86)\Fantastic Flame Screensaver
2010-09-19 20:10:49 0 d-----w- c:\programdata\Laconic Software
2010-09-19 08:01:41 524288 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TMContainer00000000000000000002.regtrans-ms
2010-09-19 08:01:41 524288 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TMContainer00000000000000000001.regtrans-ms
2010-09-19 08:01:40 65536 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TM.blf
2010-09-19 04:38:02 69632 ----a-w- C:\nporbit.dll
2010-09-18 04:04:48 0 d-----w- c:\users\zuza\appdata\roaming\uTorrent
2010-09-17 13:19:21 993 ----a-w- c:\users\zuza\.rainlendar2 — 7z.lnk
2010-09-16 15:06:41 524288 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TMContainer00000000000000000002.regtrans-ms
2010-09-16 15:06:41 524288 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TMContainer00000000000000000001.regtrans-ms
2010-09-16 15:06:40 65536 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TM.blf
2010-09-16 10:32:29 0 d-----w- c:\program files (x86)\Tabbles
2010-09-16 04:06:33 0 d-----w- C:\downloads
2010-09-15 20:41:44 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 19:57:02 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:29:06 4254224 ----a-w- c:\windows\syswow64\qtp-mt334.dll
2010-09-12 06:01:11 0 d-----w- c:\users\zuza\appdata\roaming\Dropbox
2010-09-12 02:19:13 0 d-----w- c:\program files (x86)\Scanned Text Editor 1
2010-09-10 13:00:36 90112 ----a-w- c:\windows\unvise32.exe
2010-09-10 12:58:37 0 d-----w- c:\program files (x86)\The Logo Creator v5
2010-09-10 11:04:22 0 d-----w- c:\programdata\Wondershare
2010-09-10 11:02:49 0 d-----w- c:\program files (x86)\Wondershare
2010-09-10 08:05:58 0 d-----w- c:\programdata\restore
2010-09-10 04:05:47 524288 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TMContainer00000000000000000002.regtrans-ms
2010-09-10 04:05:46 65536 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TM.blf
2010-09-10 04:05:46 524288 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TMContainer00000000000000000001.regtrans-ms
2010-09-09 05:42:40 0 d-----w- c:\program files (x86)\Ncesoft
2010-09-09 02:52:23 0 d-----w- c:\program files (x86)\Flip Book Maker
2010-09-08 23:05:51 0 d-----w- c:\program files\LopeSoft
2010-09-08 11:46:12 65536 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TM.blf
2010-09-08 11:46:12 524288 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TMContainer00000000000000000002.regtrans-ms
2010-09-08 11:46:12 524288 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TMContainer00000000000000000001.regtrans-ms
2010-09-07 18:56:59 0 d-----w- c:\program files (x86)\VirusTotalUploader2
2010-09-07 12:23:06 0 d-----w- c:\programdata\McAfee
2010-09-06 06:12:16 0 d-----w- c:\users\zuza\appdata\roaming\SolidDocuments
2010-09-06 06:11:33 0 d-----w- c:\programdata\SolidDocuments
2010-09-05 23:24:59 0 d-----w- c:\programdata\TechSmith
2010-09-05 17:36:39 0 d-----w- C:\ProgramDataTechSmith
2010-09-05 09:29:04 0 d-----w- c:\program files (x86)\SnagIt 7
2010-09-05 09:24:49 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-09-04 10:11:39 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-04 10:11:39 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2010-09-04 10:11:39 107368 ----a-r- c:\windows\syswow64\GEARAspi.dll
2010-09-04 10:11:33 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-09-04 10:11:33 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-09-04 10:11:33 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-09-04 10:11:26 0 d-----w- c:\program files\Symantec
2010-09-04 10:11:26 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-04 10:10:21 0 d-----w- c:\windows\system32\drivers\N360x64
2010-09-04 10:10:17 0 d-----w- c:\program files (x86)\Norton 360
2010-09-04 10:09:42 0 d-----w- c:\program files (x86)\NortonInstaller
2010-09-04 08:54:17 106224 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-09-04 08:48:27 84936 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-09-04 08:48:20 57288 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2010-09-04 08:47:38 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-09-04 08:47:35 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2010-09-04 08:46:57 0 d-----w- c:\programdata\G DATA
2010-09-04 08:46:57 0 d-----w- c:\program files (x86)\G Data
2010-09-04 08:46:57 0 d-----w- c:\program files (x86)\common files\G DATA
2010-09-03 14:26:50 3259392 ----a-w- c:\windows\fanflame.scr
2010-09-03 11:26:24 50768 ----a-w- c:\windows\system32\drivers\uimx64.sys
2010-09-03 11:26:24 446544 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-09-03 11:26:22 566864 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
2010-09-02 12:03:21 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-09-02 12:03:21 86408 ----a-w- c:\windows\syswow64\setupempdrv03.exe
2010-09-02 12:03:21 8456 ----a-w- c:\windows\syswow64\EuGdiDrv.sys
2010-09-02 12:03:21 2209920 ----a-w- c:\windows\system32\BootMan.exe
2010-09-02 12:03:21 1774720 ----a-w- c:\windows\syswow64\BootMan.exe
2010-09-02 12:03:21 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2010-09-02 12:03:21 14848 ----a-w- c:\windows\syswow64\EuEpmGdi.dll
2010-09-02 12:03:21 14216 ----a-w- c:\windows\syswow64\epmntdrv.sys
2010-09-02 12:03:21 11264 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-09-02 12:03:21 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2010-09-01 08:49:40 0 d-----w- c:\programdata\ProcessLasso
2010-09-01 08:48:02 0 d-----w- c:\users\zuza\appdata\roaming\ProcessLasso
2010-09-01 08:47:59 0 d-----w- c:\program files\Process Lasso
2010-08-30 23:44:46 0 d-----w- c:\users\zuza\appdata\roaming\LogoMaker
2010-08-30 23:42:59 0 d-----w- c:\program files (x86)\Studio V5
2010-08-30 06:48:23 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-30 05:01:28 0 d-----w- c:\program files\common files\DESIGNER
2010-08-30 04:52:37 0 d-----w- c:\program files\Microsoft Analysis Services
2010-08-30 04:52:37 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-08-30 04:51:34 0 d-----w- c:\program files\Microsoft Office
2010-08-30 04:51:33 0 d-----w- c:\programdata\Microsoft Help
2010-08-30 02:13:30 23 --sha-w- c:\windows\system32\edacded0.dat
2010-08-30 02:13:30 23 ----a-w- c:\windows\system32\bcdadac7.xml
2010-08-30 02:13:21 0 d-----w- c:\program files (x86)\jv16 PowerTools 2009
2010-08-29 23:32:33 0 d-----w- c:\program files (x86)\PCHand
2010-08-28 21:39:25 0 d-----w- c:\program files (x86)\Dicter

==================== Find3M ====================

2010-09-26 08:09:38 15385 ----a-w- c:\windows\FileGuard.bin
2010-09-24 02:07:28 746852 ----a-w- c:\windows\system32\perfh015.dat
2010-09-24 02:07:28 159444 ----a-w- c:\windows\system32\perfc015.dat
2010-09-19 04:57:35 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-09-15 11:28:40 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-09-12 02:19:13 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-08-20 18:39:03 1715 ----a-w- c:\program files\chrome.exe — skrót.lnk
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-27 13:18:04 163696 ----a-w- c:\windows\GFIBckHUnwise.EXE
2010-07-17 03:00:12 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-17 03:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-07-14 17:55:28 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2009-07-14 17:55:28 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2009-07-14 17:55:28 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2009-07-14 17:55:28 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:11:14,36 ===============

What a pity I can`t edit my previous post !
THE THIRD LINK THERE HAS AN ERROR (2 x http:) AND LEADS ACTUALLY TO A SITE WITH BAD WOT REPUTATION !!
HERE IS THE PROPER VERSION : http://yfrog.com/ht92400057jx

I want to show you 2 popups from WinPatrol. http://yfrog.com/3t46215188jx ( http://yfrog.com/3t46215188jx)
They came up yesterday in strange manner - when there wasn`t any reason for that (I was busy with my e-mails).
Suddenly, I was informed that there were 2 new start up programs : Flash Player Installer/Uninstaller and WinLogon:Userinit.

Why FPInstaller (note - NOT Updater !) wants to start with Windows ? Adobe Flash Player has been installed and kept actual in my system for long, so whats going on ?

The second - Userinit. I could see such file name for the first time in my life!!!
Googled a little to learn this system file can be contaminated.
Better be careful! What happend that my system suddenly needed Userinit in autostart ? And why it wasn`t necessary before ?

Seemed fishy to me, so I told WinPatrol NOT TO AGREE for the changes. Was I right ?

Flash Player Installer "gave up"; but Userinit keeps nagging me to let the change. It`s very annoying so please advice what to do : should I let it stay in autostart or should this file be examined first?

Four hours later the same backdoor was detected in SYSTEM VOLUME INFORMATION This is Windows restore archive.

backdoor.bifrose in traymark.exe
If you still have the traymark.exe you could upload it to virustotal (http://www.virustotal.com/) for another opinion before jumping to conclusions.
I have never used Winpatrol and Iam not familiar with it at all. the best place to ask about the prompts would be Winpatrol support. Not agreeing to the changes wouldnt hurt until you get some clarification on the prompts.
If Norton,Spybot and Malwarebytes are coming up clean then thats a good sign.
What are the problems that persist. Not all computer problems are caused by malware.